From patchwork Wed Dec 30 15:07:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 355273 Delivered-To: patch@linaro.org Received: by 2002:a02:85a7:0:0:0:0:0 with SMTP id d36csp11403482jai; Wed, 30 Dec 2020 07:08:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJz/YTwHBrPuImkWmWk3YQKojZ1lrlWsJdZpKLKoc52Johm5yT8NqwlZoikSHfdTX11IH4Qf X-Received: by 2002:aa7:c1c6:: with SMTP id d6mr50996526edp.275.1609340893912; Wed, 30 Dec 2020 07:08:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609340893; cv=none; d=google.com; s=arc-20160816; b=z6UxFwILycp8DbYyL+PWngzO9zuczG57DjHbBCsZ/CazyqbNNRdykScPPxHmbDrm4P 0cNTVAp0EMPNHb9tIPaD88w0ehi0M4qCMu3JXmeay2GBsFonNWDpXEtRANiSZ3DrP3yg lubWfddXWdplRtq9jYERImHEyYWKsJNqwp8AFBsuQQzs9S/xnqo2BpA+oxEEDWEUQ4K2 PSPjiAsDo4DoUdRWeTaphldSOh51CDhN+/3ywAxRhTmpAaSk/8HxWAxlSDhbvmoUwJfp PY3nsX9jwphVaQ7wivClHmRiP4spiegcHgt0dv2DDPVYt927W4ICxWvhbrEpNupBUXHt Ym3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wHXIKZTfXfsCHLDMg+j1KPalqqVckKw12E3GnWEqAWU=; b=cnX1xBlVssijTCzte/3DYgC5Y3S8jK/qEfAeLIecWHouZsiyuyQ1Dhxkv1mv0Rr6tt X3uRfYx67SjNB2VnNHxxIKMIhgNEuySHHV5GJHeKbayj23fuPDdkdOrVWUemN3S0xYQL frbaDherdEasizGlJ7EaAs3egBhQT4J3pUP/5eMKlpBULo1F3qvlY/cqXOEW1mkufwwx /Y1/nv+PPFnW0z3Ttpt1bw41Mcc0BjshHTf42fqsEGSDXrw2+8PnnYVM9yWtHturp3y9 e8x8DLTJtJi9bcBZ6DoJJmNRFUte/d+T3uBqqBjxs707mIBDA2DIQVirmt5m7a1klOmB WHzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Jmwf91Tz; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id y10si21957575ejw.156.2020.12.30.07.08.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Dec 2020 07:08:13 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Jmwf91Tz; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B5BF882627; Wed, 30 Dec 2020 16:07:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Jmwf91Tz"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 818DC825DC; Wed, 30 Dec 2020 16:07:38 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id F035D825BF for ; Wed, 30 Dec 2020 16:07:34 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x432.google.com with SMTP id w5so17658736wrm.11 for ; Wed, 30 Dec 2020 07:07:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wHXIKZTfXfsCHLDMg+j1KPalqqVckKw12E3GnWEqAWU=; b=Jmwf91TzCWUF5xFVg/MjPmtFGtNzCgSIq5j8rVbeKCRjde/Ry0FEZnY8U+5Z/aLppM VqD16GCcARO6Eh96Sw0HmTHnNqrJ4HH+lGPbALjV+QO3yktQNNqZBhPmI7hGuvSKjZ1w I+rb+ztyTS5sB6R+TbgLQ5kaZSgwK1aG27WlVusdtE1Et0tI0Z2GpyxZWhalYosGNIg2 9DC5BH6s3o9OY431gw5ox6CMDDSOY5QiI3+SbJPkIvQg31RgyQvLQFaXQTNqBloWw8pw Y3omouWd6PTMX96Mz2Mxj4jlRMTLLgb855hpuVduBs1X+5bUey+W4o3Cj+ILJMjSnmX/ bcgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wHXIKZTfXfsCHLDMg+j1KPalqqVckKw12E3GnWEqAWU=; b=i7GVuScUpJOPL8wN7LPsWumuPxggS679U2p0HeWCrdPvH3g8BaOKL+wcaw2KigLewI FbUO3fRC6JdVkh4bbsnX/gZaipfgLlFtoWDATwRaUZu8t3n4lOqgtaLim8b9Plla5ORY jLnDddVraDnzu9KFTQbzT7OLDOQ4u4+rKXotCe2mWs34HH/jpGT75eSo4+FlCe5P5oSL XNtpfBpjTNF7s+Uj891D2BD2ZFKK1rz2QptC6EayHqjTVu9jvt8Ke0h5Nbdt9cCz8VvS mk5mMH1g5F6ft4UGaoph8ZQvxxpBz5w6zsUZFl03wgnjXN+5QbPQ1av8lH0Z4OnMi0ks C+YQ== X-Gm-Message-State: AOAM5310DgfC58npIW+WbOyY39fSruyYBeo1pivVw1pCJOxWjFI00E0T R14d5Ct7/9jtyE8cPis88TbiDw== X-Received: by 2002:a5d:6a83:: with SMTP id s3mr62260584wru.334.1609340854587; Wed, 30 Dec 2020 07:07:34 -0800 (PST) Received: from localhost.localdomain (athedsl-4484548.home.otenet.gr. [94.71.57.204]) by smtp.gmail.com with ESMTPSA id k10sm62062721wrq.38.2020.12.30.07.07.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Dec 2020 07:07:34 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: takahiro.akashi@linaro.org, ard.biesheuvel@arm.com, Ilias Apalodimas , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH 3/8 v2] efi_loader: Add size checks to efi_create_indexed_name() Date: Wed, 30 Dec 2020 17:07:15 +0200 Message-Id: <20201230150722.154663-4-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20201230150722.154663-1-ilias.apalodimas@linaro.org> References: <20201230150722.154663-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Although the function description states the caller must provide a sufficient buffer, it's better to have in function checks and ensure the destination buffer can hold the intended variable name. So let's add an extra argument with the buffer size and check that before copying. Signed-off-by: Ilias Apalodimas --- include/efi_loader.h | 3 ++- lib/efi_loader/efi_string.c | 10 ++++++++-- test/unicode_ut.c | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) -- 2.30.0 diff --git a/include/efi_loader.h b/include/efi_loader.h index 3c68b85b68e9..af30dbafab77 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -810,7 +810,8 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, void efi_memcpy_runtime(void *dest, const void *src, size_t n); /* commonly used helper function */ -u16 *efi_create_indexed_name(u16 *buffer, const char *name, unsigned int index); +u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name, + unsigned int index); #else /* CONFIG_IS_ENABLED(EFI_LOADER) */ diff --git a/lib/efi_loader/efi_string.c b/lib/efi_loader/efi_string.c index 3de721f06c7f..962724228866 100644 --- a/lib/efi_loader/efi_string.c +++ b/lib/efi_loader/efi_string.c @@ -23,13 +23,19 @@ * Return: A pointer to the next position after the created string * in @buffer, or NULL otherwise */ -u16 *efi_create_indexed_name(u16 *buffer, const char *name, unsigned int index) +u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name, + unsigned int index) { u16 *p = buffer; char index_buf[5]; + size_t size; + size = (utf8_utf16_strlen(name) * sizeof(u16) + + sizeof(index_buf) * sizeof(u16)); + if (buffer_size < size) + return NULL; utf8_utf16_strcpy(&p, name); - sprintf(index_buf, "%04X", index); + snprintf(index_buf, sizeof(index_buf), "%04X", index); utf8_utf16_strcpy(&p, index_buf); return p; diff --git a/test/unicode_ut.c b/test/unicode_ut.c index 33fc8b0ee1e2..6130ef0b5497 100644 --- a/test/unicode_ut.c +++ b/test/unicode_ut.c @@ -603,7 +603,7 @@ static int unicode_test_efi_create_indexed_name(struct unit_test_state *uts) u16 *pos; memset(buf, 0xeb, sizeof(buf)); - pos = efi_create_indexed_name(buf, "Capsule", 0x0af9); + pos = efi_create_indexed_name(buf, sizeof(buf), "Capsule", 0x0af9); ut_asserteq_mem(expected, buf, sizeof(expected)); ut_asserteq(pos - buf, u16_strnlen(buf, SIZE_MAX));