shim/shim-fix-simple-file-selector.patch

From ed9cf192de86c58e9c5397afa48de7b6d7bab7a7 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 30 May 2013 14:05:59 +0800
Subject: [PATCH 1/2] simple_file: Allocate buffers for file entries

The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
---
 lib/simple_file.c | 42 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 34 insertions(+), 8 deletions(-)

diff --git a/lib/simple_file.c b/lib/simple_file.c
index 0e5ecd2..e288272 100644
--- a/lib/simple_file.c
+++ b/lib/simple_file.c
@@ -344,9 +344,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 			goto next;
 
 		if (next->Attribute & EFI_FILE_DIRECTORY) {
-				(*result)[(*count)] = next->FileName;
-				(*result)[(*count)][len] = '/';
-				(*result)[(*count)++][len + 1] = '\0';
+				(*result)[(*count)] = PoolPrint(L"%s/", next->FileName);
+				if (!(*result)[(*count)]) {
+					Print(L"Failed to allocate buffer");
+					return EFI_OUT_OF_RESOURCES;
+				}
+				(*count)++;
 				goto next;
 		}
 
@@ -354,7 +357,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 			offs = StrLen(filterarr[c]);
 
 			if (StrCmp(&next->FileName[len - offs], filterarr[c]) == 0) {
-				(*result)[(*count)++] = next->FileName;
+				(*result)[(*count)] = StrDuplicate(next->FileName);
+				if (!(*result)[(*count)]) {
+					Print(L"Failed to allocate buffer");
+					return EFI_OUT_OF_RESOURCES;
+				}
+				(*count)++;
 			} else {
 				continue;
 			}
@@ -362,7 +370,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 		}
 
 	next:		
-		if (StrCmp(next->FileName, L"../") == 0) {
+		if (StrCmp(next->FileName, L"..") == 0) {
 			/* place .. directory first */
 			CHAR16 *tmp = (*result)[(*count) - 1];
 
@@ -392,6 +400,15 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 	return status;
 }
 
+static void
+free_entries(CHAR16 **entries, int count)
+{
+	int i;
+
+	for (i = 0; i<count; i++)
+		FreePool(entries[i]);
+}
+
 void
 simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 		     CHAR16 *filter, CHAR16 **result)
@@ -436,8 +453,6 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 		/* ESC key */
 		goto out_free;
 	selected = entries[select];
-	FreePool(entries);
-	entries = NULL;
 	/* note that memory used by selected is valid until dmp is freed */
 	len = StrLen(selected);
 	if (selected[len - 1] == '/') {
@@ -445,6 +460,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 
 		/* stay where we are */
 		if (StrCmp(selected, L"./") == 0) {
+			free_entries(entries, count);
+			FreePool(entries);
+			entries = NULL;
 			FreePool(dmp);
 			goto redo;
 		} else if (StrCmp(selected, L"../") == 0) {
@@ -463,6 +481,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 			if (StrCmp(name, L"\\") != 0
 			    && StrCmp(&name[i], L"..") != 0) {
 				name[i] = '\0';
+				free_entries(entries, count);
+				FreePool(entries);
+				entries = NULL;
 				FreePool(dmp);
 				goto redo;
 			}
@@ -478,6 +499,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 		/* remove trailing / */
 		newname[StrLen(newname) - 1] = '\0';
 
+		free_entries(entries, count);
+		FreePool(entries);
+		entries = NULL;
 		FreePool(dmp);
 		FreePool(name);
 		name = newname;
@@ -494,8 +518,10 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 
  out_free:
 	FreePool(dmp);
-	if (entries)
+	if (entries) {
+		free_entries(entries, count);
 		FreePool(entries);
+	}
  out_free_name:
 	FreePool(name);
 }
-- 
1.8.1.4


From 33080500e6bf33324a7c1463f4608f3f21d923b3 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 30 May 2013 14:10:56 +0800
Subject: [PATCH 2/2] Clean lib/, too

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index f64f409..ed47360 100644
--- a/Makefile
+++ b/Makefile
@@ -109,6 +109,7 @@ lib/lib.a:
 clean:
 	$(MAKE) -C Cryptlib clean
 	$(MAKE) -C Cryptlib/OpenSSL clean
+	$(MAKE) -C lib clean
 	rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
 	rm -f *.debug *.so *.efi
 
-- 
1.8.1.4
Accepting request 184039 from home:gary_lin:branches:devel:openSUSE:Factory - Update to 0.4 - Rebase patches + shim-suse-build.patch + shim-mokmanager-support-crypt-hash-method.patch + shim-bnc804631-fix-broken-bootpath.patch + shim-bnc798043-no-doulbe-separators.patch + shim-bnc807760-change-pxe-2nd-loader-name.patch + shim-bnc808106-correct-certcount.patch + shim-mokmanager-ui-revamp.patch - Add patches + shim-merge-lf-loader-code.patch: merge the Linux Foundation loader UI code + shim-fix-pointer-casting.patch: fix a casting issue and the size of an empty vendor cert + shim-fix-simple-file-selector.patch: fix the buffer allocation in the simple file selector - Remove upstreamed patches + shim-support-mok-delete.patch + shim-reboot-after-changes.patch + shim-clear-queued-key.patch + shim-local-key-sign-mokmanager.patch + shim-get-2nd-stage-loader.patch + shim-fix-loadoptions.patch - Remove unused patch: shim-mokmanager-new-pw-hash.patch and shim-keep-unsigned-mokmanager.patch - Install the vendor certificate to /etc/uefi/certs OBS-URL: https://build.opensuse.org/request/show/184039 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=28 2013-07-23 04:44:22 +00:00			`From ed9cf192de86c58e9c5397afa48de7b6d7bab7a7 Mon Sep 17 00:00:00 2001`
			`From: Gary Ching-Pang Lin <glin@suse.com>`
			`Date: Thu, 30 May 2013 14:05:59 +0800`
			`Subject: [PATCH 1/2] simple_file: Allocate buffers for file entries`

			`The dir filter appends L'/' to the directory entries without`
			`allocating a new buffer, and this could crash the whole program.`
			`---`
			`lib/simple_file.c \| 42 ++++++++++++++++++++++++++++++++++--------`
			`1 file changed, 34 insertions(+), 8 deletions(-)`

			`diff --git a/lib/simple_file.c b/lib/simple_file.c`
			`index 0e5ecd2..e288272 100644`
			`--- a/lib/simple_file.c`
			`+++ b/lib/simple_file.c`
			`@@ -344,9 +344,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 name, CHAR16 filter,`
			`goto next;`

			`if (next->Attribute & EFI_FILE_DIRECTORY) {`
			`- (result)[(count)] = next->FileName;`
			`- (result)[(count)][len] = '/';`
			`- (result)[(count)++][len + 1] = '\0';`
			`+ (result)[(count)] = PoolPrint(L"%s/", next->FileName);`
			`+ if (!(result)[(count)]) {`
			`+ Print(L"Failed to allocate buffer");`
			`+ return EFI_OUT_OF_RESOURCES;`
			`+ }`
			`+ (*count)++;`
			`goto next;`
			`}`

			`@@ -354,7 +357,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 name, CHAR16 filter,`
			`offs = StrLen(filterarr[c]);`

			`if (StrCmp(&next->FileName[len - offs], filterarr[c]) == 0) {`
			`- (result)[(count)++] = next->FileName;`
			`+ (result)[(count)] = StrDuplicate(next->FileName);`
			`+ if (!(result)[(count)]) {`
			`+ Print(L"Failed to allocate buffer");`
			`+ return EFI_OUT_OF_RESOURCES;`
			`+ }`
			`+ (*count)++;`
			`} else {`
			`continue;`
			`}`
			`@@ -362,7 +370,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 name, CHAR16 filter,`
			`}`

			`next:`
			`- if (StrCmp(next->FileName, L"../") == 0) {`
			`+ if (StrCmp(next->FileName, L"..") == 0) {`
			`/* place .. directory first */`
			`CHAR16 tmp = (result)[(*count) - 1];`

			`@@ -392,6 +400,15 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 name, CHAR16 filter,`
			`return status;`
			`}`

			`+static void`
			`+free_entries(CHAR16 **entries, int count)`
			`+{`
			`+ int i;`
			`+`
			`+ for (i = 0; i<count; i++)`
			`+ FreePool(entries[i]);`
			`+}`
			`+`
			`void`
			`simple_file_selector(EFI_HANDLE im, CHAR16 title, CHAR16 name,`
			`CHAR16 filter, CHAR16 *result)`
			`@@ -436,8 +453,6 @@ simple_file_selector(EFI_HANDLE im, CHAR16 title, CHAR16 name,`
			`/* ESC key */`
			`goto out_free;`
			`selected = entries[select];`
			`- FreePool(entries);`
			`- entries = NULL;`
			`/* note that memory used by selected is valid until dmp is freed */`
			`len = StrLen(selected);`
			`if (selected[len - 1] == '/') {`
			`@@ -445,6 +460,9 @@ simple_file_selector(EFI_HANDLE im, CHAR16 title, CHAR16 name,`

			`/* stay where we are */`
			`if (StrCmp(selected, L"./") == 0) {`
			`+ free_entries(entries, count);`
			`+ FreePool(entries);`
			`+ entries = NULL;`
			`FreePool(dmp);`
			`goto redo;`
			`} else if (StrCmp(selected, L"../") == 0) {`
			`@@ -463,6 +481,9 @@ simple_file_selector(EFI_HANDLE im, CHAR16 title, CHAR16 name,`
			`if (StrCmp(name, L"\\") != 0`
			`&& StrCmp(&name[i], L"..") != 0) {`
			`name[i] = '\0';`
			`+ free_entries(entries, count);`
			`+ FreePool(entries);`
			`+ entries = NULL;`
			`FreePool(dmp);`
			`goto redo;`
			`}`
			`@@ -478,6 +499,9 @@ simple_file_selector(EFI_HANDLE im, CHAR16 title, CHAR16 name,`
			`/* remove trailing / */`
			`newname[StrLen(newname) - 1] = '\0';`

			`+ free_entries(entries, count);`
			`+ FreePool(entries);`
			`+ entries = NULL;`
			`FreePool(dmp);`
			`FreePool(name);`
			`name = newname;`
			`@@ -494,8 +518,10 @@ simple_file_selector(EFI_HANDLE im, CHAR16 title, CHAR16 name,`

			`out_free:`
			`FreePool(dmp);`
			`- if (entries)`
			`+ if (entries) {`
			`+ free_entries(entries, count);`
			`FreePool(entries);`
			`+ }`
			`out_free_name:`
			`FreePool(name);`
			`}`
			`--`
			`1.8.1.4`


			`From 33080500e6bf33324a7c1463f4608f3f21d923b3 Mon Sep 17 00:00:00 2001`
			`From: Gary Ching-Pang Lin <glin@suse.com>`
			`Date: Thu, 30 May 2013 14:10:56 +0800`
			`Subject: [PATCH 2/2] Clean lib/, too`

			`---`
			`Makefile \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/Makefile b/Makefile`
			`index f64f409..ed47360 100644`
			`--- a/Makefile`
			`+++ b/Makefile`
			`@@ -109,6 +109,7 @@ lib/lib.a:`
			`clean:`
			`$(MAKE) -C Cryptlib clean`
			`$(MAKE) -C Cryptlib/OpenSSL clean`
			`+ $(MAKE) -C lib clean`
			`rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb`
			`rm -f .debug .so *.efi`

			`--`
			`1.8.1.4`