On Tue, 08 Oct, at 06:45:51PM, Borislav Petkov wrote: > @@ -141,34 +151,75 @@ static long efi_runtime_ioctl(struct file *file, unsigned int cmd, > return -EFAULT; > > convert_from_guid(&vendor, &vendor_guid); > - status = efi.get_variable(pgetvariable->VariableName, &vendor, > - &attr, &datasize, pgetvariable->Data); > + > + vardata = kmalloc(datasize, GFP_KERNEL); > + if (!vardata) > + return -ENOMEM; > + > + namelen = ucs2_strsize(pgetvariable->VariableName, 1024); > + > + varname = kmalloc(namelen, GFP_KERNEL); > + if (!varname) > + return -ENOMEM; > + > + if (copy_from_user(varname, pgetvariable->VariableName, namelen)) > + return -EFAULT; > + varname = kmalloc(namelen + 1, GFP_KERNEL); varname[namelen] = 0; Note that ucs2_strsize() doesn't count the terminating NUL. -- Matt Fleming, Intel Open Source Technology Center -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
