efi_loader: validate device path length in boot manager

Bootxxxx variables are provided by the user and therefore cannot be trusted. We have to validate them before usage. A device path provided by a Bootxxxx variable must have an end node within the indicated device path length. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
author: Heinrich Schuchardt <xypron.glpk@gmx.de> 2020-08-23 11:59:17 +0300
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> 2020-08-24 17:37:53 +0300
commit: 15d8f008dc577bbef6ad98494c28553558941420 (patch)
tree: ac0e32cc27ea556382bd1b5f90bc611ead1d808c /lib/efi_loader
parent: 5bba77e48be801176a55223b1f76bc44e8e1b3cb (diff)
download: u-boot-15d8f008dc577bbef6ad98494c28553558941420.tar.xz
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c
index 1e06e60963..61dc72a23d 100644
--- a/lib/efi_loader/efi_bootmgr.c
+++ b/lib/efi_loader/efi_bootmgr.c
@@ -105,10 +105,8 @@ efi_status_t efi_deserialize_load_option(struct efi_load_option *lo, u8 *data,
 	if (*size < len)
 		return EFI_INVALID_PARAMETER;
 	lo->file_path = (struct efi_device_path *)data;
-	 /*
-	  * TODO: validate device path. There should be an end node within
-	  * the indicated file_path_length.
-	  */
+	if (efi_dp_check_length(lo->file_path, len) < 0)
+		return EFI_INVALID_PARAMETER;
 	data += len;
 	*size -= len;
author	Heinrich Schuchardt <xypron.glpk@gmx.de>	2020-08-23 11:59:17 +0300
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	2020-08-24 17:37:53 +0300
commit	15d8f008dc577bbef6ad98494c28553558941420 (patch)
tree	ac0e32cc27ea556382bd1b5f90bc611ead1d808c /lib/efi_loader
parent	5bba77e48be801176a55223b1f76bc44e8e1b3cb (diff)
download	u-boot-15d8f008dc577bbef6ad98494c28553558941420.tar.xz