[U-Boot] [PATCH 1/1] efi_loader: avoid out of bound access in efi_get_variable()
Heinrich Schuchardt
xypron.glpk at gmx.de
Sun Sep 23 02:08:09 UTC 2018
In efi_get_variable() a string is longer than the allocated space which
results in overwriting the linked list of malloc().
The prefixes used for variables are 41 characters long, e.g.
efi_67029eb5-0af2-f6b1-da53-fcb566dd1ce6_
Change PREFIX_LEN to 41.
Fixes: faff21556748 ("efi_loader: remove limit on variable length")
Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
---
lib/efi_loader/efi_variable.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 495738884b..a1313fa215 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -44,7 +44,7 @@
* converted to utf16?
*/
-#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_"))
+#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_"))
static int hex(int ch)
{
--
2.19.0
More information about the U-Boot
mailing list