Re: [PATCH 2/2] kernel-stub: fix nullptr deref on error getting boot part UUID

['Jan Kiszka' via EFI Boot Guard]

On 14.05.25 10:53, 'Felix Moessbauer' via EFI Boot Guard wrote:
> The caller of disk_get_part_uuid is responsible for checking the return
> value, as this function returns NULL in case of an error. This was not
> done, leading to a nullptr dereference on error.
> 
> We fix this by checking the return code. Further, we now issue a error
> message in case the UUID cannot be determined.
> 
> Fixes: 7c90e82 ("efi: implement systemd boot loader interface")
> Reported-by: Jan Kiszka <jan.kis...@siemens.com>
> Signed-off-by: Felix Moessbauer <felix.moessba...@siemens.com>
> ---
>  main.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)
> 
> diff --git a/main.c b/main.c
> index f0b9aa0..e19b1f9 100644
> --- a/main.c
> +++ b/main.c
> @@ -189,14 +189,18 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, 
> EFI_SYSTEM_TABLE *system_table)
>  
>       UINT16 *boot_medium_uuidstr =
>               disk_get_part_uuid(loaded_image->DeviceHandle);
> -     bg_interface_params.loader_device_part_uuid = boot_medium_uuidstr;
> -     status = set_bg_interface_vars(&bg_interface_params);
> -     if (EFI_ERROR(status)) {
> -             ERROR(L"Cannot set bootloader interface variables (%r)\n",
> -                     status);
> +     if (!boot_medium_uuidstr) {
> +             ERROR(L"Cannot get boot partition UUID\n");

Same here: WARNING, we are continuing.

> +     } else {
> +             bg_interface_params.loader_device_part_uuid = 
> boot_medium_uuidstr;
> +             status = set_bg_interface_vars(&bg_interface_params);
> +             if (EFI_ERROR(status)) {
> +                     ERROR(L"Cannot set bootloader interface variables 
> (%r)\n",
> +                             status);
> +             }
> +             INFO(L"LoaderDevicePartUUID=%s\n", boot_medium_uuidstr);
> +             FreePool(boot_medium_uuidstr);
>       }
> -     INFO(L"LoaderDevicePartUUID=%s\n", boot_medium_uuidstr);
> -     FreePool(boot_medium_uuidstr);
>       FreePool(payload_dev_path);
>       FreePool(boot_medium_path);
>  

I'm still wondering, though, what could be the root causes for any of
those to fail, specifically failing to set the variable (this is what we
most likely saw in the field).

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center

-- 
You received this message because you are subscribed to the Google Groups "EFI 
Boot Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to efibootguard-dev+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/efibootguard-dev/ee79583f-6162-48bf-8815-ed1b2ef6b2ec%40siemens.com.