aboutsummaryrefslogtreecommitdiff
path: root/lib/efi_loader/efi_file.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/efi_loader/efi_file.c')
-rw-r--r--lib/efi_loader/efi_file.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c
index d6dc8232a9..520c730220 100644
--- a/lib/efi_loader/efi_file.c
+++ b/lib/efi_loader/efi_file.c
@@ -1137,6 +1137,7 @@ struct efi_file_handle *efi_file_from_path(struct efi_device_path *fp)
container_of(fp, struct efi_device_path_file_path, dp);
struct efi_file_handle *f2;
u16 *filename;
+ size_t filename_sz;
if (!EFI_DP_TYPE(fp, MEDIA_DEVICE, FILE_PATH)) {
printf("bad file path!\n");
@@ -1149,9 +1150,14 @@ struct efi_file_handle *efi_file_from_path(struct efi_device_path *fp)
* protocol member functions to be aligned. So memcpy it
* unconditionally
*/
- filename = u16_strdup(fdp->str);
+ if (fdp->dp.length <= offsetof(struct efi_device_path_file_path, str))
+ return NULL;
+ filename_sz = fdp->dp.length -
+ offsetof(struct efi_device_path_file_path, str);
+ filename = malloc(filename_sz);
if (!filename)
return NULL;
+ memcpy(filename, fdp->str, filename_sz);
EFI_CALL(ret = f->open(f, &f2, filename,
EFI_FILE_MODE_READ, 0));
free(filename);
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-05 16:26:36 +0000