From 5ce851ab991ecae805d42445de509652b9aadbd9 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Sun, 15 Oct 2023 11:32:32 +0200
Subject: [PATCH] boot: Fix OOB reads in conf/osrel parsing

---
 src/boot/efi/efi-string.c      | 2 +-
 src/boot/efi/test-efi-string.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/boot/efi/efi-string.c b/src/boot/efi/efi-string.c
index acb891a98e7..4144c0d4979 100644
--- a/src/boot/efi/efi-string.c
+++ b/src/boot/efi/efi-string.c
@@ -444,7 +444,7 @@ char *line_get_key_value(char *s, const char *sep, size_t *pos, char **ret_key,
                 line[linelen] = '\0';
 
                 /* remove leading whitespace */
-                while (strchr8(" \t", *line)) {
+                while (linelen > 0 && strchr8(" \t", *line)) {
                         line++;
                         linelen--;
                 }
diff --git a/src/boot/efi/test-efi-string.c b/src/boot/efi/test-efi-string.c
index f7964e03787..b71a0c34025 100644
--- a/src/boot/efi/test-efi-string.c
+++ b/src/boot/efi/test-efi-string.c
@@ -520,7 +520,9 @@ TEST(line_get_key_value) {
         char *key, *value;
 
         assert_se(!line_get_key_value((char[]){ "" }, "=", &pos, &key, &value));
+        assert_se(!line_get_key_value((char[]){ "\t" }, " \t", &pos, &key, &value));
 
+        pos = 0;
         assert_se(line_get_key_value(s1, "=", &pos, &key, &value));
         assert_se(streq8(key, "key"));
         assert_se(streq8(value, "value"));
-- 
2.47.3