Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fix from Catalin Marinas:
 "Fix buffer overflow when UTF-16 UEFI vendor string is copied from the
  system table into a char array with a size of 100 bytes"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64/efi: map the entire UEFI vendor string before reading it
Linus Torvalds 10 years ago
parent
67eb890e5e f91b1feada
commit
d61be4b3f2
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      arch/arm64/kernel/efi.c

+ 2 - 2
arch/arm64/kernel/efi.c
View File 

@@ -122,12 +122,12 @@ static int __init uefi_init(void)
 
 
 	/* Show what we know for posterity */
 
 	c16 = early_memremap(efi_to_phys(efi.systab->fw_vendor),
 
-			     sizeof(vendor));
 
+			     sizeof(vendor) * sizeof(efi_char16_t));
 
 	if (c16) {
 
 		for (i = 0; i < (int) sizeof(vendor) - 1 && *c16; ++i)
 
 			vendor[i] = c16[i];
 
 		vendor[i] = '\0';
 
-		early_memunmap(c16, sizeof(vendor));
 
+		early_memunmap(c16, sizeof(vendor) * sizeof(efi_char16_t));
 
 	}
 
 
 	pr_info("EFI v%u.%.02u by %s\n",