[PATCH v2] efi_loader: Fix memory corruption on 32bit systems
Dan Carpenter
dan.carpenter at linaro.org
Thu Jul 27 09:11:37 CEST 2023
The issue is this line:
new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size);
The efi_size variable is type size_t and on a 32 bit system that's 32
bits. The u64 type is obviously 64 bits. So we write 8 bytes to a 4
byte buffer which corrupts memory.
Fix this by changing the type of efi_prepare_aligned_image() to a
size_t pointer.
Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>
---
v2: Change efi_prepare_aligned_image() instead of changing
efi_image_authenticate(). This is a cleaner way to fix the problem.
include/efi_loader.h | 2 +-
lib/efi_loader/efi_image_loader.c | 4 ++--
lib/efi_loader/efi_tcg2.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/efi_loader.h b/include/efi_loader.h
index b5fa0fe01ded..9c1a9ed16af6 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -1022,7 +1022,7 @@ bool efi_secure_boot_enabled(void);
bool efi_capsule_auth_enabled(void);
-void *efi_prepare_aligned_image(void *efi, u64 *efi_size);
+void *efi_prepare_aligned_image(void *efi, size_t *efi_size);
bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
WIN_CERTIFICATE **auth, size_t *auth_len);
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 26df0da16c93..64980008403b 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -313,7 +313,7 @@ static int cmp_pe_section(const void *arg1, const void *arg2)
*
* Return: valid pointer to a image, return NULL if allocation fails.
*/
-void *efi_prepare_aligned_image(void *efi, u64 *efi_size)
+void *efi_prepare_aligned_image(void *efi, size_t *efi_size)
{
size_t new_efi_size;
void *new_efi;
@@ -600,7 +600,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
if (!efi_secure_boot_enabled())
return true;
- new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size);
+ new_efi = efi_prepare_aligned_image(efi, &efi_size);
if (!new_efi)
return false;
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 49f8a5e77cbf..d57afd0c498b 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -882,7 +882,7 @@ out:
*
* Return: status code
*/
-static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
+static efi_status_t tcg2_hash_pe_image(void *efi, size_t efi_size,
struct tpml_digest_values *digest_list)
{
WIN_CERTIFICATE *wincerts = NULL;
--
2.39.2
More information about the U-Boot
mailing list