ACK: [PATCH 1/2] efi_runtime: add chceking the len for reading userspace memory
Colin Ian King
colin.king at canonical.com
Thu Aug 11 08:50:29 UTC 2016
On 09/08/16 07:29, Ivan Hu wrote:
> __ucs2_strsize may return zero when it cannot read userspace memory, and may
> cause ZERO_SIZE_PTR dereference in copy_ucs2_from_user_len(). Add checking the
> len before copy data from user space.
>
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
> efi_runtime/efi_runtime.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/efi_runtime/efi_runtime.c b/efi_runtime/efi_runtime.c
> index 1c4f9c4..86076d3 100644
> --- a/efi_runtime/efi_runtime.c
> +++ b/efi_runtime/efi_runtime.c
> @@ -141,6 +141,8 @@ static inline int copy_ucs2_from_user(uint16_t **dst, uint16_t __user *src)
> return -EFAULT;
>
> len = __ucs2_strsize(src);
> + if (len == 0)
> + return -EFAULT;
> return copy_ucs2_from_user_len(dst, src, len);
> }
>
>
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the fwts-devel
mailing list