From: Jan Kiszka <[email protected]> This shall avoid bad surprises, specifically in the critical bootloader path in secure boot mode, when someone left unterminated garbage in an env file. Likely not exploitable, but you never know for sure...
Signed-off-by: Jan Kiszka <[email protected]> --- env/env_api_fat.c | 3 +++ env/fatvars.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/env/env_api_fat.c b/env/env_api_fat.c index a4d8393..886d2d2 100644 --- a/env/env_api_fat.c +++ b/env/env_api_fat.c @@ -86,6 +86,9 @@ bool read_env(CONFIG_PART *part, BG_ENVDATA *env) if (part->not_mounted) { unmount_partition(part); } + /* enforce NULL-termination of strings */ + env->kernelfile[ENV_STRING_LENGTH - 1] = 0; + env->kernelparams[ENV_STRING_LENGTH - 1] = 0; return result; } diff --git a/env/fatvars.c b/env/fatvars.c index 8a8e09e..ca15f5e 100644 --- a/env/fatvars.c +++ b/env/fatvars.c @@ -168,6 +168,10 @@ BG_STATUS load_config(BG_LOADER_PARAMS *bglp) * config */ result = BG_CONFIG_PARTIALLY_CORRUPTED; } + + /* enforce NULL-termination of strings */ + env[i].kernelfile[ENV_STRING_LENGTH - 1] = 0; + env[i].kernelparams[ENV_STRING_LENGTH - 1] = 0; } /* Find environment with latest revision and check if there is a test -- 2.34.1 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/2dcf40e4-7a5a-462d-19c7-5ab98ded364e%40siemens.com.
