[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: efivar 38-3 broken; replace with efivar 39

I'm running Mint, meaning Ubuntu, meaning Debian. I installed the source package and that's what was in the path: /usr/src/etcetc. The version is what's currently in Debian (stable, I think).

If one looks at the efivar bugs on git, about halfway down there's one about a bad free(). That's probably the one.

It's shocking that malloc doesn't validate *objs handed to it, just says behavior is 'undefined' if they aren't actually *objs. Probably a good attack vector. Checking is cheap: a couple of shorts in invisible header, couple of memory fetches, two &, a subtract, a bnz. Or a short and a sizeof(*obj) and skip the & masking.

Anyways, should be trivial to reproduce: do an efivar -e (export), then an efivar -i of the file.
38 segfaults, 39 doesn't.

Let me know if you need more details.
-------- Original Message --------
On Sep 5, 2024, 10:13 AM, Steve McIntyre < steve@einval.com> wrote:

Hi Jim, On Wed, Sep 04, 2024 at 02:45:33AM +0000, Jim Bray wrote: >Hi, > >efivar 38-3.1build1 is broken, SIGSEGVs if one tries to import (it free()s a >null ptr). > ># efivar -i test.export >Segmentation fault > >This is fixed in the current release, 39, https://github.com/rhboot/efivar/ >releases (I pulled, built and tested). I don't recognise version 38-3.1build1 - do you mean 38-3.1 ? -- Steve McIntyre, Cambridge, UK. steve@einval.com "C++ ate my sanity" -- Jon Rabone
Reply to: