From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Sun, 23 Sep 2018 02:08:09 +0000 (+0200)
Subject: efi_loader: avoid out of bound access in efi_get_variable()
X-Git-Tag: v2018.11-rc1~82^2~10
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=506dc52d5da1b6fea15da39904487c4b0218eaf2;p=oweals%2Fu-boot.git

efi_loader: avoid out of bound access in efi_get_variable()

In efi_get_variable() a string is longer than the allocated space which
results in overwriting the linked list of malloc().

The prefixes used for variables are 41 characters long, e.g.
efi_67029eb5-0af2-f6b1-da53-fcb566dd1ce6_

Change PREFIX_LEN to 41.

Fixes: faff21556748 ("efi_loader: remove limit on variable length")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 495738884b..a1313fa215 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -44,7 +44,7 @@
  * converted to utf16?
  */
 
-#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_"))
+#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_"))
 
 static int hex(int ch)
 {