packages/efibootmgr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix segfault when passed --index is greater than current boot order size

Browse Source 
Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
This commit is contained in:
Qiumiao Zhang 2023-03-13 20:06:26 +08:00
parent be0bf69c5b
commit 7202938c42
3 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
backport-Add-missing-short-option-handling-for-index-I.patch Normal file
View File

@ -0,0 +1,26 @@
From b0f81089481c10af6e6ac404755830fefee60e93 Mon Sep 17 00:00:00 2001
From: kamillo <kamilgolunski@gmail.com>
Date: Fri, 17 Feb 2023 21:55:17 +0100
Subject: [PATCH] Add missing short option handling for --index (-I)
Signed-off-by: kamillo <kamilgolunski@gmail.com>
---
src/efibootmgr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/efibootmgr.c b/src/efibootmgr.c
index 4b15d6d..255f61f 100644
--- a/src/efibootmgr.c
+++ b/src/efibootmgr.c
@@ -1509,7 +1509,7 @@ parse_opts(int argc, char **argv)
};
c = getopt_long(argc, argv,
- "aAb:BcCd:De:E:fFgi:kl:L:m:M:n:No:Op:qrt:Tuv::Vwy@:h",
+ "aAb:BcCd:De:E:fFgi:I:kl:L:m:M:n:No:Op:qrt:Tuv::Vwy@:h",
long_options, &option_index);
if (c == -1)
break;
--
2.27.0

31
backport-Fix-segfault-when-passed-index-is-greater-than-curre.patch Normal file
View File

@ -0,0 +1,31 @@
From 4a8d9c69050bd01a0be66695fea3b35b72f5a425 Mon Sep 17 00:00:00 2001
From: kamillo <kamilgolunski@gmail.com>
Date: Fri, 17 Feb 2023 22:02:22 +0100
Subject: [PATCH] Fix segfault when passed --index is greater than current
boot order size
Size of the order entry size (uint16_t) hasn't been taken into account for all calculations and caused memory corruption.
Signed-off-by: kamillo <kamilgolunski@gmail.com>
---
src/efibootmgr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/efibootmgr.c b/src/efibootmgr.c
index 255f61f..ded21a1 100644
--- a/src/efibootmgr.c
+++ b/src/efibootmgr.c
@@ -420,8 +420,8 @@ add_to_order(const char *name, uint16_t num, uint16_t insert_at)
return -1;
if (insert_at != 0) {
- if (insert_at > order->data_size)
- insert_at = order->data_size;
+ if (insert_at * sizeof(uint16_t) > order->data_size)
+ insert_at = order->data_size / sizeof(uint16_t);
memcpy(new_data, old_data, insert_at * sizeof(uint16_t));
}
new_data[insert_at] = num;
--
2.27.0

8
efibootmgr.spec
View File

@ -1,5 +1,5 @@
Name: efibootmgr Name: efibootmgr
Release: 3 Release: 4
Version: 18 Version: 18
Summary: A tool manipulating the EFI Boot Manager Summary: A tool manipulating the EFI Boot Manager
License: GPLv2+ License: GPLv2+
@ -7,6 +7,8 @@ URL: https://github.com/rhboot/%{name}/
Source0: https://github.com/rhboot/%{name}/archive/refs/tags/%{version}.tar.gz Source0: https://github.com/rhboot/%{name}/archive/refs/tags/%{version}.tar.gz
Patch6000: backport-Update-efibootmgr.c.patch Patch6000: backport-Update-efibootmgr.c.patch
Patch6001: backport-Add-missing-short-option-handling-for-index-I.patch
Patch6002: backport-Fix-segfault-when-passed-index-is-greater-than-curre.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: efi-srpm-macros >= 3-2 efi-filesystem git popt-devel efivar-libs >= 38-1 efivar-devel >= 38-1 BuildRequires: efi-srpm-macros >= 3-2 efi-filesystem git popt-devel efivar-libs >= 38-1 efivar-devel >= 38-1
@ -48,6 +50,10 @@ rm -rf %{buildroot}
%{_mandir}/*/*.?.gz %{_mandir}/*/*.?.gz
%changelog %changelog
* Mon Mar 13 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 18-4
- Fix segfault when passed --index is greater than current boot order size
Add missing short option handling for --index (-I)
* Mon Feb 20 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 18-3 * Mon Feb 20 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 18-3
- get_entry: return entry if it was found before reaching the end of the list - get_entry: return entry if it was found before reaching the end of the list