From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Thu, 19 Nov 2020 18:40:08 +0000 (+0100)
Subject: efi_loader: parameter check in GetNextVariableName()
X-Git-Tag: v2021.10~424^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7e5875a85689d762bde58a587a7d531667358ee4;p=platform%2Fkernel%2Fu-boot.git

efi_loader: parameter check in GetNextVariableName()

If GetNextVariableName() is called with a non-existing combination of
VariableName and VendorGuid, return EFI_INVALID_PARAMETER.

If GetNextVariableName() is called with a string that is not zero
terminated, return EFI_INVALID_PARAMETER.

Reformat a line over 80 characters.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---

diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c
index 1d2b445..d155f25 100644
--- a/lib/efi_loader/efi_var_mem.c
+++ b/lib/efi_loader/efi_var_mem.c
@@ -304,8 +304,8 @@ efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attribut
 }
 
 efi_status_t __efi_runtime
-efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name,
-			       efi_guid_t *vendor)
+efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size,
+			       u16 *variable_name, efi_guid_t *vendor)
 {
 	struct efi_var_entry *var;
 	efi_uintn_t old_size;
@@ -314,7 +314,12 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_na
 	if (!variable_name_size || !variable_name || !vendor)
 		return EFI_INVALID_PARAMETER;
 
-	efi_var_mem_find(vendor, variable_name, &var);
+	if (u16_strnlen(variable_name, *variable_name_size) ==
+	    *variable_name_size)
+		return EFI_INVALID_PARAMETER;
+
+	if (!efi_var_mem_find(vendor, variable_name, &var) && *variable_name)
+		return EFI_INVALID_PARAMETER;
 
 	if (!var)
 		return EFI_NOT_FOUND;