efivarfs: Validate filenames much more aggressively
authorMatt Fleming <matt.fleming@intel.com>
Thu, 31 Jan 2013 19:02:03 +0000 (19:02 +0000)
committerMatt Fleming <matt.fleming@intel.com>
Tue, 12 Feb 2013 12:41:49 +0000 (12:41 +0000)
commit47f531e8ba3bc3901a0c493f4252826c41dea1a1
tree5afbfc2451eb003cda695d4377077862ac932267
parent94a193fb7393a50625abd9ca21f8afea275a9f87
efivarfs: Validate filenames much more aggressively

The only thing that efivarfs does to enforce a valid filename is
ensure that the name isn't too short. We need to strongly sanitise any
filenames, not least because variable creation is delayed until
efivarfs_file_write(), which means we can't rely on the firmware to
inform us of an invalid name, because if the file is never written to
we'll never know it's invalid.

Perform a couple of steps before agreeing to create a new file,

  * hex_to_bin() returns a value indicating whether or not it was able
    to convert its arguments to a binary representation - we should
    check it.

  * Ensure that the GUID portion of the filename is the correct length
    and format.

  * The variable name portion of the filename needs to be at least one
    character in size.

Reported-by: Lingzhu Xiang <lxiang@redhat.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Jeremy Kerr <jeremy.kerr@canonical.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
drivers/firmware/efivars.c