summaryrefslogtreecommitdiffstats
path: root/src/boot
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2022-06-10 04:43:00 +0200
committerYu Watanabe <watanabe.yu+github@gmail.com>2022-06-10 05:05:38 +0200
commitda5fb1877dca6ec713b70f7c8646b4233769d015 (patch)
treebaab65b305bdb3f89a4838b77006899d9ba66ac6 /src/boot
parentMerge pull request #23589 from medhefgo/efi-clang (diff)
downloadsystemd-da5fb1877dca6ec713b70f7c8646b4233769d015.tar.xz
systemd-da5fb1877dca6ec713b70f7c8646b4233769d015.zip
boot/efi-string: check the end of haystack before testing remaining pattern
Fixes buffer-overflow reported at https://github.com/systemd/systemd/pull/23589#issuecomment-1151820341.
Diffstat (limited to 'src/boot')
-rw-r--r--src/boot/efi/efi-string.c6
-rw-r--r--src/boot/efi/test-efi-string.c1
2 files changed, 2 insertions, 5 deletions
diff --git a/src/boot/efi/efi-string.c b/src/boot/efi/efi-string.c
index 80ef0ff076..b9ef1548ca 100644
--- a/src/boot/efi/efi-string.c
+++ b/src/boot/efi/efi-string.c
@@ -170,15 +170,11 @@ static bool efi_fnmatch_internal(const char16_t *p, const char16_t *h, int max_d
while (*p == '*')
p++;
- do {
+ for (; *h != '\0'; h++)
/* Try matching haystack with remaining pattern. */
if (efi_fnmatch_internal(p, h, max_depth - 1))
return true;
- /* Otherwise, we match one char here. */
- h++;
- } while (*h != '\0');
-
/* End of haystack. Pattern needs to be empty too for a match. */
return *p == '\0';
diff --git a/src/boot/efi/test-efi-string.c b/src/boot/efi/test-efi-string.c
index 5aaa1f713f..178ad766cb 100644
--- a/src/boot/efi/test-efi-string.c
+++ b/src/boot/efi/test-efi-string.c
@@ -344,6 +344,7 @@ TEST(efi_fnmatch) {
TEST_FNMATCH_ONE("*", "123", true);
TEST_FNMATCH_ONE("**", "abcd", true);
TEST_FNMATCH_ONE("*b*", "abcd", true);
+ TEST_FNMATCH_ONE("abc*d", "abc", false);
TEST_FNMATCH_ONE("*.conf", "arch.conf", true);
TEST_FNMATCH_ONE("debian-*.conf", "debian-wheezy.conf", true);
TEST_FNMATCH_ONE("debian-*.*", "debian-wheezy.efi", true);