Make sure the variables are not broken

diff --git a/MokManager.c b/MokManager.c
index 9025f6f1470f32fa2c93e69ae4992f8dba9938f9..97501f614869efada6dc9b7bdc9f191ffe99a00a 100644 (file)
--- a/MokManager.c
+++ b/MokManager.c
@@ -101,6 +101,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
        int i;
        void *ptr;
 
+       if (DataSize < sizeof(UINT32))
+               return NULL;
+
        list = AllocatePool(sizeof(MokListNode) * num);
 
        if (!list) {
@@ -478,7 +481,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
        efi_status = get_variable(L"MokNew", shim_lock_guid, &attributes,
                                  &MokNewSize, &MokNew);
 
-       if (efi_status != EFI_SUCCESS) {
+       if (efi_status != EFI_SUCCESS || MokNewSize < sizeof(UINT32)) {
                goto error;
        }
 

diff --git a/shim.c b/shim.c
index 73b2feb79f6da76999660ec60b33c418279d1097..95c3e5441fb29ec18c50f56da7a8fc5a9ed9db06 100644 (file)
--- a/shim.c
+++ b/shim.c
@@ -107,6 +107,9 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
        int i, remain = DataSize;
        void *ptr;
 
+       if (DataSize < sizeof(UINT32))
+               return NULL;
+
        list = AllocatePool(sizeof(MokListNode) * num);
 
        if (!list) {
@@ -601,7 +604,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
        status = get_variable(L"MokList", shim_lock_guid, &attributes,
                              &MokListDataSize, &MokListData);
 
-       if (status != EFI_SUCCESS) {
+       if (status != EFI_SUCCESS || MokListDataSize < sizeof(UINT32)) {
                status = EFI_ACCESS_DENIED;
                Print(L"Invalid signature\n");
                goto done;