From 829445382c196301309b7f12630c1e04a4986eba Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 26 Jul 2023 09:54:52 +0300 Subject: [PATCH] efi_loader: Fix memory corruption on 32bit systems It's pretty unlikely that anyone is going to be using EFI authentication on a 32bit system. However, if you did, the efi_prepare_aligned_image() function would write 8 bytes of data to the &efi_size variable and it can only hold 4 bytes so that corrupts memory. Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement") Signed-off-by: Dan Carpenter Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_image_loader.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 26df0da16c..97547571ce 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -592,6 +592,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) struct efi_signature_store *db = NULL, *dbx = NULL; void *new_efi = NULL; u8 *auth, *wincerts_end; + u64 new_efi_size = efi_size; size_t auth_size; bool ret = false; @@ -600,11 +601,11 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) if (!efi_secure_boot_enabled()) return true; - new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size); + new_efi = efi_prepare_aligned_image(efi, &new_efi_size); if (!new_efi) return false; - if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts, + if (!efi_image_parse(new_efi, new_efi_size, ®s, &wincerts, &wincerts_len)) { log_err("Parsing PE executable image failed\n"); goto out; -- 2.39.5