From: Josh Boyer
Git-commit: Not yet
Patch-mainline: Not yet, from Fedora 18 kernel
Target: openSUSE 12.3
If a signature list is read from an UEFI variable and that contains bogus
data, we can go into an infinite loop in efi_parse_signature_list. Notably,
if one of the entries in the list has a signature_size that is larger than
the actual signature size, it will fail the elsize < esize test. Simply
continuing in the loop without modifying the data or size variables just
leads to the same list entry being parsed repeatedly.
Since the data is bogus, but we can't tell which value is actually
incorrect, we need to stop parsing the list. Just return -EBADMSG instead.
Signed-off-by: Josh Boyer
Acked-by: Lee, Chun-Yi
---
crypto/asymmetric_keys/efi_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/crypto/asymmetric_keys/efi_parser.c
+++ b/crypto/asymmetric_keys/efi_parser.c
@@ -61,7 +61,7 @@ int __init parse_efi_signature_list(cons
elsize < esize ||
elsize % esize != 0) {
pr_devel("- bad size combo @%x\n", offs);
- continue;
+ return -EBADMSG;
}
if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org