d2cf823 efi: Fix some malformed device path arithmetic errors

4 files Authored by pjones 3 years ago, Committed by Daniel Kiper 3 years ago,
    efi: Fix some malformed device path arithmetic errors
    
    Several places we take the length of a device path and subtract 4 from
    it, without ever checking that it's >= 4. There are also cases where
    this kind of malformation will result in unpredictable iteration,
    including treating the length from one dp node as the type in the next
    node. These are all errors, no matter where the data comes from.
    
    This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
    can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
    return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
    the length is too small. Additionally, it makes several places in the
    code check for and return errors in these cases.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
    
        
file modified
+54 -10
file modified
+5 -4
file modified
+9 -5