From: Heinrich Schuchardt Date: Sun, 23 Aug 2020 08:59:17 +0000 (+0200) Subject: efi_loader: validate device path length in boot manager X-Git-Url: http://git.dujemihanovic.xyz/?a=commitdiff_plain;h=15d8f008dc577bbef6ad98494c28553558941420;p=u-boot.git efi_loader: validate device path length in boot manager Bootxxxx variables are provided by the user and therefore cannot be trusted. We have to validate them before usage. A device path provided by a Bootxxxx variable must have an end node within the indicated device path length. Signed-off-by: Heinrich Schuchardt --- diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c index 1e06e60963..61dc72a23d 100644 --- a/lib/efi_loader/efi_bootmgr.c +++ b/lib/efi_loader/efi_bootmgr.c @@ -105,10 +105,8 @@ efi_status_t efi_deserialize_load_option(struct efi_load_option *lo, u8 *data, if (*size < len) return EFI_INVALID_PARAMETER; lo->file_path = (struct efi_device_path *)data; - /* - * TODO: validate device path. There should be an end node within - * the indicated file_path_length. - */ + if (efi_dp_check_length(lo->file_path, len) < 0) + return EFI_INVALID_PARAMETER; data += len; *size -= len;