diff mbox

[U-Boot,v3,2/7] efi_loader: Fix memory map size check to avoid out-of-bounds access

Message ID aeea463376c84449ae8568a974d71dc8@rwthex-w2-b.rwth-ad.de
State Superseded
Delegated to: Alexander Graf
Headers show

Commit Message

Stefan Brüns Oct. 1, 2016, 9:32 p.m. UTC 
Do not overwrite the specified size of the provided buffer without
having checked it is sufficient.

If the buffer is to small, memory_map_size is updated to indicate the
required size, and an error code is returned.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
---
 lib/efi_loader/efi_memory.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
diff mbox

Patch

diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
index ebe8e94..5d71fdf 100644
--- a/lib/efi_loader/efi_memory.c
+++ b/lib/efi_loader/efi_memory.c
@@ -342,16 +342,18 @@  efi_status_t efi_get_memory_map(unsigned long *memory_map_size,
 
 	map_size = map_entries * sizeof(struct efi_mem_desc);
 
-	*memory_map_size = map_size;
-
 	if (descriptor_size)
 		*descriptor_size = sizeof(struct efi_mem_desc);
 
 	if (descriptor_version)
 		*descriptor_version = EFI_MEMORY_DESCRIPTOR_VERSION;
 
-	if (*memory_map_size < map_size)
+	if (*memory_map_size < map_size) {
+		*memory_map_size = map_size;
 		return EFI_BUFFER_TOO_SMALL;
+	}
+
+	*memory_map_size = map_size;
 
 	/* Copy list into array */
 	if (memory_map) {