[1/1] efi_loader: limit output length for VenHw, VenMedia

Message ID	20210223203739.43310-1-xypron.glpk@gmx.de
State	Accepted, archived
Commit	9c081a7eabd4e5f54bd692df722705bc5ec57891
Delegated to:	Heinrich Schuchardt
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Heinrich Schuchardt <xypron.glpk@gmx.de> To: Alexander Graf <agraf@csgraf.de> Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de> Subject: [PATCH 1/1] efi_loader: limit output length for VenHw, VenMedia Date: Tue, 23 Feb 2021 21:37:39 +0100 Message-Id: <20210223203739.43310-1-xypron.glpk@gmx.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[1/1] efi_loader: limit output length for VenHw, VenMedia \| expand [1/1] efi_loader: limit output length for VenHw, VenMedia

Message ID

20210223203739.43310-1-xypron.glpk@gmx.de

State

Accepted, archived

Commit

9c081a7eabd4e5f54bd692df722705bc5ec57891

Delegated to:

Heinrich Schuchardt

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256
 header.s=badeba3b8450 header.b=ePOBJZOF;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DlW8Y0XJdz9sVF
	for <incoming@patchwork.ozlabs.org>; Wed, 24 Feb 2021 07:37:58 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id A00E782A4E;
	Tue, 23 Feb 2021 21:37:50 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=gmx.de
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 secure) header.d=gmx.net header.i=@gmx.net header.b="ePOBJZOF";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 7D52582A5E; Tue, 23 Feb 2021 21:37:48 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE autolearn=ham
 autolearn_force=no version=3.4.2
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 9011F82A4C
 for <u-boot@lists.denx.de>; Tue, 23 Feb 2021 21:37:45 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmx.de
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=xypron.glpk@gmx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1614112663;
 bh=EsXQKwg8js+G+g2H79V5uurf71u7foYunQ2vSGRfAMI=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:Date;
 b=ePOBJZOFaKZrY/uSs7ipc/Xq4J9S5Pp1NROls7iizLibGa37G22NOIId9q1aOrkzS
 Hk4Q2rC4MeJoIC82zgNOpyPVwNgIy9a9dUnzhzDjcsRmwS8HU15hxKVynqMTisdDbl
 +9OrZP6hrJ+LQmNBMCafa9u3LH41khS1RDyuSE5g=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from LT02.fritz.box ([62.143.246.89]) by mail.gmx.net (mrgmx004
 [212.227.17.184]) with ESMTPSA (Nemesis) id 1MrQIv-1lZwAK1ARD-00oXsP; Tue, 23
 Feb 2021 21:37:43 +0100
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Alexander Graf <agraf@csgraf.de>
Cc: u-boot@lists.denx.de,
	Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [PATCH 1/1] efi_loader: limit output length for VenHw, VenMedia
Date: Tue, 23 Feb 2021 21:37:39 +0100
Message-Id: <20210223203739.43310-1-xypron.glpk@gmx.de>
X-Mailer: git-send-email 2.30.0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:U4Yh05U/XN8o0b5zhGYa+5yC/9rUbOV0PmxxUoet8gbpUveEiFm
 IY1C5o49X+rB/AupBUnBS/K7j0WcF2HvlYus5TTWoQ8MIdP4Ka6NdZGOYvcc/ABjB2LFibd
 hN0j1vMPxOInbiGe/YMnjN4nCKkDZLoOZs78uWSwn8s32AfcFal5y2M61qbSlnXSi7Yo5Gv
 m0Cpa3vEyxFbUF8w7hxnw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:q+N4669PvW0=:tRVoHPuXunyFiK1zvpioYE
 9b9gBlAaCpedXLgXH6Uy5Eo07AckzNBXG3IBBin+ZoU2KFDBziTbYPKbwp3z38bVurcxMXlnM
 ghlxNxNXTUeVBDu+mxx/5j54mDGKLEbRW4J+RiWURB2/u2h+yN0GO502h5xc6SWq4VurKHDOQ
 6SYaYXaAA/MRsFOrTndaKzHIAdGDGxYH9MlQ+zxdjEy0RLThBacL3Z+TdxYIZL13PoOCttJpC
 zt5k1g0dMKrLcI8RFPn7fZenh3rotDLGpxqwIM84P6z8FDLFtYd5fbDkoNqKWgNyi0z2MaHRf
 woPZee8D7IK0Nl43yWL5P3woLmx3qGHH6ENw+nR1oDNF6yPZDdlc6OpPbetq8VrZKBk/E6AQk
 PMmbyBRoNAaqnvzq8x+NpIp8KAkjkDV0YzZeqKL0AduMoJy9EVbIeLVrG6r/uRf3/dVmmO46b
 b6Wl62vEVKeQKDu7xHi0CsfCmc/XGypD1F9abJiusDOCbwvpUWrHqkfgBIXWiNIzmSK5BIau4
 Q1DWzmbnEhHqzgmbAFYMrqNwv3AcsPKLnHAkHsdmvef6mQiyKBtsA5DCbZfzBLJzMuqyxoaW7
 G0xa7+wPDAU4uHgF7+2Zg0JsQX+Y9R0NZaMRsducMyvOPmHt+m3zMVT5F3hV4kNhG2CPBKDyy
 SP+MpqbI3R03tEORhHbgHn2YqZbDCWL+fu3SR/Iqs/vnIjip0N/oyYNb8XkOi4j0TRZTpZ6JM
 CETAsO3XPHqvc/HJl4hsouOEaPThdqEsLtj14HIul+uwW4xSE0WEDTGX7DdnzWg+Zp5Qq+sRA
 Vl6NkmC0eY8z8B2TR3zq9s9UILuiak5fCsp8kAdYGPASnfQB5kQS7Me+oD0k7VSDdwnE1nkyt
 9mjlr0sFKLYRdyzEYAKA==
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

Series

[1/1] efi_loader: limit output length for VenHw, VenMedia | expand

Commit Message

Heinrich Schuchardt Feb. 23, 2021, 8:37 p.m. UTC

VenHw and VenMedia device path nodes may carry vendor defined data of
arbitrary length. When converting a device path node to text ensure that we
do not overrun our internal buffer.

In our implementation of
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() we could first
determine the output length and then allocate buffers but that would nearly
double the code size. Therefore keep the preallocated buffers and truncate
excessive device paths instead.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_device_path_to_text.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--
2.30.0

diff --git a/lib/efi_loader/efi_device_path_to_text.c b/lib/efi_loader/efi_device_path_to_text.c
index 81b8ac23ba..ba1ad33459 100644
--- a/lib/efi_loader/efi_device_path_to_text.c
+++ b/lib/efi_loader/efi_device_path_to_text.c
@@ -67,7 +67,8 @@  static char *dp_hardware(char *s, struct efi_device_path *dp)

 		s += sprintf(s, "VenHw(%pUl", &vdp->guid);
 		n = (int)vdp->dp.length - sizeof(struct efi_device_path_vendor);
-		if (n > 0) {
+		/* Node must fit into MAX_NODE_LEN) */
+		if (n > 0 && n < MAX_NODE_LEN / 2 - 22) {
 			s += sprintf(s, ",");
 			for (i = 0; i < n; ++i)
 				s += sprintf(s, "%02x", vdp->vendor_data[i]);
@@ -251,7 +252,8 @@  static char *dp_media(char *s, struct efi_device_path *dp)

 		s += sprintf(s, "VenMedia(%pUl", &vdp->guid);
 		n = (int)vdp->dp.length - sizeof(struct efi_device_path_vendor);
-		if (n > 0) {
+		/* Node must fit into MAX_NODE_LEN) */
+		if (n > 0 && n < MAX_NODE_LEN / 2 - 24) {
 			s += sprintf(s, ",");
 			for (i = 0; i < n; ++i)
 				s += sprintf(s, "%02x", vdp->vendor_data[i]);

[1/1] efi_loader: limit output length for VenHw, VenMedia

Commit Message

Patch