]> git.ipfire.org Git - thirdparty/u-boot.git/commit
projects / thirdparty / u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 41be502) | patch
efi_loader: avoid buffer overrun in efi_var_restore()
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Wed, 11 Mar 2026 17:30:33 +0000 (18:30 +0100)
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sat, 14 Mar 2026 07:14:01 +0000 (08:14 +0100)
commita9080e600c214bbff331f95136aa26e7cfbe3375
treeb7ad730b1fe85382aaa461c149ac4d152e1c1032tree | snapshot
parent41be502c1c4ac5d2732e9ae278480b9c73405e49commit | diff
efi_loader: avoid buffer overrun in efi_var_restore()

The value of buf->length comes from outside U-Boot and may be incorrect.
We must avoid to overrun our internal buffer for excessive values.

If buf->length is shorter than the variable file header, the variable
file is invalid.

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
lib/efi_loader/efi_var_common.c diff | blob | blame | history
"Das U-Boot" Source Tree