From patchwork Fri May  3 16:22:49 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Colin Ian King <colin.king@canonical.com>
X-Patchwork-Id: 241349
Return-Path: <fwts-devel-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id F41C72C00E0
	for <incoming@patchwork.ozlabs.org>;
	Sat,  4 May 2013 02:25:38 +1000 (EST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <fwts-devel-bounces@lists.ubuntu.com>)
	id 1UYIng-0001I9-QM; Fri, 03 May 2013 16:25:36 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <colin.king@canonical.com>) id 1UYIl2-00016p-Ah
	for fwts-devel@lists.ubuntu.com; Fri, 03 May 2013 16:22:52 +0000
Received: from 66-192-7-242.static.twtelecom.net ([66.192.7.242]
	helo=localhost) by youngberry.canonical.com with esmtpsa
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <colin.king@canonical.com>)
	id 1UYIl1-0000Cs-UY
	for fwts-devel@lists.ubuntu.com; Fri, 03 May 2013 16:22:52 +0000
From: Colin King <colin.king@canonical.com>
To: fwts-devel@lists.ubuntu.com
Subject: [PATCH] uefi: uefidump: don't recurse forever on zero lengths (LP:
	#1174947)
Date: Fri,  3 May 2013 09:22:49 -0700
Message-Id: <1367598169-10694-1-git-send-email-colin.king@canonical.com>
X-Mailer: git-send-email 1.8.1.2
X-BeenThere: fwts-devel@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Firmware Test Suite Development <fwts-devel.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/fwts-devel>,
	<mailto:fwts-devel-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/fwts-devel>
List-Post: <mailto:fwts-devel@lists.ubuntu.com>
List-Help: <mailto:fwts-devel-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/fwts-devel>,
	<mailto:fwts-devel-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: fwts-devel-bounces@lists.ubuntu.com
Sender: fwts-devel-bounces@lists.ubuntu.com

From: Colin Ian King <colin.king@canonical.com>

We need to ensure that broken UEFI variables with zero length structs don't cause us
to recurse infinitely.  So break out early and don't recurse so we run out of stack.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 src/uefi/uefidump/uefidump.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
index b115a62..31412c7 100644
--- a/src/uefi/uefidump/uefidump.c
+++ b/src/uefi/uefidump/uefidump.c
@@ -385,8 +385,10 @@ static char *uefidump_build_dev_path(char *path, fwts_uefi_dev_path *dev_path)
 	if (!((dev_path->type & 0x7f) == (FWTS_UEFI_END_DEV_PATH_TYPE) &&
 	      (dev_path->subtype == FWTS_UEFI_END_ENTIRE_DEV_PATH_SUBTYPE))) {
 		uint16_t len = dev_path->length[0] | (((uint16_t)dev_path->length[1])<<8);
-		dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
-		path = uefidump_build_dev_path(path, dev_path);
+		if (len > 0) {
+			dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
+			path = uefidump_build_dev_path(path, dev_path);
+		}
 	}
 
 	return path;