efi_loader: Trim output buffer size correctly for tee variables
authorIlias Apalodimas <ilias.apalodimas@linaro.org>
Tue, 21 Jul 2020 22:50:37 +0000 (01:50 +0300)
committerHeinrich Schuchardt <xypron.glpk@gmx.de>
Sat, 1 Aug 2020 09:57:41 +0000 (11:57 +0200)
The current code does not trim the output buffer correctly.
In fact it doesn't trim the buffer at all, since it calculates a wrong
value for it, which isn't even applied.
So let's remove the unused temporary size variable and trim the buffer
correctly.
Since we are editing efi_get_next_variable_name_int(), fix an indentation
error along the way.

Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Remove superfluous conversion to (u8 *) for memcpy argument.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib/efi_loader/efi_variable_tee.c

index 94c4de87034300f5015482cd68f21907fd3beb91..37fa5fef1db1867c9345c4cd5480e0ae022742e5 100644 (file)
@@ -410,7 +410,6 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
        efi_uintn_t payload_size;
        efi_uintn_t out_name_size;
        efi_uintn_t in_name_size;
-       efi_uintn_t tmp_dsize;
        u8 *comm_buf = NULL;
        efi_status_t ret;
 
@@ -433,13 +432,8 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
        }
 
        /* Trim output buffer size */
-       tmp_dsize = *variable_name_size;
-       if (in_name_size + tmp_dsize >
-                       max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE) {
-               tmp_dsize = max_payload_size -
-                               MM_VARIABLE_GET_NEXT_HEADER_SIZE -
-                               in_name_size;
-       }
+       if (out_name_size > max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE)
+               out_name_size = max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE;
 
        payload_size = MM_VARIABLE_GET_NEXT_HEADER_SIZE + out_name_size;
        comm_buf = setup_mm_hdr((void **)&var_getnext, payload_size,
@@ -465,8 +459,7 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
                goto out;
 
        guidcpy(guid, &var_getnext->guid);
-       memcpy(variable_name, (u8 *)var_getnext->name,
-              var_getnext->name_size);
+       memcpy(variable_name, var_getnext->name, var_getnext->name_size);
 
 out:
        free(comm_buf);