git.ipfire.org Git - thirdparty/qemu.git/commit

author	Gerd Hoffmann <kraxel@redhat.com>
	Tue, 12 May 2026 06:05:23 +0000 (08:05 +0200)
committer	Gerd Hoffmann <kraxel@redhat.com>
	Mon, 18 May 2026 12:59:11 +0000 (14:59 +0200)
commit	b33fd8ab1caa07aeb290ef5dac44a4e7fd4be02b
tree	d88f3ef50b1006e6dbf3019bf5b9d624179445bb	tree \| snapshot
parent	ac6721b88df944ade0048822b2b74210f543d656	commit \| diff

hw/uefi: check auth.hdr_length minimum size

auth.hdr_length maximum is already checked (against buffer size).  The
header has some fixed fields which are included in the header length, so
there also is a minimum size which must be verified.  Add a check for
that.  Fixes possible integer underflow.

While being at it replace the magic number '24' with sizeof calculations
for better code documentation.

Fixes: CVE-2026-8341
Fixes: f1488fac0584 ("hw/uefi: add var-service-auth.c")
Reported-by: Feifan Qian <bea1e@proton.me>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260512060523.17493-1-kraxel@redhat.com>

hw/uefi/var-service-auth.c		diff \| blob \| blame \| history
hw/uefi/var-service-pkcs7.c		diff \| blob \| blame \| history