[PATCH] efi_loader: fix possible buffer overflow

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed Apr 14 07:43:23 CEST 2021


On Wed, Apr 14, 2021 at 11:55:49AM +0900, Masahisa Kojima wrote:
> Variable "final" will have SHA512 digest, but currently
> the array size is not sufficient. Let's fix it.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> ---
>  lib/efi_loader/efi_tcg2.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> index ed86a220fb..d5eca68769 100644
> --- a/lib/efi_loader/efi_tcg2.c
> +++ b/lib/efi_loader/efi_tcg2.c
> @@ -515,7 +515,7 @@ static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
>  	sha1_context ctx;
>  	sha256_context ctx_256;
>  	sha512_context ctx_512;
> -	u8 final[TPM2_ALG_SHA512];
> +	u8 final[TPM2_SHA512_DIGEST_SIZE];
>  	efi_status_t ret;
>  	u32 active;
>  	int i;
> -- 
> 2.17.1
> 

Thanks!

Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>


More information about the U-Boot mailing list