d2cf823d0e
Several places we take the length of a device path and subtract 4 from it, without ever checking that it's >= 4. There are also cases where this kind of malformation will result in unpredictable iteration, including treating the length from one dp node as the type in the next node. These are all errors, no matter where the data comes from. This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when the length is too small. Additionally, it makes several places in the code check for and return errors in these cases. Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
||
|---|---|---|
| .. | ||
| acpi.c | ||
| efi.c | ||
| fdt.c | ||
| init.c | ||
| mm.c | ||