From: Gerd Hoffmann <[email protected]>
Fixes: CVE-2026-41439
Fixes: 3e33af2cb306 ("hw/uefi: add var-service-pkcs7.c")
Reported-by: Katherine Leaver <[email protected]>
Signed-off-by: Gerd Hoffmann <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 22b7b222d8f5428be8b5d4787f36efd0a0b75292)
Signed-off-by: Michael Tokarev <[email protected]>
diff --git a/hw/uefi/var-service-pkcs7.c b/hw/uefi/var-service-pkcs7.c
index 32accf4e44..f17ad6872f 100644
--- a/hw/uefi/var-service-pkcs7.c
+++ b/hw/uefi/var-service-pkcs7.c
@@ -73,7 +73,8 @@ static void wrap_pkcs7(gnutls_datum_t *pkcs7)
};
gnutls_datum_t wrap;
- if (pkcs7->data[4] == 0x06 &&
+ if (pkcs7->size > 16 &&
+ pkcs7->data[4] == 0x06 &&
pkcs7->data[5] == 0x09 &&
memcmp(pkcs7->data + 6, signed_data_oid, sizeof(signed_data_oid)) == 0
&&
pkcs7->data[15] == 0x0a &&
--
2.47.3
