From patchwork Thu Dec 31 10:26:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 355531 Delivered-To: patch@linaro.org Received: by 2002:a02:85a7:0:0:0:0:0 with SMTP id d36csp12021267jai; Thu, 31 Dec 2020 02:27:01 -0800 (PST) X-Google-Smtp-Source: ABdhPJzqluGrGixNUu7xr8yARSGlmNAGY/4si5Xzcgzqx7MSDY0otm6dz+BNK7jrOLLpC6Xfidg3 X-Received: by 2002:a05:6402:2da:: with SMTP id b26mr54856469edx.350.1609410421056; Thu, 31 Dec 2020 02:27:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609410421; cv=none; d=google.com; s=arc-20160816; b=bdNjxGrtkaw0j8wN5HYmTXrDFHGTDS1MVcm45nFMzvU/GOoh93VWC1k+PDdgHKJjPo AY7bP4iQaExJJJ/X+z23+JC64wPsCGYYeCltH7UzaCwy5CVWXvx+MuXshp6DL200ZE4M iH5dderZn0sx70/v8XBQs6UCNI+Pfnu1iGmIRLnyyL2gT5ypiYtilJWotCUDGhUdnCmj llZgeyXm1TdMvRZ8d7uHGUadaxnpUJOSiXc6EEvb0I3tsNLxDHYXQNM2fVgpd30brrlt cipcfw1CgKP5D6i78Be+lzjDVp6LBp3rp0YrGejqOkBQeA+zjrCLPPX4HCCDme2xUn0A wOqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=LJ1JY+cOgn5573xDnHpuqmHr5RefcR9sNhK6YuWV0nY=; b=bHE+9MUmgYLPM6W3Nq5NXSPSgecAW5UT6Yw3e7qJc8jV+Efnca8sHQzuUn9cTZSZFk 1upqhkb/TFkRT60Bx0/I56+Z6CIKbHGo3cF78plzR1dBu5g+Si71MUXAzaEgKA4D7wv5 mlqshD0TzRGQVf0r7dvEzc/q9WlKHKp0TjxRzDK4/hjhMtxoVdY3+drgMhpgkGwm2RDq G7m7cDrJnMo6rTDk+y119ZyBQbf2hQrog9ktWwBsekxkQ3LnF011tnNr8NXtbB8A/MuQ Y7qGEPCLD6KK6DAgNfYueiV3wtKfLErQm3HA/lzJiL9lP2jrfWxve92DDsAQoPAJ2f2o 2F1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=p7V814p5; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id r12si13729025edd.53.2020.12.31.02.27.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Dec 2020 02:27:01 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=p7V814p5; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3F8E08002F; Thu, 31 Dec 2020 11:26:56 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="p7V814p5"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 91D7B824DE; Thu, 31 Dec 2020 11:26:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3F0188000F for ; Thu, 31 Dec 2020 11:26:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x42e.google.com with SMTP id i9so19750949wrc.4 for ; Thu, 31 Dec 2020 02:26:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=LJ1JY+cOgn5573xDnHpuqmHr5RefcR9sNhK6YuWV0nY=; b=p7V814p57EWFm9q/U7O4mo+l9hVcVPliCPAmlHVBdwhRQ0X5BHy9iwRv7/7zHgu7QC J7Ey44/1AdzyRzHcS5vsUMe5+e7uxz78LlbWtBerrYmeGHbv7c1KJ5Kb+uzYJrwR3aak 9qNuyTEiTPtKbA7OJ6pulK8xrGHRpk02DCp3rJre9l6rRew7A9csWPre9Di+5n81QtRq BGl1lTleimkPZk8kioGz3as2qcP+QFjya8PWL2DUMHNH+WVuqNDzmiXUbtUpnv11E81M 5NfPzUHnq7niZOV7jlKfg0ielH1Q98YPsE6ETdNDxSRqQgysLswTMhBp3NGKVW9m6Bdf xVOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=LJ1JY+cOgn5573xDnHpuqmHr5RefcR9sNhK6YuWV0nY=; b=Z+0GGGWIZXSoAk+8cgzkZn6k6UAKuvBq4vFIKStJIKfoFLZii8uISa2Czh2CGZEehE xfpzGdesQP0yR/MVMTOaAmGmuRTv6P6W6Q+V0132dJs6BkkZLBHpJ89zP8jwQjlRF9R7 krDU3Spy+LHtNy+CL2Fe1pXYgpSinJb8NssyztdcHl8qoV8lRqCbiNUgwfiGQP6l7ES5 BNu+hUyJDVr6ndqOxzur/nV56+dJnTtdexhhNUZxloK8qsL4QfsWyH86efxR8LR+wceY 6/mv1onzY0b0Bu7QJzCPT3cneBeQYLHzTLFG/vPPTXZ+KYpuDF1LteTe6tcnVJfwj3em DqSw== X-Gm-Message-State: AOAM530Nh/1tGqRie4tJozBMMbhJxifHyc9fuKdcDmWetzsNovaihTga uDPZghWKZMcOddY19w3KR7Ivag== X-Received: by 2002:adf:bb0e:: with SMTP id r14mr65257414wrg.159.1609410410751; Thu, 31 Dec 2020 02:26:50 -0800 (PST) Received: from localhost.localdomain (athedsl-4484548.home.otenet.gr. [94.71.57.204]) by smtp.gmail.com with ESMTPSA id c20sm11917073wmb.38.2020.12.31.02.26.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Dec 2020 02:26:50 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: takahiro.akashi@linaro.org, Ilias Apalodimas , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH] efi_loader: Add size checks to efi_create_indexed_name() Date: Thu, 31 Dec 2020 12:26:46 +0200 Message-Id: <20201231102647.201318-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Although the function description states the caller must provide a sufficient buffer, it's better to have in function checks that the destination buffer can hold the intended value. So let's add an extra argument with the buffer size and check that before doing any copying. Signed-off-by: Ilias Apalodimas --- include/efi_loader.h | 3 ++- lib/efi_loader/efi_capsule.c | 7 ++++--- lib/efi_loader/efi_string.c | 10 ++++++++-- test/unicode_ut.c | 2 +- 4 files changed, 15 insertions(+), 7 deletions(-) -- 2.30.0 Reviewed-by: Heinrich Schuchardt diff --git a/include/efi_loader.h b/include/efi_loader.h index 365f3d01dc74..def0ab3a7954 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -822,7 +822,8 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, void efi_memcpy_runtime(void *dest, const void *src, size_t n); /* commonly used helper function */ -u16 *efi_create_indexed_name(u16 *buffer, const char *name, unsigned int index); +u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name, + unsigned int index); extern const struct efi_firmware_management_protocol efi_fmp_fit; extern const struct efi_firmware_management_protocol efi_fmp_raw; diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index ea22ee796843..4ef254626786 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -73,8 +73,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, struct efi_time time; efi_status_t ret; - efi_create_indexed_name(variable_name16, "Capsule", index); - + efi_create_indexed_name(variable_name16, sizeof(variable_name16), + "Capsule", index); result.variable_total_size = sizeof(result); result.capsule_guid = capsule->capsule_guid; ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL)); @@ -896,7 +896,8 @@ efi_status_t efi_launch_capsules(void) free(files); /* CapsuleLast */ - efi_create_indexed_name(variable_name16, "Capsule", index - 1); + efi_create_indexed_name(variable_name16, sizeof(variable_name16), + "Capsule", index - 1); efi_set_variable_int(L"CapsuleLast", &efi_guid_capsule_report, EFI_VARIABLE_READ_ONLY | EFI_VARIABLE_NON_VOLATILE | diff --git a/lib/efi_loader/efi_string.c b/lib/efi_loader/efi_string.c index 3de721f06c7f..962724228866 100644 --- a/lib/efi_loader/efi_string.c +++ b/lib/efi_loader/efi_string.c @@ -23,13 +23,19 @@ * Return: A pointer to the next position after the created string * in @buffer, or NULL otherwise */ -u16 *efi_create_indexed_name(u16 *buffer, const char *name, unsigned int index) +u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name, + unsigned int index) { u16 *p = buffer; char index_buf[5]; + size_t size; + size = (utf8_utf16_strlen(name) * sizeof(u16) + + sizeof(index_buf) * sizeof(u16)); + if (buffer_size < size) + return NULL; utf8_utf16_strcpy(&p, name); - sprintf(index_buf, "%04X", index); + snprintf(index_buf, sizeof(index_buf), "%04X", index); utf8_utf16_strcpy(&p, index_buf); return p; diff --git a/test/unicode_ut.c b/test/unicode_ut.c index 33fc8b0ee1e2..6130ef0b5497 100644 --- a/test/unicode_ut.c +++ b/test/unicode_ut.c @@ -603,7 +603,7 @@ static int unicode_test_efi_create_indexed_name(struct unit_test_state *uts) u16 *pos; memset(buf, 0xeb, sizeof(buf)); - pos = efi_create_indexed_name(buf, "Capsule", 0x0af9); + pos = efi_create_indexed_name(buf, sizeof(buf), "Capsule", 0x0af9); ut_asserteq_mem(expected, buf, sizeof(expected)); ut_asserteq(pos - buf, u16_strnlen(buf, SIZE_MAX));