From 53e1d8fae8ccf24a1b91929a6d5e74d4cef18eb1 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Wed, 14 Aug 2019 05:19:37 +0200
Subject: [PATCH] efi_loader: parameter check in SetVirtualAddressMap

Check the parameters DescriptorSize and DescriptiorVersion of
SetVirtualAddressMap() as prescribed by the UEFI specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_runtime.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c
index fb24131462..54e5a98bfc 100644
--- a/lib/efi_loader/efi_runtime.c
+++ b/lib/efi_loader/efi_runtime.c
@@ -641,12 +641,17 @@ static efi_status_t EFIAPI efi_set_virtual_address_map(
 {
 	efi_uintn_t n = memory_map_size / descriptor_size;
 	efi_uintn_t i;
+	efi_status_t ret = EFI_INVALID_PARAMETER;
 	int rt_code_sections = 0;
 	struct efi_event *event;
 
 	EFI_ENTRY("%zx %zx %x %p", memory_map_size, descriptor_size,
 		  descriptor_version, virtmap);
 
+	if (descriptor_version != EFI_MEMORY_DESCRIPTOR_VERSION ||
+	    descriptor_size < sizeof(struct efi_mem_desc))
+		goto out;
+
 	efi_virtmap = virtmap;
 	efi_descriptor_size = descriptor_size;
 	efi_descriptor_count = n;
@@ -677,7 +682,7 @@ static efi_status_t EFIAPI efi_set_virtual_address_map(
 		 * We expose exactly one single runtime code section, so
 		 * something is definitely going wrong.
 		 */
-		return EFI_EXIT(EFI_INVALID_PARAMETER);
+		goto out;
 	}
 
 	/* Notify EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE */
@@ -738,11 +743,13 @@ static efi_status_t EFIAPI efi_set_virtual_address_map(
 
 			efi_relocate_runtime_table(new_offset);
 			efi_runtime_relocate(new_offset, map);
-			return EFI_EXIT(EFI_SUCCESS);
+			ret = EFI_SUCCESS;
+			goto out;
 		}
 	}
 
-	return EFI_EXIT(EFI_INVALID_PARAMETER);
+out:
+	return EFI_EXIT(ret);
 }
 
 /**
-- 
2.25.1