Date: Tue, 12 Dec 2017 19:26:24 +0000 (UTC) From: Warner Losh <imp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r326804 - head/usr.sbin/efibootmgr Message-ID: <201712121926.vBCJQOri026375@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: imp Date: Tue Dec 12 19:26:24 2017 New Revision: 326804 URL: https://svnweb.freebsd.org/changeset/base/326804 Log: Add sanity testing against maximum sane lengths for device paths for loader and kernel. CID: 1383608 Sponsored by: Netflix Modified: head/usr.sbin/efibootmgr/efibootmgr.c Modified: head/usr.sbin/efibootmgr/efibootmgr.c ============================================================================== --- head/usr.sbin/efibootmgr/efibootmgr.c Tue Dec 12 19:26:19 2017 (r326803) +++ head/usr.sbin/efibootmgr/efibootmgr.c Tue Dec 12 19:26:24 2017 (r326804) @@ -650,8 +650,14 @@ make_boot_var(const char *label, const char *loader, c kerneldp = NULL; } llen = efidp_size(loaderdp); + if (llen > MAX_DP_LEN) + errx(1, "Loader path too long."); klen = efidp_size(kerneldp); + if (klen > MAX_DP_LEN) + errx(1, "Kernel path too long."); dp = malloc(llen + klen); + if (dp == NULL) + errx(1, "Can't allocate memory for new device paths"); memcpy(dp, loaderdp, llen); if (kerneldp != NULL) memcpy((char *)dp + llen, kerneldp, klen);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712121926.vBCJQOri026375>