On 26.08.18 20:40, Heinrich Schuchardt wrote: > On 08/26/2018 08:13 PM, Alexander Graf wrote: >> >> >> On 11.08.18 17:28, Heinrich Schuchardt wrote: >>> The EFI spec does not provide a length limit for variables. >>> >>> Signed-off-by: Heinrich Schuchardt <xypron.g...@gmx.de> >>> --- >>> lib/efi_loader/efi_variable.c | 52 ++++++++++++++++++++--------------- >>> 1 file changed, 30 insertions(+), 22 deletions(-) >>> >>> diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c >>> index 770c67abb9..495738884b 100644 >>> --- a/lib/efi_loader/efi_variable.c >>> +++ b/lib/efi_loader/efi_variable.c >>> @@ -44,10 +44,7 @@ >>> * converted to utf16? >>> */ >>> >>> -#define MAX_VAR_NAME 31 >>> -#define MAX_NATIVE_VAR_NAME \ >>> - (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_") + \ >>> - (MAX_VAR_NAME * MAX_UTF8_PER_UTF16)) >>> +#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_")) >>> >>> static int hex(int ch) >>> { >>> @@ -101,18 +98,20 @@ static char *mem2hex(char *hexstr, const u8 *mem, int >>> count) >>> return hexstr; >>> } >>> >>> -static efi_status_t efi_to_native(char *native, u16 *variable_name, >>> +static efi_status_t efi_to_native(char **native, const u16 *variable_name, >>> efi_guid_t *vendor) >>> { >>> size_t len; >>> + char *pos; >>> >>> - len = u16_strlen((u16 *)variable_name); >>> - if (len >= MAX_VAR_NAME) >>> - return EFI_DEVICE_ERROR; >>> + len = PREFIX_LEN + utf16_utf8_strlen(variable_name) + 1; >>> + *native = malloc(len); >>> + if (!*native) >>> + return EFI_OUT_OF_RESOURCES; >>> >>> - native += sprintf(native, "efi_%pUl_", vendor); >>> - native = (char *)utf16_to_utf8((u8 *)native, (u16 *)variable_name, >>> len); >>> - *native = '\0'; >>> + pos = *native; >>> + pos += sprintf(pos, "efi_%pUl_", vendor); >>> + utf16_utf8_strcpy(&pos, variable_name); >>> >>> return EFI_SUCCESS; >>> } >>> @@ -168,7 +167,7 @@ efi_status_t EFIAPI efi_get_variable(u16 >>> *variable_name, efi_guid_t *vendor, >>> u32 *attributes, efi_uintn_t *data_size, >>> void *data) >>> { >>> - char native_name[MAX_NATIVE_VAR_NAME + 1]; >>> + char *native_name; >> >> I think you want to predefine this to = NULL to make sure that an error >> path doesn't give you uninitialized values on free(). > > efi_to_native() returns EFI_OUT_OF_RESOURCES if the pointer cannot be > assigned and the return value is checked. So how should I reach > free(native_name) in this case?
True, convinced. I thought I saw a case where you could hit an uninitialized native_name variable, but now I can't see it anymore. Alex _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot