efi_loader: Fix memory corruption on 32bit systems

It's pretty unlikely that anyone is going to be using EFI authentication
on a 32bit system.  However, if you did, the efi_prepare_aligned_image()
function would write 8 bytes of data to the &efi_size variable and it
can only hold 4 bytes so that corrupts memory.

Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 26df0da16c93dd97e7e58e9f1e142f93599235d0..97547571ce33e4622dc87d378962cadcd965772f 100644 (file)
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -592,6 +592,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
        struct efi_signature_store *db = NULL, *dbx = NULL;
        void *new_efi = NULL;
        u8 *auth, *wincerts_end;
+       u64 new_efi_size = efi_size;
        size_t auth_size;
        bool ret = false;
 
@@ -600,11 +601,11 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
        if (!efi_secure_boot_enabled())
                return true;
 
-       new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size);
+       new_efi = efi_prepare_aligned_image(efi, &new_efi_size);
        if (!new_efi)
                return false;
 
-       if (!efi_image_parse(new_efi, efi_size, &regs, &wincerts,
+       if (!efi_image_parse(new_efi, new_efi_size, &regs, &wincerts,
                             &wincerts_len)) {
                log_err("Parsing PE executable image failed\n");
                goto out;