From 7e5875a85689d762bde58a587a7d531667358ee4 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 19 Nov 2020 19:40:08 +0100 Subject: [PATCH] efi_loader: parameter check in GetNextVariableName() If GetNextVariableName() is called with a non-existing combination of VariableName and VendorGuid, return EFI_INVALID_PARAMETER. If GetNextVariableName() is called with a string that is not zero terminated, return EFI_INVALID_PARAMETER. Reformat a line over 80 characters. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_var_mem.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c index 1d2b44580f..d155f25f60 100644 --- a/lib/efi_loader/efi_var_mem.c +++ b/lib/efi_loader/efi_var_mem.c @@ -304,8 +304,8 @@ efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attribut } efi_status_t __efi_runtime -efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name, - efi_guid_t *vendor) +efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, + u16 *variable_name, efi_guid_t *vendor) { struct efi_var_entry *var; efi_uintn_t old_size; @@ -314,7 +314,12 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_na if (!variable_name_size || !variable_name || !vendor) return EFI_INVALID_PARAMETER; - efi_var_mem_find(vendor, variable_name, &var); + if (u16_strnlen(variable_name, *variable_name_size) == + *variable_name_size) + return EFI_INVALID_PARAMETER; + + if (!efi_var_mem_find(vendor, variable_name, &var) && *variable_name) + return EFI_INVALID_PARAMETER; if (!var) return EFI_NOT_FOUND; -- 2.39.5