diff options
| author | Gary Ching-Pang Lin <glin@suse.com> | 2012-09-21 16:44:56 +0800 |
|---|---|---|
| committer | Gary Ching-Pang Lin <glin@suse.com> | 2012-09-21 16:44:56 +0800 |
| commit | 6919a3f7c77097c857f83fb980e6fd479348b1ea (patch) | |
| tree | 16695e46be5eda0425148f8469010526634c58c1 | |
| parent | 6306b495c50cca430bfe7a8dcc1fce117e58463d (diff) | |
| download | efi-boot-shim-6919a3f7c77097c857f83fb980e6fd479348b1ea.tar.gz efi-boot-shim-6919a3f7c77097c857f83fb980e6fd479348b1ea.zip | |
Make sure the variables are not broken
| -rw-r--r-- | MokManager.c | 5 | ||||
| -rw-r--r-- | shim.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/MokManager.c b/MokManager.c index 9025f6f1..97501f61 100644 --- a/MokManager.c +++ b/MokManager.c @@ -101,6 +101,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { int i; void *ptr; + if (DataSize < sizeof(UINT32)) + return NULL; + list = AllocatePool(sizeof(MokListNode) * num); if (!list) { @@ -478,7 +481,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) efi_status = get_variable(L"MokNew", shim_lock_guid, &attributes, &MokNewSize, &MokNew); - if (efi_status != EFI_SUCCESS) { + if (efi_status != EFI_SUCCESS || MokNewSize < sizeof(UINT32)) { goto error; } @@ -107,6 +107,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { int i, remain = DataSize; void *ptr; + if (DataSize < sizeof(UINT32)) + return NULL; + list = AllocatePool(sizeof(MokListNode) * num); if (!list) { @@ -601,7 +604,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, status = get_variable(L"MokList", shim_lock_guid, &attributes, &MokListDataSize, &MokListData); - if (status != EFI_SUCCESS) { + if (status != EFI_SUCCESS || MokListDataSize < sizeof(UINT32)) { status = EFI_ACCESS_DENIED; Print(L"Invalid signature\n"); goto done; |