diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-06-28 19:43:31 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-07-03 16:15:04 +0200 |
| commit | 596731db99338876710d3275243cd15e52cdff83 (patch) | |
| tree | f26cc0adacaabb27be7005f7ee3ae015c86f62c0 /src/boot | |
| parent | repart: Allow overriding fstype per partition designator (diff) | |
| download | systemd-596731db99338876710d3275243cd15e52cdff83.tar.xz systemd-596731db99338876710d3275243cd15e52cdff83.zip | |
efi: add limit on how large files can be we load into memory at once
Diffstat (limited to 'src/boot')
| -rw-r--r-- | src/boot/efi/util.c | 14 | ||||
| -rw-r--r-- | src/boot/efi/util.h | 2 |
2 files changed, 11 insertions, 5 deletions
diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 6ceb032fa1..3639afcb15 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -9,6 +9,9 @@ #include "version.h" #include "efivars.h" +/* Never try to read more than 16G into memory (and on 32bit 1G) */ +#define FILE_READ_MAX MIN(SIZE_MAX/4, UINT64_C(16)*1024U*1024U*1024U) + void convert_efi_path(char16_t *path) { assert(path); @@ -107,7 +110,7 @@ EFI_STATUS chunked_read(EFI_FILE *file, size_t *size, void *buf) { EFI_STATUS file_read( EFI_FILE *dir, const char16_t *name, - uint64_t off, + uint64_t offset, size_t size, char **ret, size_t *ret_size) { @@ -131,14 +134,17 @@ EFI_STATUS file_read( if (err != EFI_SUCCESS) return err; - if (info->FileSize > SIZE_MAX) + if (info->FileSize > SIZE_MAX) /* overflow check */ return EFI_BAD_BUFFER_SIZE; size = info->FileSize; } - if (off > 0) { - err = handle->SetPosition(handle, off); + if (size > FILE_READ_MAX) /* make sure we don't read unbounded data into RAM */ + return EFI_BAD_BUFFER_SIZE; + + if (offset > 0) { + err = handle->SetPosition(handle, offset); if (err != EFI_SUCCESS) return err; } diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h index 3a26bc5c92..dc16f3fb76 100644 --- a/src/boot/efi/util.h +++ b/src/boot/efi/util.h @@ -86,7 +86,7 @@ char16_t *xstr8_to_path(const char *stra); char16_t *mangle_stub_cmdline(char16_t *cmdline); EFI_STATUS chunked_read(EFI_FILE *file, size_t *size, void *buf); -EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, uint64_t off, size_t size, char **content, size_t *content_size); +EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, uint64_t offset, size_t size, char **content, size_t *content_size); static inline void file_closep(EFI_FILE **handle) { if (!*handle) |