Make sure the variables are not broken

author: Gary Ching-Pang Lin <glin@suse.com> 2012-09-21 16:44:56 +0800
committer: Gary Ching-Pang Lin <glin@suse.com> 2012-09-21 16:44:56 +0800
commit: 6919a3f7c77097c857f83fb980e6fd479348b1ea (patch)
tree: 16695e46be5eda0425148f8469010526634c58c1 /shim.c
parent: 6306b495c50cca430bfe7a8dcc1fce117e58463d (diff)
download: efi-boot-shim-6919a3f7c77097c857f83fb980e6fd479348b1ea.tar.gz
efi-boot-shim-6919a3f7c77097c857f83fb980e6fd479348b1ea.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index 73b2feb7..95c3e544 100644
--- a/shim.c
+++ b/shim.c
@@ -107,6 +107,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
 	int i, remain = DataSize;
 	void *ptr;
 
+	if (DataSize < sizeof(UINT32))
+		return NULL;
+
 	list = AllocatePool(sizeof(MokListNode) * num);
 
 	if (!list) {
@@ -601,7 +604,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	status = get_variable(L"MokList", shim_lock_guid, &attributes,
 			      &MokListDataSize, &MokListData);
 
-	if (status != EFI_SUCCESS) {
+	if (status != EFI_SUCCESS || MokListDataSize < sizeof(UINT32)) {
 		status = EFI_ACCESS_DENIED;
 		Print(L"Invalid signature\n");
 		goto done;
author	Gary Ching-Pang Lin <glin@suse.com>	2012-09-21 16:44:56 +0800
committer	Gary Ching-Pang Lin <glin@suse.com>	2012-09-21 16:44:56 +0800
commit	6919a3f7c77097c857f83fb980e6fd479348b1ea (patch)
tree	16695e46be5eda0425148f8469010526634c58c1 /shim.c
parent	6306b495c50cca430bfe7a8dcc1fce117e58463d (diff)
download	efi-boot-shim-6919a3f7c77097c857f83fb980e6fd479348b1ea.tar.gz efi-boot-shim-6919a3f7c77097c857f83fb980e6fd479348b1ea.zip