From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 28 Jan 2019 16:33:08 +0000 (+0100)
Subject: bootctl: safety check for regular file when reading EFI images
X-Git-Tag: v242-rc1~218^2~41
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c4ba5b516d03ec0973b5c4ad58e2735d96b1bd83;p=thirdparty%2Fsystemd.git

bootctl: safety check for regular file when reading EFI images
---

diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index 1dbe00adb64..2424aa011f7 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -96,6 +96,10 @@ static int get_file_version(int fd, char **v) {
         if (fstat(fd, &st) < 0)
                 return log_error_errno(errno, "Failed to stat EFI binary: %m");
 
+        r = stat_verify_regular(&st);
+        if (r < 0)
+                return log_error_errno(errno, "EFI binary is not a regular file: %m");
+
         if (st.st_size < 27) {
                 *v = NULL;
                 return 0;