[PATCH] uefi: uefidump: don't recurse forever on zero lengths (LP: #1174947)
Colin Ian King
colin.king at canonical.com
Fri May 3 16:30:56 UTC 2013
On 03/05/13 09:22, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> We need to ensure that broken UEFI variables with zero length structs don't cause us
> to recurse infinitely. So break out early and don't recurse so we run out of stack.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
> src/uefi/uefidump/uefidump.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
> index b115a62..31412c7 100644
> --- a/src/uefi/uefidump/uefidump.c
> +++ b/src/uefi/uefidump/uefidump.c
> @@ -385,8 +385,10 @@ static char *uefidump_build_dev_path(char *path, fwts_uefi_dev_path *dev_path)
> if (!((dev_path->type & 0x7f) == (FWTS_UEFI_END_DEV_PATH_TYPE) &&
> (dev_path->subtype == FWTS_UEFI_END_ENTIRE_DEV_PATH_SUBTYPE))) {
> uint16_t len = dev_path->length[0] | (((uint16_t)dev_path->length[1])<<8);
> - dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
> - path = uefidump_build_dev_path(path, dev_path);
> + if (len > 0) {
> + dev_path = (fwts_uefi_dev_path*)((char *)dev_path + len);
> + path = uefidump_build_dev_path(path, dev_path);
> + }
> }
>
> return path;
>
Sorry, that was a duplicate send. Ignore the duplicate.
Colin
More information about the fwts-devel
mailing list