[U-Boot] [PATCH v2 1/3] efi_loader: device_path: check against file path length

[AKASHI Takahiro]

device_path strcuture has 2 bytes of "length" field, and so
file path length should not exceed this limit, 65535.

Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
---
 lib/efi_loader/efi_device_path.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c
index 86297bb7c116..9f772fc924fb 100644
--- a/lib/efi_loader/efi_device_path.c
+++ b/lib/efi_loader/efi_device_path.c
@@ -14,6 +14,7 @@
 #include <part.h>
 #include <sandboxblockdev.h>
 #include <asm-generic/unaligned.h>
+#include <linux/compat.h> /* U16_MAX */
 
 #ifdef CONFIG_SANDBOX
 const efi_guid_t efi_guid_host_dev = U_BOOT_HOST_DEV_GUID;
@@ -868,13 +869,16 @@ struct efi_device_path *efi_dp_from_file(struct blk_desc *desc, int part,
 {
 	struct efi_device_path_file_path *fp;
 	void *buf, *start;
-	unsigned dpsize = 0, fpsize;
+	size_t dpsize = 0, fpsize;
 
 	if (desc)
 		dpsize = dp_part_size(desc, part);
 
 	fpsize = sizeof(struct efi_device_path) +
 		 2 * (utf8_utf16_strlen(path) + 1);
+	if (fpsize > U16_MAX)
+		return NULL;
+
 	dpsize += fpsize;
 
 	start = buf = dp_alloc(dpsize + sizeof(END));
@@ -888,7 +892,7 @@ struct efi_device_path *efi_dp_from_file(struct blk_desc *desc, int part,
 	fp = buf;
 	fp->dp.type = DEVICE_PATH_TYPE_MEDIA_DEVICE;
 	fp->dp.sub_type = DEVICE_PATH_SUB_TYPE_FILE_PATH;
-	fp->dp.length = fpsize;
+	fp->dp.length = (u16)fpsize;
 	path_to_uefi(fp->str, path);
 	buf += fpsize;
 
@@ -1050,5 +1054,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr,
 	*file = efi_dp_from_file(((!is_net && device) ? desc : NULL),
 				 part, filename);
 
+	if (!file)
+		return EFI_INVALID_PARAMETER;
+
 	return EFI_SUCCESS;
 }
-- 
2.21.0