Fix buffer overrun due DEFAULT_LOADER length miscalculation - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Javier Martinez Canillas <javierm@redhat.com>	2020-09-08 12:26:45 +0200
committer	Peter Jones <pjones@redhat.com>	2020-09-09 15:56:39 -0400
commit	74b05de7d19fa4f462b6e228a8a03f8ee242b673 (patch)
tree	8b7d51fa9ec753ddbfb31902173c2a830a3f3a85 /lib/variables.c
parent	63f7943dbe0583dd0bf89ee8fe8230d4b7373b91 (diff)
download	efi-boot-shim-74b05de7d19fa4f462b6e228a8a03f8ee242b673.tar.gz efi-boot-shim-74b05de7d19fa4f462b6e228a8a03f8ee242b673.zip

Fix buffer overrun due DEFAULT_LOADER length miscalculation

The DEFAULT_LOADER is a UCS-2 string and the StrLen() function returns the number of UCS-2 encoded characters in the string. But the allocated memory is in bytes, so only half of the needed memory to store it is allocated. This leads to a buffer overrun when the StrCpy() function attempts to copy the DEFAULT_LOADER to the allocated buffer. Fixes: 354bd9b1931 ("Actually check for errors from set_second_stage()") Reported-by: Stuart Hayes <stuart_hayes@dell.com> Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>

Diffstat (limited to 'lib/variables.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: