From fc8ee8fe58ad410f27fca64e4ad212c5a3eabe00 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 11 Aug 2025 15:01:09 +0200 Subject: [PATCH] hw/uefi: check access for first variable MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When listing variables (via get-next-variable-name) only the names of variables which can be accessed will be returned. That check was missing for the first variable though. Add it. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Gerd Hoffmann Message-ID: <20250811130110.820958-3-kraxel@redhat.com> --- hw/uefi/var-service-vars.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c index cbeccdbd266..8533533ea5c 100644 --- a/hw/uefi/var-service-vars.c +++ b/hw/uefi/var-service-vars.c @@ -357,6 +357,9 @@ uefi_vars_mm_get_next_variable(uefi_vars_state *uv, mm_header *mhdr, if (uefi_strlen(name, nv->name_size) == 0) { /* empty string -> first */ var = QTAILQ_FIRST(&uv->variables); + while (var && !check_access(uv, var)) { + var = QTAILQ_NEXT(var, next); + } if (!var) { return uefi_vars_mm_error(mhdr, mvar, EFI_NOT_FOUND); } -- 2.47.3