shim: ensure generate_hash() never operates on a negative (signed) number. - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Peter Jones <pjones@redhat.com>	2017-09-27 16:23:14 -0400
committer	Peter Jones <pmjones@gmail.com>	2018-03-12 16:21:43 -0400
commit	db2f5cf15d00d3a2ee672cb662cf64025d588e33 (patch)
tree	ea97eff52a17f9b342351afd55a4f0e456e78cea /lib/variables.c
parent	2fa2ec8c444114d4f408c2c74f6f8ea5229b0520 (diff)
download	efi-boot-shim-db2f5cf15d00d3a2ee672cb662cf64025d588e33.tar.gz efi-boot-shim-db2f5cf15d00d3a2ee672cb662cf64025d588e33.zip

shim: ensure generate_hash() never operates on a negative (signed) number.

Covscan noticed: 746static EFI_STATUS generate_hash (char *data, unsigned int datasize_in, 747 PE_COFF_LOADER_IMAGE_CONTEXT *context, 748 UINT8 *sha256hash, UINT8 *sha1hash) 749 750{ ... 764 CID 182849 (#1 of 1): Unsigned compared against 0 (NO_EFFECT)unsigned_compare: This less-than-zero comparison of an unsigned value is never true. datasize_in < 0U. 765 if (datasize_in < 0) { 766 perror(L"Invalid data size\n"); 767 return EFI_INVALID_PARAMETER; 768 } And I guess that's a fair point, but some of the callers take the size as a signed integer. So we should be handling that on all the input cases instead of getting that far. Signed-off-by: Peter Jones <pjones@redhat.com>

Diffstat (limited to 'lib/variables.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: