[PATCH 1/1] efi_loader: avoid buffer overrun in efi_var_mem_compare

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Mon Feb 13 19:25:58 CET 2023


We should not scan beyond the end of string name.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
 lib/efi_loader/efi_var_mem.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c
index e1058e3c6a..d6b65aed12 100644
--- a/lib/efi_loader/efi_var_mem.c
+++ b/lib/efi_loader/efi_var_mem.c
@@ -41,11 +41,13 @@ efi_var_mem_compare(struct efi_var_entry *var, const efi_guid_t *guid,
 	     i < sizeof(efi_guid_t) && match; ++i)
 		match = (guid1[i] == guid2[i]);
 
-	for (data = var->name, var_name = name;; ++data, ++var_name) {
+	for (data = var->name, var_name = name;; ++data) {
 		if (match)
 			match = (*data == *var_name);
 		if (!*data)
 			break;
+		if (*var_name)
+			++var_name;
 	}
 
 	++data;
-- 
2.38.1



More information about the U-Boot mailing list