tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

loader/efi/linux: Do not pass excessive size for source string

Browse Source 
The size passed to grub_utf8_to_utf16() for the source string is
used as a limit for the string if NUL character is not encountered.
However, len, which is "strlen(src) * 2 + 2" is surely greater than
strlen(src). Pass the exact correct length.

Signed-off-by: Frediano Ziglio <frediano.ziglio@cloud.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Frediano Ziglio 2025-06-25 14:42:40 +01:00 committed by Daniel Kiper
parent 8c8f966643
commit de4e8e2aa6
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
grub-core/loader/efi/linux.c
View File

@ -191,6 +191,7 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
grub_efi_status_t status;
grub_efi_loaded_image_t *loaded_image;
int len;
grub_size_t args_len;
mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t));
if (!mempath)
@ -223,7 +224,8 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
grub_error (GRUB_ERR_BAD_FIRMWARE, "missing loaded_image proto");
goto unload;
}
len = (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t);
args_len = grub_strlen (args);
len = (args_len + 1) * sizeof (grub_efi_char16_t);
loaded_image->load_options =
grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (len));
if (!loaded_image->load_options)
@ -231,7 +233,7 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args)
loaded_image->load_options_size =
2 * grub_utf8_to_utf16 (loaded_image->load_options, len,
(grub_uint8_t *) args, len, NULL);
(grub_uint8_t *) args, args_len, NULL);
grub_dprintf ("linux", "starting image %p\n", image_handle);
status = b->start_image (image_handle, 0, NULL);