[PATCH 1/2] efi_runtime: add chceking the len for reading userspace memory
Ivan Hu
ivan.hu at canonical.com
Tue Aug 9 06:29:30 UTC 2016
__ucs2_strsize may return zero when it cannot read userspace memory, and may
cause ZERO_SIZE_PTR dereference in copy_ucs2_from_user_len(). Add checking the
len before copy data from user space.
Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
---
efi_runtime/efi_runtime.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
index 1c4f9c4..86076d3 100644
--- a/efi_runtime/efi_runtime.c
+++ b/efi_runtime/efi_runtime.c
@@ -141,6 +141,8 @@ static inline int copy_ucs2_from_user(uint16_t **dst, uint16_t __user *src)
return -EFAULT;
len = __ucs2_strsize(src);
+ if (len == 0)
+ return -EFAULT;
return copy_ucs2_from_user_len(dst, src, len);
}
--
1.9.1
More information about the fwts-devel
mailing list