regression: out of bounds read in CopyMem() in ad8692e - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Jan Setje-Eilers <jan.setjeeilers@oracle.com>	2025-02-18 16:11:09 -0800
committer	Peter Jones <pjones@redhat.com>	2025-02-19 15:01:04 -0500
commit	1294b47a00185de282ac127e48039178b70ae4f4 (patch)
tree	4cf0b37f4d3407f3cd4796e97f9c17a3aca8d560 /Cryptlib/OpenSSL/crypto/objects/obj_lib.c
parent	7cde2cc52f19f733de7855419d1c43a13a8d6c5f (diff)
download	efi-boot-shim-1294b47a00185de282ac127e48039178b70ae4f4.tar.gz efi-boot-shim-1294b47a00185de282ac127e48039178b70ae4f4.zip

regression: out of bounds read in CopyMem() in ad8692e

The CopyMem() introduced in "ad8692e avoid EFIv2 runtime services on Apple x86 machines" copies 100 CHAR16s no matter what. NX enabled firmware catches this and the boot breaks on those systems when the value is smaller than that and it's up against a page boundary with a page that's not mapped as readable. https://uefi.org/specs/UEFI/2.10/04_EFI_System_Table.html says that FirmwareVendor is a pointer to a NUL terminated string that identifies the vendor that produces the system firmware for the platform. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com>

Diffstat (limited to 'Cryptlib/OpenSSL/crypto/objects/obj_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: