diff options
| author | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2018-09-23 04:08:09 +0200 |
|---|---|---|
| committer | Alexander Graf <agraf@suse.de> | 2018-09-23 21:55:31 +0200 |
| commit | 506dc52d5da1b6fea15da39904487c4b0218eaf2 (patch) | |
| tree | 80a5c8fc3587a497aec8f2bd1215e15eb369610b | |
| parent | 60ce592cd090c9f79ae378ed88e811fe70307ebd (diff) | |
| download | u-boot-506dc52d5da1b6fea15da39904487c4b0218eaf2.tar.gz | |
efi_loader: avoid out of bound access in efi_get_variable()
In efi_get_variable() a string is longer than the allocated space which
results in overwriting the linked list of malloc().
The prefixes used for variables are 41 characters long, e.g.
efi_67029eb5-0af2-f6b1-da53-fcb566dd1ce6_
Change PREFIX_LEN to 41.
Fixes: faff21556748 ("efi_loader: remove limit on variable length")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
| -rw-r--r-- | lib/efi_loader/efi_variable.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 495738884b..a1313fa215 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -44,7 +44,7 @@ * converted to utf16? */ -#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_")) +#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_")) static int hex(int ch) { |