From da5fb1877dca6ec713b70f7c8646b4233769d015 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 10 Jun 2022 11:43:00 +0900 Subject: boot/efi-string: check the end of haystack before testing remaining pattern Fixes buffer-overflow reported at https://github.com/systemd/systemd/pull/23589#issuecomment-1151820341. --- src/boot/efi/efi-string.c | 6 +----- src/boot/efi/test-efi-string.c | 1 + 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'src/boot') diff --git a/src/boot/efi/efi-string.c b/src/boot/efi/efi-string.c index 80ef0ff076..b9ef1548ca 100644 --- a/src/boot/efi/efi-string.c +++ b/src/boot/efi/efi-string.c @@ -170,15 +170,11 @@ static bool efi_fnmatch_internal(const char16_t *p, const char16_t *h, int max_d while (*p == '*') p++; - do { + for (; *h != '\0'; h++) /* Try matching haystack with remaining pattern. */ if (efi_fnmatch_internal(p, h, max_depth - 1)) return true; - /* Otherwise, we match one char here. */ - h++; - } while (*h != '\0'); - /* End of haystack. Pattern needs to be empty too for a match. */ return *p == '\0'; diff --git a/src/boot/efi/test-efi-string.c b/src/boot/efi/test-efi-string.c index 5aaa1f713f..178ad766cb 100644 --- a/src/boot/efi/test-efi-string.c +++ b/src/boot/efi/test-efi-string.c @@ -344,6 +344,7 @@ TEST(efi_fnmatch) { TEST_FNMATCH_ONE("*", "123", true); TEST_FNMATCH_ONE("**", "abcd", true); TEST_FNMATCH_ONE("*b*", "abcd", true); + TEST_FNMATCH_ONE("abc*d", "abc", false); TEST_FNMATCH_ONE("*.conf", "arch.conf", true); TEST_FNMATCH_ONE("debian-*.conf", "debian-wheezy.conf", true); TEST_FNMATCH_ONE("debian-*.*", "debian-wheezy.efi", true); -- cgit v1.2.3