arrfab / rpms / shim-signed

Forked from rpms/shim-signed 5 years ago
Clone

Blame SOURCES/0001-Fix-the-potential-buffer-overflow.patch

89397c
From 1313fa02a5b2bfe61ee6702696600fc148ec2d6e Mon Sep 17 00:00:00 2001
89397c
From: Gary Ching-Pang Lin <glin@suse.com>
89397c
Date: Tue, 4 Nov 2014 15:50:03 +0800
f928ec
Subject: [PATCH 01/10] Fix the potential buffer overflow
89397c
89397c
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
89397c
---
89397c
 src/mokutil.c | 5 ++---
89397c
 1 file changed, 2 insertions(+), 3 deletions(-)
89397c
89397c
diff --git a/src/mokutil.c b/src/mokutil.c
f928ec
index 5b34f22fd98..93fb6fabcab 100644
89397c
--- a/src/mokutil.c
89397c
+++ b/src/mokutil.c
89397c
@@ -1743,7 +1743,7 @@ set_toggle (const char * VarName, uint32_t state)
89397c
 	MokToggleVar tvar;
89397c
 	char *password = NULL;
89397c
 	unsigned int pw_len;
89397c
-	efi_char16_t efichar_pass[SB_PASSWORD_MAX];
89397c
+	efi_char16_t efichar_pass[SB_PASSWORD_MAX+1];
89397c
 	int ret = -1;
89397c
 
89397c
 	printf ("password length: %d~%d\n", SB_PASSWORD_MIN, SB_PASSWORD_MAX);
89397c
@@ -1757,8 +1757,7 @@ set_toggle (const char * VarName, uint32_t state)
89397c
 	efichar_from_char (efichar_pass, password,
89397c
 			   SB_PASSWORD_MAX * sizeof(efi_char16_t));
89397c
 
89397c
-	memcpy(tvar.password, efichar_pass,
89397c
-	       SB_PASSWORD_MAX * sizeof(efi_char16_t));
89397c
+	memcpy(tvar.password, efichar_pass, sizeof(tvar.password));
89397c
 
89397c
 	tvar.mok_toggle_state = state;
89397c
 
89397c
-- 
f928ec
2.17.1
89397c