From: Jan Janssen Date: Tue, 28 Dec 2021 15:07:09 +0000 (+0100) Subject: boot: Reject unaligned data X-Git-Tag: v251-rc1~628^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1cadb35fd68f0255e50627dffd25c83e7e2081e5;p=thirdparty%2Fsystemd.git boot: Reject unaligned data The data seems to be properly aligned in real BCD stores, so it should be fine to just reject bad ones. Fixes: #21917 --- diff --git a/src/boot/efi/bcd.c b/src/boot/efi/bcd.c index 44c544f8f71..85569deb09e 100644 --- a/src/boot/efi/bcd.c +++ b/src/boot/efi/bcd.c @@ -176,7 +176,8 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key if (key->n_key_values == 0) return NULL; - if ((UINT64) key->key_values_offset + sizeof(UINT32[key->n_key_values]) >= bcd_len) + if ((UINT64) key->key_values_offset + sizeof(UINT32[key->n_key_values]) >= bcd_len || + (UINTN)(bcd + key->key_values_offset) % sizeof(UINT32) != 0) return NULL; const UINT32 *key_value_list = (const UINT32 *) (bcd + key->key_values_offset); @@ -266,7 +267,8 @@ TEST_STATIC CHAR16 *get_bcd_title(UINT8 *bcd, UINTN bcd_len) { CHAR8 order_guid[sizeof("{00000000-0000-0000-0000-000000000000}\0")]; if (displayorder_value->data_type != REG_MULTI_SZ || - displayorder_value->data_size != sizeof(CHAR16) * sizeof(order_guid)) + displayorder_value->data_size != sizeof(CHAR16[sizeof(order_guid)]) || + (UINTN)(bcd + displayorder_value->data_offset) % sizeof(CHAR16) != 0) /* BCD is multi-boot. */ return NULL; @@ -312,7 +314,8 @@ TEST_STATIC CHAR16 *get_bcd_title(UINT8 *bcd, UINTN bcd_len) { if (description_value->data_type != REG_SZ || description_value->data_size < sizeof(CHAR16) || - description_value->data_size % sizeof(CHAR16) != 0) + description_value->data_size % sizeof(CHAR16) != 0 || + (UINTN)(bcd + description_value->data_offset) % sizeof(CHAR16)) return NULL; /* The data should already be NUL-terminated. */