uefi: uefidump: don't recurse forever on zero lengths (LP: #1174947)

Submitted by Colin King on May 3, 2013, 4:22 p.m.

Details

Message ID 1367598169-10694-1-git-send-email-colin.king@canonical.com
State Rejected
Headers show

Commit Message

Colin King May 3, 2013, 4:22 p.m.
From: Colin Ian King <colin.king@canonical.com>

We need to ensure that broken UEFI variables with zero length structs don't cause us
to recurse infinitely.  So break out early and don't recurse so we run out of stack.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 src/uefi/uefidump/uefidump.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Colin King May 3, 2013, 4:30 p.m.
On 03/05/13 09:22, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> We need to ensure that broken UEFI variables with zero length structs don't cause us
> to recurse infinitely.  So break out early and don't recurse so we run out of stack.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>   src/uefi/uefidump/uefidump.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
> index b115a62..31412c7 100644
> --- a/src/uefi/uefidump/uefidump.c
> +++ b/src/uefi/uefidump/uefidump.c
> @@ -385,8 +385,10 @@ static char *uefidump_build_dev_path(char *path, fwts_uefi_dev_path *dev_path)
>   	if (!((dev_path->type & 0x7f) == (FWTS_UEFI_END_DEV_PATH_TYPE) &&
>   	      (dev_path->subtype == FWTS_UEFI_END_ENTIRE_DEV_PATH_SUBTYPE))) {
>   		uint16_t len = dev_path->length[0] | (((uint16_t)dev_path->length[1])<<8);
> -		dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
> -		path = uefidump_build_dev_path(path, dev_path);
> +		if (len > 0) {
> +			dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
> +			path = uefidump_build_dev_path(path, dev_path);
> +		}
>   	}
>
>   	return path;
>

Sorry, that was a duplicate send. Ignore the duplicate.

Colin

Patch hide | download patch | download mbox

diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
index b115a62..31412c7 100644
--- a/src/uefi/uefidump/uefidump.c
+++ b/src/uefi/uefidump/uefidump.c
@@ -385,8 +385,10 @@  static char *uefidump_build_dev_path(char *path, fwts_uefi_dev_path *dev_path)
 	if (!((dev_path->type & 0x7f) == (FWTS_UEFI_END_DEV_PATH_TYPE) &&
 	      (dev_path->subtype == FWTS_UEFI_END_ENTIRE_DEV_PATH_SUBTYPE))) {
 		uint16_t len = dev_path->length[0] | (((uint16_t)dev_path->length[1])<<8);
-		dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
-		path = uefidump_build_dev_path(path, dev_path);
+		if (len > 0) {
+			dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
+			path = uefidump_build_dev_path(path, dev_path);
+		}
 	}
 
 	return path;