[PATCH 4.4 057/342] efi: Do variable name validation tests in utf8

From: Greg Kroah-Hartman
Date: Tue Mar 01 2016 - 20:21:03 EST


4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Peter Jones <pjones@xxxxxxxxxx>

commit 3dcb1f55dfc7631695e69df4a0d589ce5274bd07 upstream.

Actually translate from ucs2 to utf8 before doing the test, and then
test against our other utf8 data, instead of fudging it.

Signed-off-by: Peter Jones <pjones@xxxxxxxxxx>
Acked-by: Matthew Garrett <mjg59@xxxxxxxxxx>
Tested-by: Lee, Chun-Yi <jlee@xxxxxxxx>
Signed-off-by: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/firmware/efi/vars.c | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)

--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -189,10 +189,19 @@ static const struct variable_validate va
};

bool
-efivar_validate(efi_char16_t *var_name, u8 *data, unsigned long len)
+efivar_validate(efi_char16_t *var_name, u8 *data, unsigned long data_size)
{
int i;
- u16 *unicode_name = var_name;
+ unsigned long utf8_size;
+ u8 *utf8_name;
+
+ utf8_size = ucs2_utf8size(var_name);
+ utf8_name = kmalloc(utf8_size + 1, GFP_KERNEL);
+ if (!utf8_name)
+ return false;
+
+ ucs2_as_utf8(utf8_name, var_name, utf8_size);
+ utf8_name[utf8_size] = '\0';

for (i = 0; variable_validate[i].validate != NULL; i++) {
const char *name = variable_validate[i].name;
@@ -200,28 +209,29 @@ efivar_validate(efi_char16_t *var_name,

for (match = 0; ; match++) {
char c = name[match];
- u16 u = unicode_name[match];
-
- /* All special variables are plain ascii */
- if (u > 127)
- return true;
+ char u = utf8_name[match];

/* Wildcard in the matching name means we've matched */
- if (c == '*')
+ if (c == '*') {
+ kfree(utf8_name);
return variable_validate[i].validate(var_name,
- match, data, len);
+ match, data, data_size);
+ }

/* Case sensitive match */
if (c != u)
break;

/* Reached the end of the string while matching */
- if (!c)
+ if (!c) {
+ kfree(utf8_name);
return variable_validate[i].validate(var_name,
- match, data, len);
+ match, data, data_size);
+ }
}
}

+ kfree(utf8_name);
return true;
}
EXPORT_SYMBOL_GPL(efivar_validate);