From 21b3edfc9644f1cef3798f57f965aa44a78d9d22 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Mon, 2 Jul 2018 12:53:52 +0200
Subject: [PATCH] efi_loader: check parameters of CreateEvent

Rigorously check the TPL level and the event type.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 lib/efi_loader/efi_boottime.c | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
index 46c8ecd187..86cb9ba479 100644
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -190,6 +190,25 @@ static void efi_queue_event(struct efi_event *event, bool check_tpl)
 	event->is_queued = false;
 }
 
+/**
+ * is_valid_tpl() - check if the task priority level is valid
+ *
+ * @tpl:		TPL level to check
+ * ReturnValue:		status code
+ */
+efi_status_t is_valid_tpl(efi_uintn_t tpl)
+{
+	switch (tpl) {
+	case TPL_APPLICATION:
+	case TPL_CALLBACK:
+	case TPL_NOTIFY:
+	case TPL_HIGH_LEVEL:
+		return EFI_SUCCESS;
+	default:
+		return EFI_INVALID_PARAMETER;
+	}
+}
+
 /**
  * efi_signal_event() - signal an EFI event
  * @event:     event to signal
@@ -592,11 +611,21 @@ efi_status_t efi_create_event(uint32_t type, efi_uintn_t notify_tpl,
 	if (event == NULL)
 		return EFI_INVALID_PARAMETER;
 
-	if ((type & EVT_NOTIFY_SIGNAL) && (type & EVT_NOTIFY_WAIT))
+	switch (type) {
+	case 0:
+	case EVT_TIMER:
+	case EVT_NOTIFY_SIGNAL:
+	case EVT_TIMER | EVT_NOTIFY_SIGNAL:
+	case EVT_NOTIFY_WAIT:
+	case EVT_TIMER | EVT_NOTIFY_WAIT:
+	case EVT_SIGNAL_EXIT_BOOT_SERVICES:
+	case EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE:
+		break;
+	default:
 		return EFI_INVALID_PARAMETER;
+	}
 
-	if ((type & (EVT_NOTIFY_SIGNAL | EVT_NOTIFY_WAIT)) &&
-	    notify_function == NULL)
+	if (is_valid_tpl(notify_tpl) != EFI_SUCCESS)
 		return EFI_INVALID_PARAMETER;
 
 	evt = calloc(1, sizeof(struct efi_event));
-- 
2.39.5