You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.3 KiB
90 lines
2.3 KiB
From 62e8de172dfa707990e3f2721954290499c0e14f Mon Sep 17 00:00:00 2001 |
|
From: Peter Jones <pjones@redhat.com> |
|
Date: Mon, 1 May 2017 14:54:15 -0400 |
|
Subject: [PATCH 10/22] efidp_append_path(): error check the right variable. |
|
|
|
We do lsz=efidp_size(dp); rsz=efidp_size(dn); and then we error check |
|
lsz twice. One should be rsz. |
|
|
|
We also actually do the whole thing with lsz twice anyway, and fail to |
|
check that dp isn't NULL first. |
|
|
|
We're also not error checking that the buffer from our addition is |
|
actually large enough to hold something meaningful. So do that too. |
|
|
|
None of that is right, so fix it. |
|
|
|
Covscan completely failed to notice this, but complained about something |
|
irrelevant later on in the code that's a result. |
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com> |
|
--- |
|
src/dp.c | 26 +++++++++++++++++++------- |
|
1 file changed, 19 insertions(+), 7 deletions(-) |
|
|
|
diff --git a/src/dp.c b/src/dp.c |
|
index e9a257e..e700af9 100644 |
|
--- a/src/dp.c |
|
+++ b/src/dp.c |
|
@@ -139,7 +139,7 @@ efidp_append_path(const_efidp dp0, const_efidp dp1, efidp *out) |
|
} |
|
|
|
rsz = efidp_size(dp1); |
|
- if (lsz < 0) { |
|
+ if (rsz < 0) { |
|
efi_error("efidp_size(dp1) returned error"); |
|
return -1; |
|
} |
|
@@ -166,6 +166,13 @@ efidp_append_path(const_efidp dp0, const_efidp dp1, efidp *out) |
|
efi_error("arithmetic overflow computing allocation size"); |
|
return -1; |
|
} |
|
+ |
|
+ if (newsz < (ssize_t)sizeof(efidp_header)) { |
|
+ errno = EINVAL; |
|
+ efi_error("allocation for new device path is smaller than device path header."); |
|
+ return -1; |
|
+ } |
|
+ |
|
new = malloc(newsz); |
|
if (!new) { |
|
efi_error("allocation failed"); |
|
@@ -195,10 +202,11 @@ efidp_append_node(const_efidp dp, const_efidp dn, efidp *out) |
|
return rc; |
|
} |
|
|
|
- lsz = efidp_size(dp); |
|
- if (lsz < 0) { |
|
- efi_error("efidp_size(dp) returned error"); |
|
- return -1; |
|
+ if (!dp && dn) { |
|
+ rc = efidp_duplicate_path(dn, out); |
|
+ if (rc < 0) |
|
+ efi_error("efidp_duplicate_path() failed"); |
|
+ return rc; |
|
} |
|
|
|
if (dp && !dn) { |
|
@@ -209,13 +217,17 @@ efidp_append_node(const_efidp dp, const_efidp dn, efidp *out) |
|
} |
|
|
|
lsz = efidp_size(dp); |
|
- if (lsz < 0) |
|
+ if (lsz < 0) { |
|
+ efi_error("efidp_size(dp) returned error"); |
|
return -1; |
|
+ } |
|
|
|
|
|
rsz = efidp_node_size(dn); |
|
- if (rsz < 0) |
|
+ if (rsz < 0) { |
|
+ efi_error("efidp_size(dn) returned error"); |
|
return -1; |
|
+ } |
|
|
|
if (!dp && dn) { |
|
if (add(rsz, sizeof(end_entire), &newsz)) { |
|
-- |
|
2.12.2 |
|
|
|
|