Fix buffer overrun / damaged options passed to second_stage.

start is a UCS-2 character pointer and loader_len is a number of bytes. Adjust loader_len to count characters before adding to the start pointer.
author: John S. Gruber <JohnSGruber@gmail.com> 2017-04-24 14:44:59 -0400
committer: Peter Jones <pjones@redhat.com> 2017-04-27 10:58:33 -0400
commit: f4810191576cd4c766633442f6e7c5e2208c8f62 (patch)
tree: e146f46f738155249e64d881e36f81146cf15005
parent: 5c3bf329088f62094ddfd24e3b1c15a312102ce8 (diff)
download: efi-boot-shim-f4810191576cd4c766633442f6e7c5e2208c8f62.tar.gz
efi-boot-shim-f4810191576cd4c766633442f6e7c5e2208c8f62.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index 9de177f7..f8a1e675 100644
--- a/shim.c
+++ b/shim.c
@@ -2531,7 +2531,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
 		loader_str[loader_len/2-1] = L'\0';
 
 		second_stage = loader_str;
-		load_options = remaining_size ? start + loader_len : NULL;
+		load_options = remaining_size ? start + (loader_len/2) : NULL;
 		load_options_size = remaining_size;
 	}
author	John S. Gruber <JohnSGruber@gmail.com>	2017-04-24 14:44:59 -0400
committer	Peter Jones <pjones@redhat.com>	2017-04-27 10:58:33 -0400
commit	f4810191576cd4c766633442f6e7c5e2208c8f62 (patch)
tree	e146f46f738155249e64d881e36f81146cf15005
parent	5c3bf329088f62094ddfd24e3b1c15a312102ce8 (diff)
download	efi-boot-shim-f4810191576cd4c766633442f6e7c5e2208c8f62.tar.gz efi-boot-shim-f4810191576cd4c766633442f6e7c5e2208c8f62.zip