CVE-2023-40547 - avoid incorrectly trusting HTTP headers - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Peter Jones <pjones@redhat.com>	2023-08-02 14:19:31 -0400
committer	Peter Jones <pjones@redhat.com>	2023-12-05 13:20:00 -0500
commit	0226b56513b2b8bd5fd281bce77c40c9bf07c66d (patch)
tree	fd0d2cf4a1f69b9ce610479b3113889f4d0a82b7 /Cryptlib/Library
parent	e801b0d61fcf5e895b7f69986b5ed79cb6018ca1 (diff)
download	efi-boot-shim-0226b56513b2b8bd5fd281bce77c40c9bf07c66d.tar.gz efi-boot-shim-0226b56513b2b8bd5fd281bce77c40c9bf07c66d.zip

CVE-2023-40547 - avoid incorrectly trusting HTTP headers

When retrieving files via HTTP or related protocols, shim attempts to allocate a buffer to store the received data. Unfortunately, this means getting the size from an HTTP header, which can be manipulated to specify a size that's smaller than the received data. In this case, the code accidentally uses the header for the allocation but the protocol metadata to copy it from the rx buffer, resulting in an out-of-bounds write. This patch adds an additional check to test that the rx buffer is not larger than the allocation. Resolves: CVE-2023-40547 Reported-by: Bill Demirkapi, Microsoft Security Response Center Signed-off-by: Peter Jones <pjones@redhat.com>

Diffstat (limited to 'Cryptlib/Library')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: