[PATCH] uefi: uefirtvariable: catch a potential buffer overflow
ivanhu
ivan.hu at canonical.com
Thu Mar 5 03:34:21 UTC 2015
On 2015年03月04日 17:45, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> CoverityScan detected a potential buffer overflow if the returned
> efi variable is larger than 10 bytes. Silently truncate the var
> size to the maximum size if it is too long - fwts has already
> flagged up a failure that the variable size is wrong anyway, so
> the silent truncate of an overly long variable is fine since the
> user will know it is already the wrong size. This truncation will
> avoid the buffer overflow in the following byte comparison check.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
> src/uefi/uefirtauthvar/uefirtauthvar.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/uefi/uefirtauthvar/uefirtauthvar.c b/src/uefi/uefirtauthvar/uefirtauthvar.c
> index 22c954b..e935de2 100644
> --- a/src/uefi/uefirtauthvar/uefirtauthvar.c
> +++ b/src/uefi/uefirtauthvar/uefirtauthvar.c
> @@ -415,6 +415,10 @@ static int uefirtauthvar_test5(fwts_framework *fw)
> "UEFIUpdateAuthVar",
> "Get authenticated variable data size is not the "
> "same as it set.");
> +
> + /* Ensure we don't get a buffer overrun later on.. */
> + if (getdatasize > sizeof(AuthVarUpdateData))
> + getdatasize = sizeof(AuthVarUpdateData);
> }
>
> for (i = 0; i < getdatasize; i++) {
Hi Colin,
Thanks for fixing this, I believe it is caused by that I forgot to
return FWTS_ERROR.
When the test found that getting the test data is not the same as it
set, it fails the test.
I'll send out the patch the return error to avoid the CoverityScan
complaint.
Cheers,
Ivan
More information about the fwts-devel
mailing list