From c77d8e9d893ea06082e3ea0f609895b306db1623 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 12 Jun 2019 23:28:42 +0200 Subject: [PATCH] efi_loader: parameter checks SetVariable() Return EFI_INVALID_PARAMETER if the variable name has zero length or the variable has runtime access but not boottime access. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_variable.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index e56053194d..1d1b23b0e5 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -430,7 +430,9 @@ efi_status_t EFIAPI efi_set_variable(u16 *variable_name, data_size, data); /* TODO: implement APPEND_WRITE */ - if (!variable_name || !vendor || + if (!variable_name || !*variable_name || !vendor || + ((attributes & EFI_VARIABLE_RUNTIME_ACCESS) && + !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) || (attributes & EFI_VARIABLE_APPEND_WRITE)) { ret = EFI_INVALID_PARAMETER; goto out; -- 2.30.2