From: Heinrich Schuchardt Date: Sun, 23 Sep 2018 02:08:09 +0000 (+0200) Subject: efi_loader: avoid out of bound access in efi_get_variable() X-Git-Url: http://git.dujemihanovic.xyz/img/sics.gif?a=commitdiff_plain;h=506dc52d5da1b6fea15da39904487c4b0218eaf2;p=u-boot.git efi_loader: avoid out of bound access in efi_get_variable() In efi_get_variable() a string is longer than the allocated space which results in overwriting the linked list of malloc(). The prefixes used for variables are 41 characters long, e.g. efi_67029eb5-0af2-f6b1-da53-fcb566dd1ce6_ Change PREFIX_LEN to 41. Fixes: faff21556748 ("efi_loader: remove limit on variable length") Signed-off-by: Heinrich Schuchardt Signed-off-by: Alexander Graf --- diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 495738884b..a1313fa215 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -44,7 +44,7 @@ * converted to utf16? */ -#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_")) +#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_")) static int hex(int ch) {