Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2693534pxj; Mon, 10 May 2021 08:40:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzeKS5vzk7iLVWBRNL1Mgb0mdrlQiob/LREzvbBm9Ju4+UU9fCiEMG6Z034fB+iOBDP+o78 X-Received: by 2002:a6b:d20e:: with SMTP id q14mr18733792iob.200.1620661253117; Mon, 10 May 2021 08:40:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620661253; cv=none; d=google.com; s=arc-20160816; b=vVMLg95m7NQ3jXKYi4XHQV0iG8TOkLByfvcuqYAcj0XTXHcpUKbZjeRyr7RD8/ZAnS mp9wEvNLMKHaQY8m3AO3I2yugJNE6HY0lxqmzCHgdH8BsilJeQCUVg1Cgx5h0AcW2Tpk pkLxkFyYUG62Frc0rQIBu5WAeC3upaFRhNcdCe1FOjkdruCxJdlsO8zOZLUpYfXKBzpc uFQviRxLgPiuJkrSvUOmjDU2xpQthD3F9kohV5wmu7D5KsvbOCIkHI0zTvfXr+AWkyrp SKV+6iafIcithtIgMWb5shw/v0ZA4ZbcwIChUlsJkmm716tikgO8OfNMKyuvj8fayE2r uEDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=2k0LqOK0N+oCR7hlRxPVEVtbvfLJ8CLeepE4bX6ZYpo=; b=CZVeNhu2tjZrjDl3CMRLDmZWO4nOjexdVxbmkcUjLzDbWKS/Qdhj8AxuQgOxbKr8PX n0slH9F5l2XaxrV9W9h+UHlA+zrsp1BC2HsvQX0vCBf0EqTtY+Hec1bKrkWh5TMgm6pA JGpRNyo7cLz/qSG8J/DvhBVZnA6+Kf1P4NmPpUW5/fWI0CzgwJGYPiW7neA5SY/2oaKQ QVQB+3KQGxy3qg8bMuwqpnDmprhMPo16miV09AaUIg1GWfxkxkRIfkqCHCL6hZkrBYTH bf1CT0zcE9/BPf62suoZN24VXy2TtYHTJe1zvRG/xNN77aCme201Hh8dhvitql6hg49Q wFtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="OF5j/FVp"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i23si15863778jam.97.2021.05.10.08.40.39; Mon, 10 May 2021 08:40:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="OF5j/FVp"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231174AbhEJPk0 (ORCPT + 99 others); Mon, 10 May 2021 11:40:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:58302 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234490AbhEJPju (ORCPT ); Mon, 10 May 2021 11:39:50 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D4A7D60FE4; Mon, 10 May 2021 15:38:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620661121; bh=1Zsl9SztvxaW6X5yybQdHiTY0J0WjKFNG3noiaEUXQQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=OF5j/FVpcPcGwdaOBA/s3TbLmd8a7l+K09QjFCyscBSuOGMFXXhv/feNa4mF+8ryo n0KzaCREFZN/zqNC0xENKxBaC4z7ZswREiNIH4NulcS7j1w1F/OCltsZY0oHDvX8Tj TLO1g1Ex2WMEFst6LKOZd2AaRFigXknWTGTR9kLhgIMUEQL1nEUBC2iddPhWI1oi8w LIdUX9kzzCDQP87ejxW0D8OOZ5SDsYp84QTmJOGtyReIOen0hC0E8UMWEQy3KLzokM NQWiIg9UcH+aedKbchBNJZEnIsh0JETNrqhEVC47yfEi/ptsvpguH7Qkxp91ph49pz TsmuJEa9ZFscg== Received: by mail-oi1-f179.google.com with SMTP id b25so10923321oic.0; Mon, 10 May 2021 08:38:41 -0700 (PDT) X-Gm-Message-State: AOAM531QBFCbxRDhHrhlOZIkAWNXUWQVJh2mcdDhlPffZvSzMsMRm46c XzyBMK3Kj1R1ipbruSX57zPPJGZRWLVBPTnYUbY= X-Received: by 2002:aca:4056:: with SMTP id n83mr26631363oia.47.1620661121088; Mon, 10 May 2021 08:38:41 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ard Biesheuvel Date: Mon, 10 May 2021 17:38:30 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] efi/libstub: prevent read overflow in find_file_option() To: Dan Carpenter Cc: Arvind Sankar , Philipp Fent , linux-efi , Linux Kernel Mailing List , kernel-janitors@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 23 Apr 2021 at 13:48, Dan Carpenter wrote: > > If the buffer has slashes up to the end then this will read past the end > of the array. I don't anticipate that this is an issue for many people > in real life, but it's the right thing to do and it makes static > checkers happy. > > Fixes: 7a88a6227dc7 ("efi/libstub: Fix path separator regression") > Signed-off-by: Dan Carpenter > --- > drivers/firmware/efi/libstub/file.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/firmware/efi/libstub/file.c b/drivers/firmware/efi/libstub/file.c > index 4e81c6077188..dd95f330fe6e 100644 > --- a/drivers/firmware/efi/libstub/file.c > +++ b/drivers/firmware/efi/libstub/file.c > @@ -103,7 +103,7 @@ static int find_file_option(const efi_char16_t *cmdline, int cmdline_len, > return 0; > > /* Skip any leading slashes */ > - while (cmdline[i] == L'/' || cmdline[i] == L'\\') > + while (i < cmdline_len && (cmdline[i] == L'/' || cmdline[i] == L'\\')) > i++; > > while (--result_len > 0 && i < cmdline_len) { > -- > 2.30.2 > Thanks Dan, I will queue this up.