[efi] Ensure NUL byte is at lowest address within stack cookiecookie

The NUL byte included within the stack cookie to act as a string terminator should be placed at the lowest byte address within the stack cookie, in order to avoid potentially including the stack cookie value within an accidentally unterminated string. Suggested-by: Pete Beck <pete.beck@ioactive.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2020-07-09 14:20:53 +0100
committer: Michael Brown <mcb30@ipxe.org> 2020-07-09 14:20:53 +0100
commit: b6eecb182e07a82bae2a5f8c28dadb1bea409090 (patch)
tree: 366c1f338fc6d51c921b5a095a8c5d82fa4e5c8d
parent: fcdd9c0982e6c5a435fefdcc9444242fd4fbdd8b (diff)
download: qemu-ipxe-b6eecb182e07a82bae2a5f8c28dadb1bea409090.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/interface/efi/efi_init.c b/src/interface/efi/efi_init.c
index 284c39b3..e1041a5e 100644
--- a/src/interface/efi/efi_init.c
+++ b/src/interface/efi/efi_init.c
@@ -21,6 +21,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 
 #include <string.h>
 #include <errno.h>
+#include <endian.h>
 #include <ipxe/init.h>
 #include <ipxe/rotate.h>
 #include <ipxe/efi/efi.h>
@@ -128,6 +129,13 @@ efi_stack_cookie ( EFI_HANDLE handle ) {
 	 */
 	cookie <<= 8;
 
+	/* Ensure that the NUL byte is placed at the bottom of the
+	 * stack cookie, to avoid potential disclosure via an
+	 * unterminated string.
+	 */
+	if ( __BYTE_ORDER == __BIG_ENDIAN )
+		cookie >>= 8;
+
 	return cookie;
 }
author	Michael Brown <mcb30@ipxe.org>	2020-07-09 14:20:53 +0100
committer	Michael Brown <mcb30@ipxe.org>	2020-07-09 14:20:53 +0100
commit	b6eecb182e07a82bae2a5f8c28dadb1bea409090 (patch)
tree	366c1f338fc6d51c921b5a095a8c5d82fa4e5c8d
parent	fcdd9c0982e6c5a435fefdcc9444242fd4fbdd8b (diff)
download	qemu-ipxe-b6eecb182e07a82bae2a5f8c28dadb1bea409090.tar.gz