Bootxxxx variables are provided by the user and therefore cannot be trusted. We have to validate them before usage.
A device path provided by a Bootxxxx variable must have an end node within the indicated device path length. * Provide function efi_dp_check_length() to check the length of device paths. * Provide a unit test of the function. * Use the function in the boot manager to check device paths. Heinrich Schuchardt (4): include: kernel.h: define SSIZE_MAX efi_loader: efi_dp_check_length() test: unit test for efi_dp_check_length() efi_loader: validate device path length in boot manager include/efi_loader.h | 2 ++ include/linux/kernel.h | 3 ++ lib/efi_loader/efi_bootmgr.c | 6 ++-- lib/efi_loader/efi_device_path.c | 33 +++++++++++++++++++++ test/lib/Makefile | 1 + test/lib/efi_device_path.c | 50 ++++++++++++++++++++++++++++++++ 6 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 test/lib/efi_device_path.c -- 2.28.0