efi_loader: fix efi_get_next_variable_name_mem()
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sun, 18 Dec 2022 06:08:57 +0000 (06:08 +0000)
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tue, 20 Dec 2022 15:06:48 +0000 (16:06 +0100)
The VariableNameSize parameter is in bytes but u16_strnlen() counts u16.

Fix the parameter check for null termination.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
include/efi_variable.h
lib/efi_loader/efi_var_mem.c

index 03a3ecb2359b874215f590548ef040f02ae91fef..805e6c5f1e08ce2de95e9f061a883b1691a0767b 100644 (file)
@@ -268,7 +268,8 @@ const efi_guid_t *efi_auth_var_get_guid(const u16 *name);
  * efi_get_next_variable_name_mem() - Runtime common code across efi variable
  *                                    implementations for GetNextVariable()
  *                                    from the cached memory copy
- * @variable_name_size:        size of variable_name buffer in byte
+ *
+ * @variable_name_size:        size of variable_name buffer in bytes
  * @variable_name:     name of uefi variable's name in u16
  * @vendor:            vendor's guid
  *
index 13909b1d263836f0c1625c7479f685ef7f03918c..0bac594e004d1f1011f8516cfa6bd61698e6a58a 100644 (file)
@@ -315,14 +315,14 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size,
                               u16 *variable_name, efi_guid_t *vendor)
 {
        struct efi_var_entry *var;
-       efi_uintn_t old_size;
+       efi_uintn_t len, old_size;
        u16 *pdata;
 
        if (!variable_name_size || !variable_name || !vendor)
                return EFI_INVALID_PARAMETER;
 
-       if (u16_strnlen(variable_name, *variable_name_size) ==
-           *variable_name_size)
+       len = *variable_name_size >> 1;
+       if (u16_strnlen(variable_name, len) == len)
                return EFI_INVALID_PARAMETER;
 
        if (!efi_var_mem_find(vendor, variable_name, &var) && *variable_name)