rpms / efivar

Clone
Source Code
GIT

Blame SOURCES/0007-Make-efidp_make_file-have-even-more-better-input-con.patch

c7 c7-alt c7-beta c7-i686 c8 c8-beta c8s c9 c9-beta
  1.   5e6fc37cb044dbbe378835b354d33e6467ee8c53
  2.   SOURCES
  3.   0007-Make-efidp_make_file-have-even-more-better-input-con.patch
Blob History Raw
5e6fc3 
From 9bc1e24859630c933410bfb77658bd69ee400e16 Mon Sep 17 00:00:00 2001
5e6fc3 
From: Peter Jones <pjones@redhat.com>
5e6fc3 
Date: Wed, 13 Jun 2018 09:25:58 -0400
5e6fc3 
Subject: [PATCH 07/39] Make efidp_make_file() have even more, better input
5e6fc3 
 constraints.
5e6fc3
5e6fc3 
This is all in the effort to convince coverity that it doesn't
5e6fc3 
dereference buf when size==0, which it already doesn't.
5e6fc3
5e6fc3 
Signed-off-by: Peter Jones <pjones@redhat.com>
5e6fc3 
---
5e6fc3 
 src/dp-media.c |  6 ++++++
5e6fc3 
 src/dp.c       | 10 +++++++++-
5e6fc3 
 2 files changed, 15 insertions(+), 1 deletion(-)
5e6fc3
5e6fc3 
diff --git a/src/dp-media.c b/src/dp-media.c
5e6fc3 
index cec6b8bb58d..96a576fdc2a 100644
5e6fc3 
--- a/src/dp-media.c
5e6fc3 
+++ b/src/dp-media.c
5e6fc3 
@@ -162,6 +162,12 @@ efidp_make_file(uint8_t *buf, ssize_t size, char *filepath)
5e6fc3 
 	ssize_t len = utf8len(lf, -1) + 1;
5e6fc3 
 	ssize_t req = sizeof (*file) + len * sizeof (uint16_t);
5e6fc3
5e6fc3 
+	if (len == 0) {
5e6fc3 
+		errno = EINVAL;
5e6fc3 
+		efi_error("%s() called with %s file path", __func__,
5e6fc3 
+			  filepath == NULL ? "NULL" : "empty");
5e6fc3 
+		return -1;
5e6fc3 
+	}
5e6fc3 
 	sz = efidp_make_generic(buf, size, EFIDP_MEDIA_TYPE, EFIDP_MEDIA_FILE,
5e6fc3 
 				req);
5e6fc3 
 	if (size && sz == req) {
5e6fc3 
diff --git a/src/dp.c b/src/dp.c
5e6fc3 
index 4e76e25b1a1..82d60b4f9be 100644
5e6fc3 
--- a/src/dp.c
5e6fc3 
+++ b/src/dp.c
5e6fc3 
@@ -443,9 +443,17 @@ efidp_make_generic(uint8_t *buf, ssize_t size, uint8_t type, uint8_t subtype,
5e6fc3
5e6fc3 
 	if (!size)
5e6fc3 
 		return total_size;
5e6fc3 
+
5e6fc3 
+	if (!buf) {
5e6fc3 
+		errno = EINVAL;
5e6fc3 
+		efi_error("%s was called with nonzero size and NULL buffer",
5e6fc3 
+			  __func__);
5e6fc3 
+		return -1;
5e6fc3 
+	}
5e6fc3 
+
5e6fc3 
 	if (size < total_size) {
5e6fc3 
+		errno = ENOSPC;
5e6fc3 
 		efi_error("total size is bigger than size limit");
5e6fc3 
-		errno = ENOSPC;
5e6fc3 
 		return -1;
5e6fc3 
 	}
5e6fc3
5e6fc3 
--
5e6fc3 
2.17.1
5e6fc3

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation