diff options
author | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2018-05-16 18:17:38 +0200 |
---|---|---|
committer | Alexander Graf <agraf@suse.de> | 2018-06-03 15:27:20 +0200 |
commit | 62217295d7b0377f5eeee0e9716cc0443e4ce1ba (patch) | |
tree | 513d7ee0481ea15d3f70d96e4ecb7c0e8cd52959 /lib/efi_loader/efi_console.c | |
parent | d799c67ad32e5bb1a7ae098611c2990f80099309 (diff) |
efi_loader: avoid using unitialized values as console size
If a request for the console size would be answered with a response
with less then three values, uninitialized stack memory would be
copied to the number of rows and columns of the terminal.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Diffstat (limited to 'lib/efi_loader/efi_console.c')
-rw-r--r-- | lib/efi_loader/efi_console.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c index c09b93d9d6..0bfc24dbd9 100644 --- a/lib/efi_loader/efi_console.c +++ b/lib/efi_loader/efi_console.c @@ -60,7 +60,15 @@ static struct simple_text_output_mode efi_con_mode = { .cursor_visible = 1, }; -static int term_read_reply(int *n, int maxnum, char end_char) +/* + * Receive and parse a reply from the terminal. + * + * @n: array of return values + * @num: number of return values expected + * @end_char: character indicating end of terminal message + * @return: non-zero indicates error + */ +static int term_read_reply(int *n, int num, char end_char) { char c; int i = 0; @@ -77,7 +85,7 @@ static int term_read_reply(int *n, int maxnum, char end_char) c = getc(); if (c == ';') { i++; - if (i >= maxnum) + if (i >= num) return -1; n[i] = 0; continue; @@ -91,6 +99,8 @@ static int term_read_reply(int *n, int maxnum, char end_char) n[i] *= 10; n[i] += c - '0'; } + if (i != num - 1) + return -1; return 0; } |