* [PATCH] efi_loader: Trim output buffer size correctly for tee variables
@ 2020-07-21 22:50 Ilias Apalodimas
2020-07-22 18:02 ` Heinrich Schuchardt
0 siblings, 1 reply; 2+ messages in thread
From: Ilias Apalodimas @ 2020-07-21 22:50 UTC (permalink / raw)
To: u-boot
The current code does not trim the output buffer correctly.
In fact it doesn't trim the buffer at all, since it calculates a wrong
value for it, which isn't even applied.
So let's remove the unused temporary size variable and trim the buffer
correctly.
Since we are editing efi_get_next_variable_name_int(), fix an indentation
error along the way.
Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
lib/efi_loader/efi_variable_tee.c | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
index c0423489388a..0e5b4479d936 100644
--- a/lib/efi_loader/efi_variable_tee.c
+++ b/lib/efi_loader/efi_variable_tee.c
@@ -410,7 +410,6 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
efi_uintn_t payload_size;
efi_uintn_t out_name_size;
efi_uintn_t in_name_size;
- efi_uintn_t tmp_dsize;
u8 *comm_buf = NULL;
efi_status_t ret;
@@ -433,13 +432,8 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
}
/* Trim output buffer size */
- tmp_dsize = *variable_name_size;
- if (in_name_size + tmp_dsize >
- max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE) {
- tmp_dsize = max_payload_size -
- MM_VARIABLE_GET_NEXT_HEADER_SIZE -
- in_name_size;
- }
+ if (out_name_size > max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE)
+ out_name_size = max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE;
payload_size = MM_VARIABLE_GET_NEXT_HEADER_SIZE + out_name_size;
comm_buf = setup_mm_hdr((void **)&var_getnext, payload_size,
@@ -465,8 +459,7 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
goto out;
guidcpy(guid, &var_getnext->guid);
- memcpy(variable_name, (u8 *)var_getnext->name,
- var_getnext->name_size);
+ memcpy(variable_name, (u8 *)var_getnext->name, var_getnext->name_size);
out:
free(comm_buf);
--
2.28.0.rc1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH] efi_loader: Trim output buffer size correctly for tee variables
2020-07-21 22:50 [PATCH] efi_loader: Trim output buffer size correctly for tee variables Ilias Apalodimas
@ 2020-07-22 18:02 ` Heinrich Schuchardt
0 siblings, 0 replies; 2+ messages in thread
From: Heinrich Schuchardt @ 2020-07-22 18:02 UTC (permalink / raw)
To: u-boot
On 22.07.20 00:50, Ilias Apalodimas wrote:
> The current code does not trim the output buffer correctly.
> In fact it doesn't trim the buffer at all, since it calculates a wrong
> value for it, which isn't even applied.
> So let's remove the unused temporary size variable and trim the buffer
> correctly.
> Since we are editing efi_get_next_variable_name_int(), fix an indentation
> error along the way.
>
> Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE")
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> ---
> lib/efi_loader/efi_variable_tee.c | 13 +++----------
> 1 file changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
> index c0423489388a..0e5b4479d936 100644
> --- a/lib/efi_loader/efi_variable_tee.c
> +++ b/lib/efi_loader/efi_variable_tee.c
> @@ -410,7 +410,6 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
> efi_uintn_t payload_size;
> efi_uintn_t out_name_size;
> efi_uintn_t in_name_size;
> - efi_uintn_t tmp_dsize;
> u8 *comm_buf = NULL;
> efi_status_t ret;
>
> @@ -433,13 +432,8 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
> }
>
> /* Trim output buffer size */
> - tmp_dsize = *variable_name_size;
> - if (in_name_size + tmp_dsize >
> - max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE) {
> - tmp_dsize = max_payload_size -
> - MM_VARIABLE_GET_NEXT_HEADER_SIZE -
> - in_name_size;
> - }
> + if (out_name_size > max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE)
> + out_name_size = max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE;
>
> payload_size = MM_VARIABLE_GET_NEXT_HEADER_SIZE + out_name_size;
> comm_buf = setup_mm_hdr((void **)&var_getnext, payload_size,
> @@ -465,8 +459,7 @@ efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
> goto out;
>
> guidcpy(guid, &var_getnext->guid);
> - memcpy(variable_name, (u8 *)var_getnext->name,
> - var_getnext->name_size);
> + memcpy(variable_name, (u8 *)var_getnext->name, var_getnext->name_size);
var_getnext->name is already a pointer. There is no need to convert this
to (u8 *) as memcpy expects (void *) and will accept any pointer.
I will remove that conversion when merging.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
>
> out:
> free(comm_buf);
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-22 18:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21 22:50 [PATCH] efi_loader: Trim output buffer size correctly for tee variables Ilias Apalodimas
2020-07-22 18:02 ` Heinrich Schuchardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.