From e477187bf4e935a43d858ab2d33c64e978e2448b Mon Sep 17 00:00:00 2001 From: Andrey Borzenkov Date: Sun, 15 Dec 2013 22:00:15 +0400 Subject: [PATCH] small fixes for Windows EFI install code Fix potential crash caused by signed vs. unsigned comparison. Negative length compares as very large unsigned number causing subsequent NULL access. Make exhaustive search for all BootNNNN variables to find one matching requested efi_distributor. --- ChangeLog | 6 ++++++ grub-core/osdep/windows/platform.c | 17 ++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index bc6d68ba3..7a1026499 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2013-12-15 Andrey Borzenkov + + * grub-core/osdep/windows/platform.c (grub_install_register_efi): Handle + unlikely errors when getting EFI variables and make exhaustive search + for all BootNNNN variables to find matching one. + 2013-12-15 Ian Campbell * grub-core/kern/uboot/init.c: Fix units of uboot timer. diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c index b123256e5..3f4ad5e24 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -246,6 +246,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, void *current = NULL; ssize_t current_len; current = get_efi_variable_bootn (i, ¤t_len); + if (current_len < 0) + continue; /* FIXME Should we abort on error? */ if (current_len < (distrib16_len + 1) * sizeof (grub_uint16_t) + 6) { @@ -275,13 +277,18 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, void *current = NULL; ssize_t current_len; current = get_efi_variable_bootn (i, ¤t_len); + if (current_len < -1) + continue; /* FIXME Should we abort on error? */ if (current_len == -1) { - order_num = i; - have_order_num = 1; - grub_util_info ("Creating new entry at Boot%04x", - order_num); - break; + if (!have_order_num) + { + order_num = i; + have_order_num = 1; + grub_util_info ("Creating new entry at Boot%04x", + order_num); + } + continue; } if (current_len < (distrib16_len + 1) * sizeof (grub_uint16_t) + 6)