diff options
Diffstat (limited to 'lib/efi_loader')
| -rw-r--r-- | lib/efi_loader/efi_bootmgr.c | 6 | ||||
| -rw-r--r-- | lib/efi_loader/efi_device_path.c | 33 | ||||
| -rw-r--r-- | lib/efi_loader/efi_runtime.c | 7 |
3 files changed, 39 insertions, 7 deletions
diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c index 1e06e609639..61dc72a23da 100644 --- a/lib/efi_loader/efi_bootmgr.c +++ b/lib/efi_loader/efi_bootmgr.c @@ -105,10 +105,8 @@ efi_status_t efi_deserialize_load_option(struct efi_load_option *lo, u8 *data, if (*size < len) return EFI_INVALID_PARAMETER; lo->file_path = (struct efi_device_path *)data; - /* - * TODO: validate device path. There should be an end node within - * the indicated file_path_length. - */ + if (efi_dp_check_length(lo->file_path, len) < 0) + return EFI_INVALID_PARAMETER; data += len; *size -= len; diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index 7ae14f34239..8a5c13c4241 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -1127,3 +1127,36 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, return EFI_SUCCESS; } + +/** + * efi_dp_check_length() - check length of a device path + * + * @dp: pointer to device path + * @maxlen: maximum length of the device path + * Return: + * * length of the device path if it is less or equal @maxlen + * * -1 if the device path is longer then @maxlen + * * -1 if a device path node has a length of less than 4 + * * -EINVAL if maxlen exceeds SSIZE_MAX + */ +ssize_t efi_dp_check_length(const struct efi_device_path *dp, + const size_t maxlen) +{ + ssize_t ret = 0; + u16 len; + + if (maxlen > SSIZE_MAX) + return -EINVAL; + for (;;) { + len = dp->length; + if (len < 4) + return -1; + ret += len; + if (ret > maxlen) + return -1; + if (dp->type == DEVICE_PATH_TYPE_END && + dp->sub_type == DEVICE_PATH_SUB_TYPE_END) + return ret; + dp = (const struct efi_device_path *)((const u8 *)dp + len); + } +} diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c index 78fd8014d90..dea2b4e5eea 100644 --- a/lib/efi_loader/efi_runtime.c +++ b/lib/efi_loader/efi_runtime.c @@ -365,7 +365,9 @@ out: * efi_reset_system() - reset system * * This function implements the ResetSystem() runtime service after - * SetVirtualAddressMap() is called. It only executes an endless loop. + * SetVirtualAddressMap() is called. As this placeholder cannot reset the + * system it simply return to the caller. + * * Boards may override the helpers below to implement reset functionality. * * See the Unified Extensible Firmware Interface (UEFI) specification for @@ -381,8 +383,7 @@ void __weak __efi_runtime EFIAPI efi_reset_system( efi_status_t reset_status, unsigned long data_size, void *reset_data) { - /* Nothing we can do */ - while (1) { } + return; } /** |