|
 |
89397c |
From 1313fa02a5b2bfe61ee6702696600fc148ec2d6e Mon Sep 17 00:00:00 2001
|
|
|
89397c |
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
89397c |
Date: Tue, 4 Nov 2014 15:50:03 +0800
|
|
|
89397c |
Subject: [PATCH 1/7] Fix the potential buffer overflow
|
|
|
89397c |
|
|
|
89397c |
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
89397c |
---
|
|
|
89397c |
src/mokutil.c | 5 ++---
|
|
|
89397c |
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
89397c |
|
|
|
89397c |
diff --git a/src/mokutil.c b/src/mokutil.c
|
|
|
89397c |
index 5b34f22..93fb6fa 100644
|
|
|
89397c |
--- a/src/mokutil.c
|
|
|
89397c |
+++ b/src/mokutil.c
|
|
|
89397c |
@@ -1743,7 +1743,7 @@ set_toggle (const char * VarName, uint32_t state)
|
|
|
89397c |
MokToggleVar tvar;
|
|
|
89397c |
char *password = NULL;
|
|
|
89397c |
unsigned int pw_len;
|
|
|
89397c |
- efi_char16_t efichar_pass[SB_PASSWORD_MAX];
|
|
|
89397c |
+ efi_char16_t efichar_pass[SB_PASSWORD_MAX+1];
|
|
|
89397c |
int ret = -1;
|
|
|
89397c |
|
|
|
89397c |
printf ("password length: %d~%d\n", SB_PASSWORD_MIN, SB_PASSWORD_MAX);
|
|
|
89397c |
@@ -1757,8 +1757,7 @@ set_toggle (const char * VarName, uint32_t state)
|
|
|
89397c |
efichar_from_char (efichar_pass, password,
|
|
|
89397c |
SB_PASSWORD_MAX * sizeof(efi_char16_t));
|
|
|
89397c |
|
|
|
89397c |
- memcpy(tvar.password, efichar_pass,
|
|
|
89397c |
- SB_PASSWORD_MAX * sizeof(efi_char16_t));
|
|
|
89397c |
+ memcpy(tvar.password, efichar_pass, sizeof(tvar.password));
|
|
|
89397c |
|
|
|
89397c |
tvar.mok_toggle_state = state;
|
|
|
89397c |
|
|
|
89397c |
--
|
|
|
89397c |
2.7.4
|
|
|
89397c |
|