| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jul 2016 15:38:13 +0100 From: Matt Fleming <matt@...eblueprint.co.uk> To: Colin King <colin.king@...onical.com> Cc: "H . Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, x86@...nel.org, linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] x86/efi: initialize status to ensure garbage is not returned on small size On Wed, 20 Jul, at 11:11:06AM, Colin Ian King wrote: > From: Colin Ian King <colin.king@...onical.com> > > Although very unlikey, if size is too small or zero, then we end up with > status not being set and returning garbage. Instead, initializing status to > EFI_INVALID_PARAMETER to indicate that size is invalid in the calls to > setup_uga32 and setup_uga64. > > Signed-off-by: Colin Ian King <colin.king@...onical.com> > --- > arch/x86/boot/compressed/eboot.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c > index ff574da..ec6d2ef 100644 > --- a/arch/x86/boot/compressed/eboot.c > +++ b/arch/x86/boot/compressed/eboot.c > @@ -578,7 +578,7 @@ setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height) > efi_guid_t uga_proto = EFI_UGA_PROTOCOL_GUID; > unsigned long nr_ugas; > u32 *handles = (u32 *)uga_handle;; > - efi_status_t status; > + efi_status_t status = EFI_INVALID_PARAMETER; > int i; > > first_uga = NULL; > @@ -623,7 +623,7 @@ setup_uga64(void **uga_handle, unsigned long size, u32 *width, u32 *height) > efi_guid_t uga_proto = EFI_UGA_PROTOCOL_GUID; > unsigned long nr_ugas; > u64 *handles = (u64 *)uga_handle;; > - efi_status_t status; > + efi_status_t status = EFI_INVALID_PARAMETER; > int i; > > first_uga = NULL; Can this ever happen in practice? This would imply that locate_protocol() found EFI_UGA_PROTOCOL_GUID but that the size returned is utterly bogus? If so, I have no problem applying the patch but want to make sure we're not tricking ourselves into thinking we're being protected from something when we're not.
Powered by blists - more mailing lists