[PATCH] efi_loader: check efi_get_variable_int return value
Masahisa Kojima
masahisa.kojima at linaro.org
Mon Jan 29 03:22:36 CET 2024
On Fri, 26 Jan 2024 at 21:58, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
> On 26.01.24 12:36, Masahisa Kojima wrote:
> > Hi Heinrich,
> >
> > On Fri, 26 Jan 2024 at 16:20, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
> >>
> >> On 1/22/24 08:26, Masahisa Kojima wrote:
> >>> efi_get_variable_int() may fail, the buffer should be
> >>> cleared before using it.
> >>>
> >>> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> >>> Addresses-Coverity-ID: 478333 ("Error handling issues")
> >>> ---
> >>> lib/efi_loader/efi_firmware.c | 8 ++++----
> >>> 1 file changed, 4 insertions(+), 4 deletions(-)
> >>>
> >>> diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
> >>> index 9fd13297a6..fb83fa8113 100644
> >>> --- a/lib/efi_loader/efi_firmware.c
> >>> +++ b/lib/efi_loader/efi_firmware.c
> >>> @@ -407,11 +407,11 @@ efi_status_t efi_firmware_set_fmp_state_var(struct fmp_state *state, u8 image_in
> >>> /*
> >>> * GetVariable may fail, EFI_NOT_FOUND is returned if FmpState
> >>> * variable has not been set yet.
> >>> - * Ignore the error here since the correct FmpState variable
> >>> - * is set later.
> >>> */
> >>> - efi_get_variable_int(varname, image_type_id, NULL, &size, var_state,
> >>> - NULL);
> >>> + ret = efi_get_variable_int(varname, image_type_id, NULL, &size,
> >>> + var_state, NULL);
> >>> + if (ret != EFI_SUCCESS)
> >>> + memset(var_state, 0, num_banks * sizeof(*var_state));
> >>
> >> Hello Masahisa,
> >>
> >> We allocate var_state with calloc(). So it is cleared before we call
> >> GetVariable(). Do we have an implementation of GetVariable() that would
> >> fill it with data before returning an error code?
> >
> > No, current GetVariable() implementations do not fill the buffer
> > when GetVariable() returns an error.
> > This is why my original implementation does not clear the buffer in
> > case of error.
> >
> > Anyway, I agree with your previous comment.
> > I think it is better to clear the buffer in case of error for safety,
> > because UEFI spec does not say GetVariable() will not fill the
> > buffer in case of error.
>
> In this case I guess malloc() is good enough. No need to use calloc().
OK, I will fix it.
Thanks,
Masahisa Kojima
>
> Best regards
>
> Heinrich
>
> >
> > Thanks,
> > Masahisa Kojima
> >
> >
> >>
> >> Best regards
> >>
> >> Heinrich
> >>
> >>>
> >>> /*
> >>> * Only the fw_version is set here.
> >>
>
More information about the U-Boot
mailing list