The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=5c2ae0a209f6964ebe2d3a4cc24987e3bd7f597d
commit 5c2ae0a209f6964ebe2d3a4cc24987e3bd7f597d Author: Jose Luis Duran <[email protected]> AuthorDate: 2025-11-13 16:49:05 +0000 Commit: Warner Losh <[email protected]> CommitDate: 2025-11-25 18:17:24 +0000 libefivar: Add sanity check for FilePath device path REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497 Current implementation of IsDevicePathValid() is not enough for type of MEDIA_FILEPATH_DP, which has NULL-terminated string in the device path. This patch add a simple NULL character check at Length position. Note that the link above no longer exists. The commit message was kept verbatim. An archived version of the bug report can be found at: https://web.archive.org/web/20240714191428/https://bugzilla.tianocore.org/show_bug.cgi?id=1497 Add the const keyword to avoid errors/warnings about dropping a const qualifier. Obtained from: https://github.com/tianocore/edk2/commit/2f7a96d6ec13b292d6f31295f3195913921173e1 Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1894 --- lib/libefivar/uefi-dputil.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/libefivar/uefi-dputil.c b/lib/libefivar/uefi-dputil.c index 89e049884558..74609b47a448 100644 --- a/lib/libefivar/uefi-dputil.c +++ b/lib/libefivar/uefi-dputil.c @@ -37,7 +37,7 @@ /* * Taken from MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c - * hash fd02394228ee1dc2378cccfde6098c461f96dd42 2019-Jan-31 + * hash 2f7a96d6ec13b292d6f31295f3195913921173e1 2019-Feb-21 */ /** @file @@ -137,6 +137,15 @@ IsDevicePathValid ( return FALSE; } } + + // + // FilePath must be a NULL-terminated string. + // + if (DevicePathType (DevicePath) == MEDIA_DEVICE_PATH && + DevicePathSubType (DevicePath) == MEDIA_FILEPATH_DP && + *(const CHAR16 *)((const UINT8 *) DevicePath + NodeLength - 2) != 0) { + return FALSE; + } } //
