|
 |
4e0e09 |
From 9819ec7325089d325ff13af3c3d615209f3fb2c9 Mon Sep 17 00:00:00 2001
|
|
|
4e0e09 |
From: Peter Jones <pjones@redhat.com>
|
|
|
4e0e09 |
Date: Tue, 18 Jun 2019 15:54:58 -0400
|
|
|
4e0e09 |
Subject: [PATCH 39/63] Fix a case clang-analyzer found where we may try to
|
|
|
4e0e09 |
parse a NULL
|
|
|
4e0e09 |
|
|
|
4e0e09 |
I don't think this is something that can *actually* happen - it didn't
|
|
|
4e0e09 |
trigger before save_variable() was added, and the save_variable() path
|
|
|
4e0e09 |
that calls this calls validate_name() immediately prior to this call.
|
|
|
4e0e09 |
validate_name() calls exit() if it's NULL. But that's weird as well,
|
|
|
4e0e09 |
because that's the same pattern all the other users of parse_name() use.
|
|
|
4e0e09 |
|
|
|
4e0e09 |
Anyway, this patch expands validate_name() and moves it into
|
|
|
4e0e09 |
parse_name() so we don't need to call it from everywhere when we're just
|
|
|
4e0e09 |
calling the two in a row anyway.
|
|
|
4e0e09 |
|
|
|
4e0e09 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
4e0e09 |
---
|
|
|
4e0e09 |
src/efivar.c | 45 ++++++++++++++++++++++++++++++---------------
|
|
|
4e0e09 |
1 file changed, 30 insertions(+), 15 deletions(-)
|
|
|
4e0e09 |
|
|
|
4e0e09 |
diff --git a/src/efivar.c b/src/efivar.c
|
|
|
4e0e09 |
index 885a9af864b..8b1da8888f6 100644
|
|
|
4e0e09 |
--- a/src/efivar.c
|
|
|
4e0e09 |
+++ b/src/efivar.c
|
|
|
4e0e09 |
@@ -95,6 +95,34 @@ show_errors(void)
|
|
|
4e0e09 |
}
|
|
|
4e0e09 |
}
|
|
|
4e0e09 |
|
|
|
4e0e09 |
+static inline void
|
|
|
4e0e09 |
+validate_name(const char *name)
|
|
|
4e0e09 |
+{
|
|
|
4e0e09 |
+ if (name == NULL) {
|
|
|
4e0e09 |
+err:
|
|
|
4e0e09 |
+ warnx("Invalid variable name \"%s\"",
|
|
|
4e0e09 |
+ (name == NULL) ? "(null)" : name);
|
|
|
4e0e09 |
+ show_errors();
|
|
|
4e0e09 |
+ exit(1);
|
|
|
4e0e09 |
+ }
|
|
|
4e0e09 |
+ if (name[0] == '{') {
|
|
|
4e0e09 |
+ const char *next = strchr(name+1, '}');
|
|
|
4e0e09 |
+ if (!next)
|
|
|
4e0e09 |
+ goto err;
|
|
|
4e0e09 |
+ if (next[1] != '-')
|
|
|
4e0e09 |
+ goto err;
|
|
|
4e0e09 |
+ if (next[2] == '\000')
|
|
|
4e0e09 |
+ goto err;
|
|
|
4e0e09 |
+ } else {
|
|
|
4e0e09 |
+ if (strlen(name) < 38)
|
|
|
4e0e09 |
+ goto err;
|
|
|
4e0e09 |
+ if (name[8] != '-' || name[13] != '-' ||
|
|
|
4e0e09 |
+ name[18] != '-' || name[23] != '-' ||
|
|
|
4e0e09 |
+ name[36] != '-')
|
|
|
4e0e09 |
+ goto err;
|
|
|
4e0e09 |
+ }
|
|
|
4e0e09 |
+}
|
|
|
4e0e09 |
+
|
|
|
4e0e09 |
static void
|
|
|
4e0e09 |
list_all_variables(void)
|
|
|
4e0e09 |
{
|
|
|
4e0e09 |
@@ -124,6 +152,8 @@ parse_name(const char *guid_name, char **name, efi_guid_t *guid)
|
|
|
4e0e09 |
|
|
|
4e0e09 |
const char *left, *right;
|
|
|
4e0e09 |
|
|
|
4e0e09 |
+ validate_name(guid_name);
|
|
|
4e0e09 |
+
|
|
|
4e0e09 |
left = strchr(guid_name, '{');
|
|
|
4e0e09 |
right = strchr(guid_name, '}');
|
|
|
4e0e09 |
if (left && right) {
|
|
|
4e0e09 |
@@ -408,16 +438,6 @@ edit_variable(const char *guid_name, void *data, size_t data_size,
|
|
|
4e0e09 |
}
|
|
|
4e0e09 |
}
|
|
|
4e0e09 |
|
|
|
4e0e09 |
-static void
|
|
|
4e0e09 |
-validate_name(const char *name)
|
|
|
4e0e09 |
-{
|
|
|
4e0e09 |
- if (name == NULL) {
|
|
|
4e0e09 |
- fprintf(stderr, "Invalid variable name\n");
|
|
|
4e0e09 |
- show_errors();
|
|
|
4e0e09 |
- exit(1);
|
|
|
4e0e09 |
- }
|
|
|
4e0e09 |
-}
|
|
|
4e0e09 |
-
|
|
|
4e0e09 |
static void
|
|
|
4e0e09 |
prepare_data(const char *filename, uint8_t **data, size_t *data_size)
|
|
|
4e0e09 |
{
|
|
|
4e0e09 |
@@ -588,21 +608,17 @@ int main(int argc, char *argv[])
|
|
|
4e0e09 |
list_all_variables();
|
|
|
4e0e09 |
break;
|
|
|
4e0e09 |
case ACTION_PRINT:
|
|
|
4e0e09 |
- validate_name(guid_name);
|
|
|
4e0e09 |
show_variable(guid_name, SHOW_VERBOSE);
|
|
|
4e0e09 |
break;
|
|
|
4e0e09 |
case ACTION_PRINT_DEC | ACTION_PRINT:
|
|
|
4e0e09 |
- validate_name(guid_name);
|
|
|
4e0e09 |
show_variable(guid_name, SHOW_DECIMAL);
|
|
|
4e0e09 |
break;
|
|
|
4e0e09 |
case ACTION_APPEND | ACTION_PRINT:
|
|
|
4e0e09 |
- validate_name(guid_name);
|
|
|
4e0e09 |
prepare_data(infile, &data, &data_size);
|
|
|
4e0e09 |
edit_variable(guid_name, data, data_size, attributes,
|
|
|
4e0e09 |
EDIT_APPEND);
|
|
|
4e0e09 |
break;
|
|
|
4e0e09 |
case ACTION_WRITE | ACTION_PRINT:
|
|
|
4e0e09 |
- validate_name(guid_name);
|
|
|
4e0e09 |
prepare_data(infile, &data, &data_size);
|
|
|
4e0e09 |
edit_variable(guid_name, data, data_size, attributes,
|
|
|
4e0e09 |
EDIT_WRITE);
|
|
|
4e0e09 |
@@ -653,7 +669,6 @@ int main(int argc, char *argv[])
|
|
|
4e0e09 |
|
|
|
4e0e09 |
efi_variable_free(var, false);
|
|
|
4e0e09 |
} else {
|
|
|
4e0e09 |
- validate_name(guid_name);
|
|
|
4e0e09 |
save_variable(guid_name, outfile, dmpstore);
|
|
|
4e0e09 |
}
|
|
|
4e0e09 |
break;
|
|
|
4e0e09 |
--
|
|
|
4e0e09 |
2.26.2
|
|
|
4e0e09 |
|