[U-Boot] [PATCH v2 2/6] efi_loader: Fix memory map size check to avoid out-of-bounds access

Stefan Brüns Sat, 01 Oct 2016 10:33:02 -0700

Do not overwrite the specified size of the provided buffer without
having checked it is sufficient.


If the buffer is to small, memory_map_size is updated to indicate the
required size, and an error code is returned.

Signed-off-by: Stefan Brüns <stefan.bru...@rwth-aachen.de>
---
 lib/efi_loader/efi_memory.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
index ebe8e94..72a5870 100644
--- a/lib/efi_loader/efi_memory.c
+++ b/lib/efi_loader/efi_memory.c
@@ -342,6 +342,11 @@ efi_status_t efi_get_memory_map(unsigned long 
*memory_map_size,
 
        map_size = map_entries * sizeof(struct efi_mem_desc);
 
+       if (*memory_map_size < map_size) {
+               *memory_map_size = map_size;
+               return EFI_BUFFER_TOO_SMALL;
+       }
+
        *memory_map_size = map_size;
 
        if (descriptor_size)
@@ -350,9 +355,6 @@ efi_status_t efi_get_memory_map(unsigned long 
*memory_map_size,
        if (descriptor_version)
                *descriptor_version = EFI_MEMORY_DESCRIPTOR_VERSION;
 
-       if (*memory_map_size < map_size)
-               return EFI_BUFFER_TOO_SMALL;
-
        /* Copy list into array */
        if (memory_map) {
                /* Return the list in ascending order */
-- 
2.10.0

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH v2 2/6] efi_loader: Fix memory map size check to avoid out-of-bounds access

Reply via email to