efi_loader: fix efi_get_next_variable_name_mem()

The VariableNameSize parameter is in bytes but u16_strnlen() counts u16.

Fix the parameter check for null termination.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

diff --git a/include/efi_variable.h b/include/efi_variable.h
index 03a3ecb..805e6c5 100644 (file)
--- a/include/efi_variable.h
+++ b/include/efi_variable.h
@@ -268,7 +268,8 @@ const efi_guid_t *efi_auth_var_get_guid(const u16 *name);
  * efi_get_next_variable_name_mem() - Runtime common code across efi variable
  *                                    implementations for GetNextVariable()
  *                                    from the cached memory copy
- * @variable_name_size:        size of variable_name buffer in byte
+ *
+ * @variable_name_size:        size of variable_name buffer in bytes
  * @variable_name:     name of uefi variable's name in u16
  * @vendor:            vendor's guid
  *

diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c
index 13909b1..0bac594 100644 (file)
--- a/lib/efi_loader/efi_var_mem.c
+++ b/lib/efi_loader/efi_var_mem.c
@@ -315,14 +315,14 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size,
                               u16 *variable_name, efi_guid_t *vendor)
 {
        struct efi_var_entry *var;
-       efi_uintn_t old_size;
+       efi_uintn_t len, old_size;
        u16 *pdata;
 
        if (!variable_name_size || !variable_name || !vendor)
                return EFI_INVALID_PARAMETER;
 
-       if (u16_strnlen(variable_name, *variable_name_size) ==
-           *variable_name_size)
+       len = *variable_name_size >> 1;
+       if (u16_strnlen(variable_name, len) == len)
                return EFI_INVALID_PARAMETER;
 
        if (!efi_var_mem_find(vendor, variable_name, &var) && *variable_name)