diff options
| author | Chris Co <chrco@microsoft.com> | 2021-02-16 06:21:12 +0000 |
|---|---|---|
| committer | Javier Martinez Canillas <javier@dowhile0.org> | 2021-02-16 16:42:27 +0100 |
| commit | a18d80ff9842b413aa1bd8fa17e8c65b7bbb9336 (patch) | |
| tree | 8f94773924eccaa690df4b3319d7b8a9ac720ef5 /Cryptlib/OpenSSL/crypto/stack/stack.c | |
| parent | 038891bb83d9def727ac34067b036d6b798f97b3 (diff) | |
| download | efi-boot-shim-a18d80ff9842b413aa1bd8fa17e8c65b7bbb9336.tar.gz efi-boot-shim-a18d80ff9842b413aa1bd8fa17e8c65b7bbb9336.zip | |
sbat: add minor fixes to parse_sbat
Add parameter checking to parse_sbat().
Set end pointer to be sbat_base + sbat_size - 1. We directly
dereference the end pointer but this is technically outside of
our sbat_base buffer range.
Remove current and end while loops that account for extra CRLF
or LF characters before and after the .sbat section. We will
rely on automated tooling to verify the .sbat section is sane.
Remove the overwriting of *(end - 1) with '\0'. This behavior
causes a segfault in the unit test. parse_sbat_entry() expects
a very specific pattern "_,_,_,_,_,_\n" for every entry and uses
strchrnul() to process each individual field. When *(end - 1)='\0'
is present, it short-circuits the final \n and causes the final
get_sbat_field() to return NULL, thereby setting current = NULL.
Eventually parse_sbat attempts to access current in the do-while
condition and the segfault happens.
Signed-off-by: Chris Co <chrco@microsoft.com>
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/stack/stack.c')
0 files changed, 0 insertions, 0 deletions