tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull EFI fix from Ingo Molnar:
"This fixes a bug in the efivars code"

* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
efi: Fix out-of-bounds read in variable_matches()

Linus Torvalds 8f3603a2 ba14e961

+26 -11
+26 -11
drivers/firmware/efi/vars.c
··· 202 202 { NULL_GUID, "", NULL }, 203 203 }; 204 204 205 + /* 206 + * Check if @var_name matches the pattern given in @match_name. 207 + * 208 + * @var_name: an array of @len non-NUL characters. 209 + * @match_name: a NUL-terminated pattern string, optionally ending in "*". A 210 + * final "*" character matches any trailing characters @var_name, 211 + * including the case when there are none left in @var_name. 212 + * @match: on output, the number of non-wildcard characters in @match_name 213 + * that @var_name matches, regardless of the return value. 214 + * @return: whether @var_name fully matches @match_name. 215 + */ 205 216 static bool 206 217 variable_matches(const char *var_name, size_t len, const char *match_name, 207 218 int *match) 208 219 { 209 220 for (*match = 0; ; (*match)++) { 210 221 char c = match_name[*match]; 211 - char u = var_name[*match]; 212 222 213 - /* Wildcard in the matching name means we've matched */ 214 - if (c == '*') 223 + switch (c) { 224 + case '*': 225 + /* Wildcard in @match_name means we've matched. */ 215 226 return true; 216 227 217 - /* Case sensitive match */ 218 - if (!c && *match == len) 219 - return true; 228 + case '\0': 229 + /* @match_name has ended. Has @var_name too? */ 230 + return (*match == len); 220 231 221 - if (c != u) 232 + default: 233 + /* 234 + * We've reached a non-wildcard char in @match_name. 235 + * Continue only if there's an identical character in 236 + * @var_name. 237 + */ 238 + if (*match < len && c == var_name[*match]) 239 + continue; 222 240 return false; 223 - 224 - if (!c) 225 - return true; 241 + } 226 242 } 227 - return true; 228 243 } 229 244 230 245 bool