| Age | Commit message (Collapse) | Author |
|---|
|
"gcc -fanalyzer" thinks that in simple_dir_filter(), we can get "next"
to be a NULL pointer even when simple_dir_read_all() return success and
we're iterating the total number of entries it claimed it returned.
I don't think this is true, but to make it stop complaining I've added
tests to that pointer that'll make it stop if it gets to the end of the
list.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
If HandleProtocol or OpenVolume fails, the entries array will become
non-contiguous, i.e. will have NULL pointers between valid volume
names in the array. Because of that count_lines may return a lower
number of entries than expected. As a result one may not browse all
valid filesystems in the file explorer.
Add a second index variable that will increment only on successfully
created filesystem entries. As a result, count_lines should return
proper length and there won't be any lost partitions or accesses to
invalid entries.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
|
|
In case GetInfo of volume root fails, it is still possible
to form a volume name from the DevicePath. Do not skip given
SimpleFS volume handle and try to form a name from DevicePath.
That way we do not lose some filesystems from file browser.
This change already fixes the problem of a hanging platform
when trying to enroll a key from disk. However, there is still
a chance of having a non-contiguous array of entries, which
will be fixed in next commit.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
|
|
The loop retrieving the SimpleFS volume labels and names may
skip some volumes if either HandleProtocol or OpenVolume or
GetInfo fails. Those skipped volumes would have uninitialized
pointers to their names in the respective entries indices. This
would lead to accessing random memory in console_select, because
count_lines would not catch the holes with non-existing entries.
On affected platforms the result is a hang of the MokManager while
trying to enroll a key from disk. The issue has been triggered on
a TianoCore EDK2 UEFIPayload based firmware for x86 platforms with
additional filesystem drivers: ExFAT, NTFS, EXT2 and EXT4.
Use AllocateZeroPool to ensure entries array will be initialized
with NULL pointers. Handling the non-existing entries will be
added in subsequent commits.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
|
|
This just makes one less thing we have to make sure is the same between
the test harnesses and the runtime code.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This re-structures our includes so we can be sure everything is always
including all the system headers in a uniform, predictable way.
Temporarily it also adds a bunch of junk at all the places we use
variadic functions to specifically pick either the MS (cdecl) or ELF
ABIs.
I'm not 100% sure that's all correct (see later patch) but it's enough
to allow this to build.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
At the time, this was explicitly contributed under the Tiano license,
even though the original code[0] is LGPLv2.1.
[0]: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream: pr#212
|
|
This is a preparation commit for removing the setup_console(1) calls from
MokManager and shim so that we don't force the EFI console to switch to
text-mode.
This commit replaces all direct calls to Print / PrintAt with calls to
the new helpers (no functional changes) so that we can delay calling
setup_console(1) till the first Print call in a follow-up patch.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
I'm pretty done with typing uefi_call_wrapper() and counting arguments
every time. Instead, just make the compiler error if we don't have
ms_abi. Also, make it so nothing can use uefi_call_wrapper() directly.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Also consistently name our status variable "efi_status" unless there's a
good reason not to, such as already having another one of those.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
clang-analyzer correctly believes this:
465 int i;
466
467 i = StrLen(name) - 1;
^ Value stored to 'i' is never read
468
469 for (i = StrLen(name); i > 0; --i) {
470 if (name[i] == '\\')
471 break;
472 }
And it's right; that's completely dead code.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Because they don't believe code should be defensive against future
changes, covscan believes:
520 out_free:
521 FreePool(dmp);
CID 182824 (#1 of 1): Dereference before null check
(REVERSE_INULL)check_after_deref: Null-checking entries suggests that
it may be null, but it has already been dereferenced on all paths
leading to the check.
522 if (entries) {
523 free_entries(entries, count);
524 FreePool(entries);
525 }
526 out_free_name:
527 FreePool(name);
528}
Which is technically correct, but still kind of dumb. So this patch
combines the two error out paths into just being out_free, so that the
first path there is before entries is allocated. (It also initializes
dmp to NULL and checks that before freeing it.)
I also Lindent-ed that function.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Coverity scan noticed that entries is uninitialized when we pass its
location to another function.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
|
|
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.
|
