[PATCH] efi_loader: Fix memory corruption on 32bit systems
Dan Carpenter
dan.carpenter at linaro.org
Wed Jul 26 09:22:41 CEST 2023
On Wed, Jul 26, 2023 at 10:11:04AM +0300, Ilias Apalodimas wrote:
> Hi Dan
>
> On Wed, 26 Jul 2023 at 09:55, Dan Carpenter <dan.carpenter at linaro.org> wrote:
> >
> > It's pretty unlikely that anyone is going to be using EFI authentication
> > on a 32bit system. However, if you did, the efi_prepare_aligned_image()
> > function would write 8 bytes of data to the &efi_size variable and it
> > can only hold 4 bytes so that corrupts memory.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>
> > ---
> > lib/efi_loader/efi_image_loader.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
> > index 26df0da16c93..3d5eef7dc3c2 100644
> > --- a/lib/efi_loader/efi_image_loader.c
> > +++ b/lib/efi_loader/efi_image_loader.c
> > @@ -592,6 +592,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> > struct efi_signature_store *db = NULL, *dbx = NULL;
> > void *new_efi = NULL;
> > u8 *auth, *wincerts_end;
> > + u64 size = efi_size;
> > size_t auth_size;
> > bool ret = false;
> >
> > @@ -600,11 +601,11 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> > if (!efi_secure_boot_enabled())
> > return true;
> >
> > - new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size);
>
> Can't we change the prototype to access a size_t instead?
Yep, you're right. That's a better fix. Will do.
regards,
dan carpenter
More information about the U-Boot
mailing list