efivarfs: Validate filenames much more aggressively
authorMatt Fleming <matt.fleming@intel.com>
Thu, 31 Jan 2013 19:02:03 +0000 (19:02 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 3 Mar 2013 22:03:40 +0000 (06:03 +0800)
commit70afdfc6b4e4fec67bd07a5af56e0f8f7ecc7f46
tree021a1e3d9174d5a7c1a04089c54567ada1c5e179
parent595aa2afac1f6cb2ab5e3c3a45b965fb400dc795
efivarfs: Validate filenames much more aggressively

commit 47f531e8ba3bc3901a0c493f4252826c41dea1a1 upstream.

The only thing that efivarfs does to enforce a valid filename is
ensure that the name isn't too short. We need to strongly sanitise any
filenames, not least because variable creation is delayed until
efivarfs_file_write(), which means we can't rely on the firmware to
inform us of an invalid name, because if the file is never written to
we'll never know it's invalid.

Perform a couple of steps before agreeing to create a new file,

  * hex_to_bin() returns a value indicating whether or not it was able
    to convert its arguments to a binary representation - we should
    check it.

  * Ensure that the GUID portion of the filename is the correct length
    and format.

  * The variable name portion of the filename needs to be at least one
    character in size.

Reported-by: Lingzhu Xiang <lxiang@redhat.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Jeremy Kerr <jeremy.kerr@canonical.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/firmware/efivars.c