diff options
| author | Jan Setje-Eilers <jan.setjeeilers@oracle.com> | 2021-07-26 20:24:13 -0700 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2021-08-10 15:02:43 -0400 |
| commit | 1b30c2b9e5ee7d3e305a28a92805152d5cbfc9cb (patch) | |
| tree | b67f88873cd1cf30fbbae0705104ec8faa6ac8e0 /fallback.c | |
| parent | 4583db41ea58195956d4cdf97c43a195939f906b (diff) | |
| download | efi-boot-shim-1b30c2b9e5ee7d3e305a28a92805152d5cbfc9cb.tar.gz efi-boot-shim-1b30c2b9e5ee7d3e305a28a92805152d5cbfc9cb.zip | |
fallback: find_boot_option() needs to return the index for the boot entry in optnum
The CopyMem() calls in add_to_boot_list() expect that
find_boot_option() returned an index to the matching entry in the
BootOrder array. The previous code returned the numerical portion of
the boot entry label, which in some cases resulted in -1 *
sizeof(CHAR16) being passed to CopyMem() which would in turn corrupt
the running firmware resulting in an exception and a failure to boot
or reset.
Diffstat (limited to 'fallback.c')
| -rw-r--r-- | fallback.c | 13 |
1 files changed, 9 insertions, 4 deletions
@@ -462,10 +462,15 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, first_new_option_size = StrLen(arguments) * sizeof (CHAR16); } - *optnum = xtoi(varname + 4); - FreePool(candidate); - FreePool(data); - return EFI_SUCCESS; + /* find the index for the matching entry in BootOrder */ + UINT16 bootnum = xtoi(varname + 4); + for (*optnum = 0; *optnum < nbootorder; (*optnum)++) { + if (bootorder[*optnum] == bootnum) { + FreePool(candidate); + FreePool(data); + return EFI_SUCCESS; + } + } } FreePool(candidate); FreePool(data); |