efi/libstub: prevent read overflow in find_file_option()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If the buffer has slashes up to the end then this will read past the end
of the array. I don't anticipate that this is an issue for many people
in real life, but it's the right thing to do and it makes static
checkers happy.

Fixes: 7a88a6227dc7 ("efi/libstub: Fix path separator regression")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

authored by

Dan Carpenter and committed by

Ard Biesheuvel 4 years ago c4039b29 45add3cc

+1 -1

1 changed file

expand all

drivers

firmware

efi

libstub

file.c

+1 -1

drivers/firmware/efi/libstub/file.c

··· 103 103 return 0; 104 104 105 105 /* Skip any leading slashes */ 106 - while (cmdline[i] == L'/' || cmdline[i] == L'\\') 106 + while (i < cmdline_len && (cmdline[i] == L'/' || cmdline[i] == L'\\')) 107 107 i++; 108 108 109 109 while (--result_len > 0 && i < cmdline_len) {