Re: [U-Boot] [PATCH 07/15] efi_loader: remove limit on variable length

26 Aug 2018

On 08/26/2018 08:13 PM, Alexander Graf wrote:
...
On 11.08.18 17:28, Heinrich Schuchardt wrote:
...
The EFI spec does not provide a length limit for variables.
Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de
lib/efi_loader/efi_variable.c | 52 ++++++++++++++++++++---------------
 1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 770c67abb9..495738884b 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -44,10 +44,7 @@

converted to utf16?

*/
-#define MAX_VAR_NAME 31
-#define MAX_NATIVE_VAR_NAME \

(strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_") + \
(MAX_VAR_NAME * MAX_UTF8_PER_UTF16))



+#define PREFIX_LEN (strlen("efi_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx_"))
static int hex(int ch)
 {
@@ -101,18 +98,20 @@ static char *mem2hex(char *hexstr, const u8 *mem, int count)
   return hexstr;
 }
-static efi_status_t efi_to_native(char *native, u16 *variable_name,
+static efi_status_t efi_to_native(char **native, const u16 *variable_name,
   			  efi_guid_t *vendor)
 {
   size_t len;

char *pos;


len = u16_strlen((u16 *)variable_name);
if (len >= MAX_VAR_NAME)
return EFI_DEVICE_ERROR;




len = PREFIX_LEN + utf16_utf8_strlen(variable_name) + 1;
*native = malloc(len);
if (!*native)
return EFI_OUT_OF_RESOURCES;





native += sprintf(native, "efi_%pUl_", vendor);
native  = (char *)utf16_to_utf8((u8 *)native, (u16 *)variable_name, len);
*native = '\0';


pos = *native;

pos += sprintf(pos, "efi_%pUl_", vendor);

utf16_utf8_strcpy(&pos, variable_name);
return EFI_SUCCESS;


}
@@ -168,7 +167,7 @@ efi_status_t EFIAPI efi_get_variable(u16 *variable_name, efi_guid_t *vendor,
   			     u32 *attributes, efi_uintn_t *data_size,
   			     void *data)
 {

char native_name[MAX_NATIVE_VAR_NAME + 1];


char *native_name;

I think you want to predefine this to = NULL to make sure that an error
path doesn't give you uninitialized values on free().
efi_to_native() returns EFI_OUT_OF_RESOURCES if the pointer cannot be
assigned and the return value is checked. So how should I reach
free(native_name) in this case?
Best regards
Heinrich
...
Alex

    