mok: fix potential buffer overrun in import_mok_state

Fix the case where data_size is 0, so config_template is not implicitly copied like the size calculation above. upstream-status: https://github.com/rhboot/shim/issues/249 Signed-off-by: Jonathan Yong <jonathan.yong@intel.com>
author: Jonathan Yong <jonathan.yong@intel.com> 2021-04-16 09:59:03 +0800
committer: Peter Jones <pjones@redhat.com> 2021-07-20 10:08:54 -0400
commit: 7501b6bb449f6e4d13e700a65650f9308f54c8c1 (patch)
tree: 66eb3e9fc7e8e856fad6c787984b0e571458e58f /mok.c
parent: 34e3ef205c5d65139eacba8891fa773c03174679 (diff)
download: efi-boot-shim-7501b6bb449f6e4d13e700a65650f9308f54c8c1.tar.gz
efi-boot-shim-7501b6bb449f6e4d13e700a65650f9308f54c8c1.zip
1 files changed, 6 insertions, 4 deletions
diff --git a/mok.c b/mok.c
index beac0ff6..db18093d 100644
--- a/mok.c
+++ b/mok.c
@@ -1034,10 +1034,12 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
 
 		config_template.data_size = v->data_size;
 
-		CopyMem(p, &config_template, sizeof(config_template));
-		p += sizeof(config_template);
-		CopyMem(p, v->data, v->data_size);
-		p += v->data_size;
+		if (v->data && v->data_size) {
+			CopyMem(p, &config_template, sizeof(config_template));
+			p += sizeof(config_template);
+			CopyMem(p, v->data, v->data_size);
+			p += v->data_size;
+		}
 	}
 	if (p) {
 		ZeroMem(&config_template, sizeof(config_template));
author	Jonathan Yong <jonathan.yong@intel.com>	2021-04-16 09:59:03 +0800
committer	Peter Jones <pjones@redhat.com>	2021-07-20 10:08:54 -0400
commit	7501b6bb449f6e4d13e700a65650f9308f54c8c1 (patch)
tree	66eb3e9fc7e8e856fad6c787984b0e571458e58f /mok.c
parent	34e3ef205c5d65139eacba8891fa773c03174679 (diff)
download	efi-boot-shim-7501b6bb449f6e4d13e700a65650f9308f54c8c1.tar.gz efi-boot-shim-7501b6bb449f6e4d13e700a65650f9308f54c8c1.zip