[PATCH] Always terminate strings read from env files
3 views
Skip to first unread message
Jan Kiszka
Feb 22, 2022, 12:28:39 PM2/22/22
to efibootguard-dev
From: Jan Kiszka <jan.k...@siemens.com>
This shall avoid bad surprises, specifically in the critical bootloader
path in secure boot mode, when someone left unterminated garbage in an
env file. Likely not exploitable, but you never know for sure...
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
env/env_api_fat.c | 3 +++
env/fatvars.c | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/env/env_api_fat.c b/env/env_api_fat.c
index a4d8393..886d2d2 100644
--- a/env/env_api_fat.c
+++ b/env/env_api_fat.c
@@ -86,6 +86,9 @@ bool read_env(CONFIG_PART *part, BG_ENVDATA *env)
if (part->not_mounted) {
unmount_partition(part);
}
+ /* enforce NULL-termination of strings */
+ env->kernelfile[ENV_STRING_LENGTH - 1] = 0;
+ env->kernelparams[ENV_STRING_LENGTH - 1] = 0;
return result;
}
diff --git a/env/fatvars.c b/env/fatvars.c
index 8a8e09e..ca15f5e 100644
--- a/env/fatvars.c
+++ b/env/fatvars.c
@@ -168,6 +168,10 @@ BG_STATUS load_config(BG_LOADER_PARAMS *bglp)
* config */
result = BG_CONFIG_PARTIALLY_CORRUPTED;
}
+
+ /* enforce NULL-termination of strings */
+ env[i].kernelfile[ENV_STRING_LENGTH - 1] = 0;
+ env[i].kernelparams[ENV_STRING_LENGTH - 1] = 0;
}
/* Find environment with latest revision and check if there is a test
--
2.34.1
This shall avoid bad surprises, specifically in the critical bootloader
path in secure boot mode, when someone left unterminated garbage in an
env file. Likely not exploitable, but you never know for sure...
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
env/env_api_fat.c | 3 +++
env/fatvars.c | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/env/env_api_fat.c b/env/env_api_fat.c
index a4d8393..886d2d2 100644
--- a/env/env_api_fat.c
+++ b/env/env_api_fat.c
@@ -86,6 +86,9 @@ bool read_env(CONFIG_PART *part, BG_ENVDATA *env)
if (part->not_mounted) {
unmount_partition(part);
}
+ /* enforce NULL-termination of strings */
+ env->kernelfile[ENV_STRING_LENGTH - 1] = 0;
+ env->kernelparams[ENV_STRING_LENGTH - 1] = 0;
return result;
}
diff --git a/env/fatvars.c b/env/fatvars.c
index 8a8e09e..ca15f5e 100644
--- a/env/fatvars.c
+++ b/env/fatvars.c
@@ -168,6 +168,10 @@ BG_STATUS load_config(BG_LOADER_PARAMS *bglp)
* config */
result = BG_CONFIG_PARTIALLY_CORRUPTED;
}
+
+ /* enforce NULL-termination of strings */
+ env[i].kernelfile[ENV_STRING_LENGTH - 1] = 0;
+ env[i].kernelparams[ENV_STRING_LENGTH - 1] = 0;
}
/* Find environment with latest revision and check if there is a test
--
2.34.1
Reply all
Reply to author
Forward
0 new messages