47 lines
1.5 KiB
Diff
47 lines
1.5 KiB
Diff
From 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef Mon Sep 17 00:00:00 2001
|
|
From: Eric Snowberg <eric.snowberg@oracle.com>
|
|
Date: Wed, 2 Nov 2022 10:39:43 -0600
|
|
Subject: [PATCH] load_cert_file: Fix stack issue
|
|
|
|
0214cd9cef5a fixes a NULL pointer dereference problem, it introduces two
|
|
new problems. First it incorrectly assumes li.FilePath is a string.
|
|
Second, it puts EFI_LOADED_IMAGE li on the stack. It has been found
|
|
that not all archectures can handle this being on the stack.
|
|
|
|
The shim_li variable will be setup properly from the read_image
|
|
call. Use the global shim_li variable instead when calling
|
|
verify_image.
|
|
|
|
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
|
|
---
|
|
shim.c | 6 +-----
|
|
1 file changed, 1 insertion(+), 5 deletions(-)
|
|
|
|
diff --git a/shim.c b/shim.c
|
|
index 27b74ce..0d919ce 100644
|
|
--- a/shim.c
|
|
+++ b/shim.c
|
|
@@ -1395,7 +1395,6 @@ EFI_STATUS
|
|
load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
|
|
{
|
|
EFI_STATUS efi_status;
|
|
- EFI_LOADED_IMAGE li;
|
|
PE_COFF_LOADER_IMAGE_CONTEXT context;
|
|
EFI_IMAGE_SECTION_HEADER *Section;
|
|
EFI_SIGNATURE_LIST *certlist;
|
|
@@ -1410,10 +1409,7 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
|
|
if (EFI_ERROR(efi_status))
|
|
return efi_status;
|
|
|
|
- memset(&li, 0, sizeof(li));
|
|
- memcpy(&li.FilePath[0], filename, MIN(StrSize(filename), sizeof(li.FilePath)));
|
|
-
|
|
- efi_status = verify_image(data, datasize, &li, &context);
|
|
+ efi_status = verify_image(data, datasize, shim_li, &context);
|
|
if (EFI_ERROR(efi_status))
|
|
return efi_status;
|
|
|
|
--
|
|
2.27.0
|
|
|