efi_loader: validate device path length in boot manager

Bootxxxx variables are provided by the user and therefore cannot be
trusted. We have to validate them before usage.

A device path provided by a Bootxxxx variable must have an end node within
the indicated device path length.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c
index 1e06e60963926ea8ea272fd3344534ca4919261b..61dc72a23da87af7bbd3c157849119f975189bf6 100644 (file)
--- a/lib/efi_loader/efi_bootmgr.c
+++ b/lib/efi_loader/efi_bootmgr.c
@@ -105,10 +105,8 @@ efi_status_t efi_deserialize_load_option(struct efi_load_option *lo, u8 *data,
        if (*size < len)
                return EFI_INVALID_PARAMETER;
        lo->file_path = (struct efi_device_path *)data;
-        /*
-         * TODO: validate device path. There should be an end node within
-         * the indicated file_path_length.
-         */
+       if (efi_dp_check_length(lo->file_path, len) < 0)
+               return EFI_INVALID_PARAMETER;
        data += len;
        *size -= len;