mirror of
				https://xff.cz/git/u-boot/
				synced 2025-10-26 16:13:55 +01:00 
			
		
		
		
	If the array index 'i' < 128, the 'codepage' array is accessed using
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.
    Negative index in efi_unicode_collation.c:262.
The index of the 'codepage' array should be c - 0x80 instead of i - 0x80.
Fixes: 0bc4b0da7b ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
		
	
		
			
				
	
	
		
			327 lines
		
	
	
		
			7.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			327 lines
		
	
	
		
			7.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0+
 | |
| /*
 | |
|  * EFI Unicode collation protocol
 | |
|  *
 | |
|  * Copyright (c) 2018 Heinrich Schuchardt <xypron.glpk@gmx.de>
 | |
|  */
 | |
| 
 | |
| #include <common.h>
 | |
| #include <charset.h>
 | |
| #include <cp1250.h>
 | |
| #include <cp437.h>
 | |
| #include <efi_loader.h>
 | |
| 
 | |
| /* Characters that may not be used in FAT 8.3 file names */
 | |
| static const char illegal[] = "+,<=>:;\"/\\|?*[]\x7f";
 | |
| 
 | |
| /*
 | |
|  * EDK2 assumes codepage 1250 when creating FAT 8.3 file names.
 | |
|  * Linux defaults to codepage 437 for FAT 8.3 file names.
 | |
|  */
 | |
| #if CONFIG_FAT_DEFAULT_CODEPAGE == 1250
 | |
| /* Unicode code points for code page 1250 characters 0x80 - 0xff */
 | |
| static const u16 codepage[] = CP1250;
 | |
| #else
 | |
| /* Unicode code points for code page 437 characters 0x80 - 0xff */
 | |
| static const u16 *codepage = codepage_437;
 | |
| #endif
 | |
| 
 | |
| /* GUID of the EFI_UNICODE_COLLATION_PROTOCOL2 */
 | |
| const efi_guid_t efi_guid_unicode_collation_protocol2 =
 | |
| 	EFI_UNICODE_COLLATION_PROTOCOL2_GUID;
 | |
| 
 | |
| /**
 | |
|  * efi_stri_coll() - compare utf-16 strings case-insenitively
 | |
|  *
 | |
|  * @this:	unicode collation protocol instance
 | |
|  * @s1:		first string
 | |
|  * @s2:		second string
 | |
|  *
 | |
|  * This function implements the StriColl() service of the
 | |
|  * EFI_UNICODE_COLLATION_PROTOCOL2.
 | |
|  *
 | |
|  * See the Unified Extensible Firmware Interface (UEFI) specification for
 | |
|  * details.
 | |
|  *
 | |
|  * Return:	0: s1 == s2, > 0: s1 > s2, < 0: s1 < s2
 | |
|  */
 | |
| static efi_intn_t EFIAPI efi_stri_coll(
 | |
| 		struct efi_unicode_collation_protocol *this, u16 *s1, u16 *s2)
 | |
| {
 | |
| 	s32 c1, c2;
 | |
| 	efi_intn_t ret = 0;
 | |
| 
 | |
| 	EFI_ENTRY("%p, %ls, %ls", this, s1, s2);
 | |
| 	for (; *s1 | *s2; ++s1, ++s2) {
 | |
| 		c1 = utf_to_upper(*s1);
 | |
| 		c2 = utf_to_upper(*s2);
 | |
| 		if (c1 < c2) {
 | |
| 			ret = -1;
 | |
| 			goto out;
 | |
| 		} else if (c1 > c2) {
 | |
| 			ret = 1;
 | |
| 			goto out;
 | |
| 		}
 | |
| 	}
 | |
| out:
 | |
| 	EFI_EXIT(EFI_SUCCESS);
 | |
| 	return ret;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * next_lower() - get next codepoint converted to lower case
 | |
|  *
 | |
|  * @string:	pointer to u16 string, on return advanced by one codepoint
 | |
|  * Return:	first codepoint of string converted to lower case
 | |
|  */
 | |
| static s32 next_lower(const u16 **string)
 | |
| {
 | |
| 	return utf_to_lower(utf16_get(string));
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * metai_match() - compare utf-16 string with a pattern string case-insenitively
 | |
|  *
 | |
|  * @string:	string to compare
 | |
|  * @pattern:	pattern string
 | |
|  *
 | |
|  * The pattern string may use these:
 | |
|  *	- * matches >= 0 characters
 | |
|  *	- ? matches 1 character
 | |
|  *	- [<char1><char2>...<charN>] match any character in the set
 | |
|  *	- [<char1>-<char2>] matches any character in the range
 | |
|  *
 | |
|  * This function is called my efi_metai_match().
 | |
|  *
 | |
|  * For '*' pattern searches this function calls itself recursively.
 | |
|  * Performance-wise this is suboptimal, especially for multiple '*' wildcards.
 | |
|  * But it results in simple code.
 | |
|  *
 | |
|  * Return:	true if the string is matched.
 | |
|  */
 | |
| static bool metai_match(const u16 *string, const u16 *pattern)
 | |
| {
 | |
| 	s32 first, s, p;
 | |
| 
 | |
| 	for (; *string && *pattern;) {
 | |
| 		const u16 *string_old = string;
 | |
| 
 | |
| 		s = next_lower(&string);
 | |
| 		p = next_lower(&pattern);
 | |
| 
 | |
| 		switch (p) {
 | |
| 		case '*':
 | |
| 			/* Match 0 or more characters */
 | |
| 			for (;; s = next_lower(&string)) {
 | |
| 				if (metai_match(string_old, pattern))
 | |
| 					return true;
 | |
| 				if (!s)
 | |
| 					return false;
 | |
| 				string_old = string;
 | |
| 			}
 | |
| 		case '?':
 | |
| 			/* Match any one character */
 | |
| 			break;
 | |
| 		case '[':
 | |
| 			/* Match any character in the set */
 | |
| 			p = next_lower(&pattern);
 | |
| 			first = p;
 | |
| 			if (first == ']')
 | |
| 				/* Empty set */
 | |
| 				return false;
 | |
| 			p = next_lower(&pattern);
 | |
| 			if (p == '-') {
 | |
| 				/* Range */
 | |
| 				p = next_lower(&pattern);
 | |
| 				if (s < first || s > p)
 | |
| 					return false;
 | |
| 				p = next_lower(&pattern);
 | |
| 				if (p != ']')
 | |
| 					return false;
 | |
| 			} else {
 | |
| 				/* Set */
 | |
| 				bool hit = false;
 | |
| 
 | |
| 				if (s == first)
 | |
| 					hit = true;
 | |
| 				for (; p && p != ']';
 | |
| 				     p = next_lower(&pattern)) {
 | |
| 					if (p == s)
 | |
| 						hit = true;
 | |
| 				}
 | |
| 				if (!hit || p != ']')
 | |
| 					return false;
 | |
| 			}
 | |
| 			break;
 | |
| 		default:
 | |
| 			/* Match one character */
 | |
| 			if (p != s)
 | |
| 				return false;
 | |
| 		}
 | |
| 	}
 | |
| 	if (!*pattern && !*string)
 | |
| 		return true;
 | |
| 	return false;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * efi_metai_match() - compare utf-16 string with a pattern string
 | |
|  *		       case-insenitively
 | |
|  *
 | |
|  * @this:	unicode collation protocol instance
 | |
|  * @string:	string to compare
 | |
|  * @pattern:	pattern string
 | |
|  *
 | |
|  * The pattern string may use these:
 | |
|  *	- * matches >= 0 characters
 | |
|  *	- ? matches 1 character
 | |
|  *	- [<char1><char2>...<charN>] match any character in the set
 | |
|  *	- [<char1>-<char2>] matches any character in the range
 | |
|  *
 | |
|  * This function implements the MetaMatch() service of the
 | |
|  * EFI_UNICODE_COLLATION_PROTOCOL2.
 | |
|  *
 | |
|  * Return:	true if the string is matched.
 | |
|  */
 | |
| static bool EFIAPI efi_metai_match(struct efi_unicode_collation_protocol *this,
 | |
| 				   const u16 *string, const u16 *pattern)
 | |
| {
 | |
| 	bool ret;
 | |
| 
 | |
| 	EFI_ENTRY("%p, %ls, %ls", this, string, pattern);
 | |
| 	ret =  metai_match(string, pattern);
 | |
| 	EFI_EXIT(EFI_SUCCESS);
 | |
| 	return ret;
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * efi_str_lwr() - convert to lower case
 | |
|  *
 | |
|  * @this:	unicode collation protocol instance
 | |
|  * @string:	string to convert
 | |
|  *
 | |
|  * The conversion is done in place. As long as upper and lower letters use the
 | |
|  * same number of words this does not pose a problem.
 | |
|  *
 | |
|  * This function implements the StrLwr() service of the
 | |
|  * EFI_UNICODE_COLLATION_PROTOCOL2.
 | |
|  */
 | |
| static void EFIAPI efi_str_lwr(struct efi_unicode_collation_protocol *this,
 | |
| 			       u16 *string)
 | |
| {
 | |
| 	EFI_ENTRY("%p, %ls", this, string);
 | |
| 	for (; *string; ++string)
 | |
| 		*string = utf_to_lower(*string);
 | |
| 	EFI_EXIT(EFI_SUCCESS);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * efi_str_upr() - convert to upper case
 | |
|  *
 | |
|  * @this:	unicode collation protocol instance
 | |
|  * @string:	string to convert
 | |
|  *
 | |
|  * The conversion is done in place. As long as upper and lower letters use the
 | |
|  * same number of words this does not pose a problem.
 | |
|  *
 | |
|  * This function implements the StrUpr() service of the
 | |
|  * EFI_UNICODE_COLLATION_PROTOCOL2.
 | |
|  */
 | |
| static void EFIAPI efi_str_upr(struct efi_unicode_collation_protocol *this,
 | |
| 			       u16 *string)
 | |
| {
 | |
| 	EFI_ENTRY("%p, %ls", this, string);
 | |
| 	for (; *string; ++string)
 | |
| 		*string = utf_to_upper(*string);
 | |
| 	EFI_EXIT(EFI_SUCCESS);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * efi_fat_to_str() - convert an 8.3 file name from an OEM codepage to Unicode
 | |
|  *
 | |
|  * @this:	unicode collation protocol instance
 | |
|  * @fat_size:	size of the string to convert
 | |
|  * @fat:	string to convert
 | |
|  * @string:	converted string
 | |
|  *
 | |
|  * This function implements the FatToStr() service of the
 | |
|  * EFI_UNICODE_COLLATION_PROTOCOL2.
 | |
|  */
 | |
| static void EFIAPI efi_fat_to_str(struct efi_unicode_collation_protocol *this,
 | |
| 				  efi_uintn_t fat_size, char *fat, u16 *string)
 | |
| {
 | |
| 	efi_uintn_t i;
 | |
| 	u16 c;
 | |
| 
 | |
| 	EFI_ENTRY("%p, %zu, %s, %p", this, fat_size, fat, string);
 | |
| 	for (i = 0; i < fat_size; ++i) {
 | |
| 		c = (unsigned char)fat[i];
 | |
| 		if (c > 0x80)
 | |
| 			c = codepage[c - 0x80];
 | |
| 		string[i] = c;
 | |
| 		if (!c)
 | |
| 			break;
 | |
| 	}
 | |
| 	string[i] = 0;
 | |
| 	EFI_EXIT(EFI_SUCCESS);
 | |
| }
 | |
| 
 | |
| /**
 | |
|  * efi_fat_to_str() - convert a utf-16 string to legal characters for a FAT
 | |
|  *                    file name in an OEM code page
 | |
|  *
 | |
|  * @this:	unicode collation protocol instance
 | |
|  * @string:	Unicode string to convert
 | |
|  * @fat_size:	size of the target buffer
 | |
|  * @fat:	converted string
 | |
|  *
 | |
|  * This function implements the StrToFat() service of the
 | |
|  * EFI_UNICODE_COLLATION_PROTOCOL2.
 | |
|  *
 | |
|  * Return:	true if an illegal character was substituted by '_'.
 | |
|  */
 | |
| static bool EFIAPI efi_str_to_fat(struct efi_unicode_collation_protocol *this,
 | |
| 				  const u16 *string, efi_uintn_t fat_size,
 | |
| 				  char *fat)
 | |
| {
 | |
| 	efi_uintn_t i;
 | |
| 	s32 c;
 | |
| 	bool ret = false;
 | |
| 
 | |
| 	EFI_ENTRY("%p, %ls, %zu, %p", this, string, fat_size, fat);
 | |
| 	for (i = 0; i < fat_size;) {
 | |
| 		c = utf16_get(&string);
 | |
| 		switch (c) {
 | |
| 		/* Ignore period and space */
 | |
| 		case '.':
 | |
| 		case ' ':
 | |
| 			continue;
 | |
| 		case 0:
 | |
| 			break;
 | |
| 		}
 | |
| 		c = utf_to_upper(c);
 | |
| 		if (utf_to_cp(&c, codepage) ||
 | |
| 		    (c && (c < 0x20 || strchr(illegal, c)))) {
 | |
| 			ret = true;
 | |
| 			c = '_';
 | |
| 		}
 | |
| 
 | |
| 		fat[i] = c;
 | |
| 		if (!c)
 | |
| 			break;
 | |
| 		++i;
 | |
| 	}
 | |
| 	EFI_EXIT(EFI_SUCCESS);
 | |
| 	return ret;
 | |
| }
 | |
| 
 | |
| const struct efi_unicode_collation_protocol efi_unicode_collation_protocol2 = {
 | |
| 	.stri_coll = efi_stri_coll,
 | |
| 	.metai_match = efi_metai_match,
 | |
| 	.str_lwr = efi_str_lwr,
 | |
| 	.str_upr = efi_str_upr,
 | |
| 	.fat_to_str = efi_fat_to_str,
 | |
| 	.str_to_fat = efi_str_to_fat,
 | |
| 	.supported_languages = "en",
 | |
| };
 |