UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

* Avoid out-of-bounds access in the efivars code when performing 

string matching on converted EFI variable names - Laszlo Ersek
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJXGnOlAAoJEC84WcCNIz1VWOQP+gLkw3FGdlQBlPc9XjxWwXWk
 2d7x/zo6j+2zObHjN0jS2FNbBkc8LKPbo1WO1tklHjs5wMjpDsd60CLRsPQEzDkU
 DZ87WYRUcgLgPC8Gtum8ImdpM0fR3vXK79F8PIvL9OxIxgYIDkQAV6XcpETjn9y6
 cBfg3agbr1WV3OuFrRs+FBQMSeIVLDybwN2GBQ7fbzplJ3QvQfjjSTT6adwhgie4
 1maIUVAR5yZl78EV8wucLMi6dWnKGM2seLYAd5M5Z+EQ0TTLwBZ9Dop4ToxJfchu
 hVdUBnTXDmaOb8s20D7A7TeZtjMari4Ia2VXBeHR94kQPLttc8TlkwmSykiY2jhq
 u1p7GF4BO5sxYI6MpG4fYpiHw+jRRKf8mGJ/h8veg2sxW5GzWQf9B+qTiUT64tKL
 GCqDNUZ7hd5RMQY/igPgGhyZsIpRNhCxbcQgbHszyr+KdSebMVVTFEESjpV6IQIL
 FoZEMx/fvsLVq2And0NAkmNtlmZpqNW+ejI9QScvpY2Nnp2IIEFj8b73zu+ZfaL2
 QUsB3trGqHTsMhKwkgw7+/NLjz1r2W3Pk8VUP3lJWtO8C9c8uNCSeEH3+YMfxDPE
 pFhDm+bZhZdQkbJpPDckD604hM2cF9bMbFyWD7c6s+Vfd18fygIf3EVJWDiMokTf
 WINEFvOqvsoDjrlpswO3
 =6r98
 -----END PGP SIGNATURE-----

Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into efi/urgent

Pull EFI fix from Matt Fleming:

 * Avoid out-of-bounds access in the efivars code when performing
   string matching on converted EFI variable names (Laszlo Ersek)

Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
Ingo Molnar 2016-04-25 17:28:11 +02:00
parent 02da2d7217 630ba0cc7a
commit ede85e90be
1 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
drivers/firmware/efi/vars.c
View File

@ -202,29 +202,44 @@ static const struct variable_validate variable_validate[] = {
{ NULL_GUID, "", NULL }, { NULL_GUID, "", NULL },
}; };
/*
* Check if @var_name matches the pattern given in @match_name.
*
* @var_name: an array of @len non-NUL characters.
* @match_name: a NUL-terminated pattern string, optionally ending in "*". A
* final "*" character matches any trailing characters @var_name,
* including the case when there are none left in @var_name.
* @match: on output, the number of non-wildcard characters in @match_name
* that @var_name matches, regardless of the return value.
* @return: whether @var_name fully matches @match_name.
*/
static bool static bool
variable_matches(const char *var_name, size_t len, const char *match_name, variable_matches(const char *var_name, size_t len, const char *match_name,
int *match) int *match)
{ {
for (*match = 0; ; (*match)++) { for (*match = 0; ; (*match)++) {
char c = match_name[*match]; char c = match_name[*match];
char u = var_name[*match];
/* Wildcard in the matching name means we've matched */ switch (c) {
if (c == '*') case '*':
/* Wildcard in @match_name means we've matched. */
return true; return true;
/* Case sensitive match */ case '\0':
if (!c && *match == len) /* @match_name has ended. Has @var_name too? */
return true; return (*match == len);
if (c != u) default:
/*
* We've reached a non-wildcard char in @match_name.
* Continue only if there's an identical character in
* @var_name.
*/
if (*match < len && c == var_name[*match])
continue;
return false; return false;
}
if (!c)
return true;
} }
return true;
} }
bool bool