[PATCH] uefi: uefirtvariable: catch a potential buffer overflow

[Colin King]

From: Colin Ian King <colin.king at canonical.com>

CoverityScan detected a potential buffer overflow if the returned
efi variable is larger than 10 bytes.  Silently truncate the var
size to the maximum size if it is too long - fwts has already
flagged up a failure that the variable size is wrong anyway, so
the silent truncate of an overly long variable is fine since the
user will know it is already the wrong size.  This truncation will
avoid the buffer overflow in the following byte comparison check.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
 src/uefi/uefirtauthvar/uefirtauthvar.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c
index 22c954b..e935de2 100644
--- a/src/uefi/uefirtauthvar/uefirtauthvar.c
+++ b/src/uefi/uefirtauthvar/uefirtauthvar.c
@@ -415,6 +415,10 @@ static int uefirtauthvar_test5(fwts_framework *fw)
 			"UEFIUpdateAuthVar",
 			"Get authenticated variable data size is not the "
 			"same as it set.");
+
+		/* Ensure we don't get a buffer overrun later on.. */
+		if (getdatasize > sizeof(AuthVarUpdateData))
+			getdatasize = sizeof(AuthVarUpdateData);
 	}
 
 	for (i = 0; i < getdatasize; i++) {
-- 
2.1.4