Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0c5ff7ea5158f76d24ec88282ccd4d0d9093fe70^! / .
commit0c5ff7ea5158f76d24ec88282ccd4d0d9093fe70[log] [tgz]
authorDan Carpenter <dan.carpenter@linaro.org>Wed Jul 26 09:54:52 2023 +0300
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>Thu Aug 03 09:21:02 2023 +0200
tree86bbb11531e14a22229c2e135460f685a0f4b2f8
parent09bc9aae77749838541a858b369547a522a47ab6 [diff]
efi_loader: Fix memory corruption on 32bit systems

It's pretty unlikely that anyone is going to be using EFI authentication
on a 32bit system.  However, if you did, the efi_prepare_aligned_image()
function would write 8 bytes of data to the &efi_size variable and it
can only hold 4 bytes so that corrupts memory.

Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 26df0da..9754757 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c

@@ -592,6 +592,7 @@
 	struct efi_signature_store *db = NULL, *dbx = NULL;
 	void *new_efi = NULL;
 	u8 *auth, *wincerts_end;
+	u64 new_efi_size = efi_size;
 	size_t auth_size;
 	bool ret = false;
 
@@ -600,11 +601,11 @@
 	if (!efi_secure_boot_enabled())
 		return true;
 
-	new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size);
+	new_efi = efi_prepare_aligned_image(efi, &new_efi_size);
 	if (!new_efi)
 		return false;
 
-	if (!efi_image_parse(new_efi, efi_size, &regs, &wincerts,
+	if (!efi_image_parse(new_efi, new_efi_size, &regs, &wincerts,
 			     &wincerts_len)) {
 		log_err("Parsing PE executable image failed\n");
 		goto out;