ACK: [PATCH] uefi: uefidump: add some guarding on allocation size

Alex Hung alex.hung at canonical.com
Mon Nov 13 03:06:07 UTC 2017 

On 2017-11-09 08:35 PM, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
> 
> Static analysis with CoverityScan is warning about a possible allocation
> of an untrusted size calculated from u->dev_path.length.  Add some extra
> checking on this.  This does not remove the warning but I'm sure it's as
> good as we can to check untrusted data warnings from CoverityScan.
> Also remove a whitespace.
> 
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
>   src/uefi/uefidump/uefidump.c | 17 ++++++++++-------
>   1 file changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
> index f73ed6e1..55ce7f23 100644
> --- a/src/uefi/uefidump/uefidump.c
> +++ b/src/uefi/uefidump/uefidump.c
> @@ -434,18 +434,21 @@ static char *uefidump_build_dev_path(char *path, fwts_uefi_dev_path *dev_path, c
>   				uint16_t len = u->dev_path.length[0] | (((uint16_t)u->dev_path.length[1]) << 8);
>   				path = uefidump_vprintf(path, "\\USBWWID(0x%" PRIx16 ",0x%" PRIx16 ",0x%" PRIx16,
>   					u->interface_num, u->vendor_id, u->product_id);
> +				ssize_t sz;
>   
>   				/* Adding Serial Number */
> -
>   				if (len <= sizeof(fwts_uefi_usb_wwid_dev_path)) {
>   					path = uefidump_vprintf(path, ")");
>   					break;
>   				}
> -				tmp = malloc((len - sizeof(fwts_uefi_usb_wwid_dev_path))/sizeof(uint16_t) + 1);
> -				if (tmp) {	
> -					fwts_uefi_str16_to_str(tmp, (len - sizeof(fwts_uefi_usb_wwid_dev_path))/sizeof(uint16_t) + 1, u->serial_number);
> -					path = uefidump_vprintf(path, ",%s", tmp);
> -					free(tmp);
> +				sz = ((ssize_t)len - sizeof(fwts_uefi_usb_wwid_dev_path)) / sizeof(uint16_t) + 1;
> +				if ((sz > 0) && (sz <= 0xffff)) {
> +					tmp = malloc(sz);
> +					if (tmp) {
> +						fwts_uefi_str16_to_str(tmp, sz, u->serial_number);
> +						path = uefidump_vprintf(path, ",%s", tmp);
> +						free(tmp);
> +					}
>   				}
>   				path = uefidump_vprintf(path, ")");
>   			}
> @@ -1271,7 +1274,7 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v
>   		return;
>   
>   	do {
> -		fwts_uefi_signature_list *signature_list =
> +		fwts_uefi_signature_list *signature_list =
>   			(fwts_uefi_signature_list *)(var->data + list_start);
>   		const char *str = "Unknown GUID";
>   		size_t offset = 0;
> 

Acked-by: Alex Hung <alex.hung at canonical.com>

More information about the fwts-devel mailing list