<feed xmlns='http://www.w3.org/2005/Atom'>
<title>efi-boot-shim.git/httpboot.c, branch rolling</title>
<subtitle> (mirror of https://github.com/vyos/efi-boot-shim.git)
</subtitle>
<id>https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/'/>
<updated>2025-02-26T14:38:43+00:00</updated>
<entry>
<title>reject message with different values in multiple Content-Length header field</title>
<updated>2025-02-26T14:38:43+00:00</updated>
<author>
<name>Dennis Tseng</name>
<email>dennis.tseng@suse.com</email>
</author>
<published>2024-02-12T14:15:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=1958b0f3014f7473f72604865ef1cd14c62cc9ef'/>
<id>urn:sha1:1958b0f3014f7473f72604865ef1cd14c62cc9ef</id>
<content type='text'>
If multiple headers occur, usually the last header would have authority;
however the section 3.3.3 of RFC 7230 states that:

If a message is received without Transfer-Encoding and with
either multiple Content-Length header fields having differing
field-values or ..., then the message framing is invalid and the
recipient MUST treat it as an unrecoverable error.

For example:
If there are 2 headers, for example, "Content-Length: 42" and "Content-Length: 52",
then current shim httpboot.c will accept the last one which is "Content-Length": 52".
This is not correct.

This patch allows multiple values if they are the same, but rejects message
if any different value is found. In function receive_http_response() of httpboot.c,
each received duplicate Content-Length field must be checked whether its value is
different. If it is, then this message is invalid.

Signed-off-by: Dennis Tseng &lt;dennis.tseng@suse.com&gt;
</content>
</entry>
<entry>
<title>httpboot: Convert HTTP status codes to EFI status codes</title>
<updated>2025-01-15T21:03:55+00:00</updated>
<author>
<name>Dan Nicholson</name>
<email>dbn@endlessos.org</email>
</author>
<published>2024-10-03T00:05:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=ef8e729515bba6c517736981d750423122c237d8'/>
<id>urn:sha1:ef8e729515bba6c517736981d750423122c237d8</id>
<content type='text'>
This allows the caller to make a more informed decision about how to
handle the error. In particular, by mapping HTTP errors to
EFI_INVALID_PARAMETER and EFI_NOT_FOUND, shim will try to fetch the
default second stage image like it does when loading images from disk.

Note that this also changes the default to return EFI_HTTP_ERROR instead
of EFI_ABORTED. This should not change any behavior as EFI_ABORTED
wasn't being handled before, but letting the caller decide what to do
with an unknown HTTP error is more appropriate.

Signed-off-by: Dan Nicholson &lt;dbn@endlessos.org&gt;
</content>
</entry>
<entry>
<title>netboot read_image() should not hardcode DEFAULT_LOADER</title>
<updated>2024-01-22T19:17:20+00:00</updated>
<author>
<name>Jan Setje-Eilers</name>
<email>jan.setjeeilers@oracle.com</email>
</author>
<published>2023-12-16T05:31:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=a23e2f0de7a61b6e895a915676eba3a1fda2cd78'/>
<id>urn:sha1:a23e2f0de7a61b6e895a915676eba3a1fda2cd78</id>
<content type='text'>
The netboot path up until now hardcodes DEFAULT_LOADER as
the only possible filename to load. This is pretty limiting
and needs to be fixed.

Signed-off-by: Jan Setje-Eilers &lt;Jan.SetjeEilers@oracle.com&gt;
</content>
</entry>
<entry>
<title>CVE-2023-40547 - avoid incorrectly trusting HTTP headers</title>
<updated>2023-12-05T18:20:00+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2023-08-02T18:19:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=0226b56513b2b8bd5fd281bce77c40c9bf07c66d'/>
<id>urn:sha1:0226b56513b2b8bd5fd281bce77c40c9bf07c66d</id>
<content type='text'>
When retrieving files via HTTP or related protocols, shim attempts to
allocate a buffer to store the received data.  Unfortunately, this means
getting the size from an HTTP header, which can be manipulated to
specify a size that's smaller than the received data.  In this case, the
code accidentally uses the header for the allocation but the protocol
metadata to copy it from the rx buffer, resulting in an out-of-bounds
write.

This patch adds an additional check to test that the rx buffer is not
larger than the allocation.

Resolves: CVE-2023-40547
Reported-by: Bill Demirkapi, Microsoft Security Response Center
Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>cleanup: always use BS and RT, not gBS and gRT</title>
<updated>2021-09-07T21:05:04+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2021-07-23T18:28:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=6ea93a28759d754778e483f86f95587a01c5fee8'/>
<id>urn:sha1:6ea93a28759d754778e483f86f95587a01c5fee8</id>
<content type='text'>
This just makes one less thing we have to make sure is the same between
the test harnesses and the runtime code.

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>Make CopyMem() work with EFI's declaration</title>
<updated>2021-09-07T21:05:04+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2021-08-04T17:24:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=e13ac7386ea425c9222e05a2f9879d5af5cb91f6'/>
<id>urn:sha1:e13ac7386ea425c9222e05a2f9879d5af5cb91f6</id>
<content type='text'>
EFI_BOOT_SERVICES includes CopyMem() and SetMem() functions which are
marked EFIAPI, and in the case of CopyMem() does not mark the source
argument as CONST.

This patch makes all our invocations work with that, so (once gnu-efi's
implementation is fixed to match) we can use the existing implementation
as the implementation in a mock EFI_BOOT_SERVICES.

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>httpboot: Ignore case when checking HTTP headers</title>
<updated>2021-09-01T15:10:32+00:00</updated>
<author>
<name>Robbie Harwood</name>
<email>rharwood@redhat.com</email>
</author>
<published>2021-09-01T15:10:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=204f6bb5ba94061c8d0c60a6969fb263aadfce2d'/>
<id>urn:sha1:204f6bb5ba94061c8d0c60a6969fb263aadfce2d</id>
<content type='text'>
Some servers (HAProxy) yield Content-Length in lowercase, and shim would
fail to find it.

Signed-off-by: Robbie Harwood &lt;rharwood@redhat.com&gt;
</content>
</entry>
<entry>
<title>Consolidate most of our standard lib functions to lib</title>
<updated>2021-03-10T20:54:20+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2021-03-09T16:54:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=766aac4d5cfbe76026be5ce718b0883ee211f323'/>
<id>urn:sha1:766aac4d5cfbe76026be5ce718b0883ee211f323</id>
<content type='text'>
Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>Restructure our includes.</title>
<updated>2021-03-10T20:54:20+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2021-03-09T16:42:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=f033a1da9f4c3acf7e3dfef906d01e348b6fcf42'/>
<id>urn:sha1:f033a1da9f4c3acf7e3dfef906d01e348b6fcf42</id>
<content type='text'>
This re-structures our includes so we can be sure everything is always
including all the system headers in a uniform, predictable way.

Temporarily it also adds a bunch of junk at all the places we use
variadic functions to specifically pick either the MS (cdecl) or ELF
ABIs.

I'm not 100% sure that's all correct (see later patch) but it's enough
to allow this to build.

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>Fix all the places we need UNUSED on arguments.</title>
<updated>2021-02-25T15:15:14+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2021-02-22T22:25:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=587b608b89def24717632fd5b3e548f2cf52c675'/>
<id>urn:sha1:587b608b89def24717632fd5b3e548f2cf52c675</id>
<content type='text'>
Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
</feed>
