erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

util/smmstoretool: Ensure that the FVB header isn't too large

Browse source 
If the header size is equal to fv.length, then `fv_parse()` will go
out-of-bounds when obtaining the variable store data, and obviously,
there is no data if the header takes up all available space.

Change-Id: I0ac46e098a14b51f936cb99f5e6bf83411570bc5
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88452
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
This commit is contained in:
Benjamin Doron 2025-07-16 12:44:20 -04:00 committed by Matt DeVillier
commit b49f567e45
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
util/smmstoretool/fv.c
View file

@ -100,7 +100,7 @@ static bool check_fw_vol_hdr(const EFI_FIRMWARE_VOLUME_HEADER *hdr,
if (hdr->Revision != EFI_FVH_REVISION ||
hdr->Signature != EFI_FVH_SIGNATURE ||
hdr->FvLength > max_size ||
hdr->HeaderLength > max_size ||
hdr->HeaderLength >= max_size ||
hdr->HeaderLength % 2 != 0) {
fprintf(stderr, "No firmware volume header present\n");
return false;