From patchwork Fri May 15 10:35:31 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Colin Ian King X-Patchwork-Id: 472712 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id A56581409BB; Fri, 15 May 2015 20:37:35 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1YtCzj-0002mA-C8; Fri, 15 May 2015 10:37:31 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1YtCzf-0002m5-7L for fwts-devel@lists.ubuntu.com; Fri, 15 May 2015 10:37:27 +0000 Received: from [10.172.193.212] (helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1YtCzf-0002oB-2j for fwts-devel@lists.ubuntu.com; Fri, 15 May 2015 10:37:27 +0000 From: Colin King To: fwts-devel@lists.ubuntu.com Subject: [PATCH] uefi: uefirtvariable: fix incorrect buffer size being passed Date: Fri, 15 May 2015 11:35:31 +0100 Message-Id: <1431686131-12311-1-git-send-email-colin.king@canonical.com> X-Mailer: git-send-email 2.1.4 X-BeenThere: fwts-devel@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Firmware Test Suite Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: fwts-devel-bounces@lists.ubuntu.com Sender: fwts-devel-bounces@lists.ubuntu.com From: Colin Ian King The existing code passes the size of name, which turns out to be a 4 or 8 depending on a 32 or 64 bit machine because name is a pointer and not a buffer. Fix this by making name a variable sized array; this also allows us to remove the complexity of allocation failure handling too. Signed-off-by: Colin Ian King Acked-by: Alex Hung Acked-by: Ivan Hu --- src/uefi/uefirtvariable/uefirtvariable.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c index 0617ff4..e59e005 100644 --- a/src/uefi/uefirtvariable/uefirtvariable.c +++ b/src/uefi/uefirtvariable/uefirtvariable.c @@ -633,7 +633,6 @@ static int getnextvariable_test3(fwts_framework *fw) uint64_t maxvariablenamesize = variablenamesize; uint16_t *variablename; EFI_GUID vendorguid; - char *name; int ret; variablename = malloc(sizeof(uint16_t) * variablenamesize); @@ -730,17 +729,13 @@ static int getnextvariable_test3(fwts_framework *fw) item->hash = hash_func(variablename, variablenamesize); if (bucket_insert(item)) { - name = malloc(variablenamesize * sizeof(char)); - if (name) { - fwts_uefi_str16_to_str(name, sizeof(name), variablename); - fwts_failed(fw, LOG_LEVEL_HIGH, - "UEFIRuntimeGetNextVariableName", - "Duplicate variable name %s found.", name); - free(name); - } else - fwts_failed(fw, LOG_LEVEL_HIGH, - "UEFIRuntimeGetNextVariableName", - "Duplicate variable name found (too long name)."); + char name[variablenamesize]; + + fwts_uefi_str16_to_str(name, sizeof(name), variablename); + fwts_failed(fw, LOG_LEVEL_HIGH, + "UEFIRuntimeGetNextVariableName", + "Duplicate variable name %s found.", name); + free(item->name); free(item->guid); free(item);