Don't loop forever in load_certs() with buggy firmware

On DELL R350 booting DVD through RFS with BIOS 1.4.2 in Secure Boot, firmware returns EFI_BUFFER_TOO_SMALL but with new buffersize set to 0, which causes the load_certs() code to loop forever: while (1) { efi_status = dir->Read(dir, &buffersize, buffer); if (efi_status == EFI_BUFFER_TOO_SMALL) { ... continue; } ... } This commit prevents such infinite loop. Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
rhboot · Feb 1, 2023 · f23883c · f23883c
1 parent e4f40ae
commit f23883c
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/shim.c b/shim.c
@@ -1483,11 +1483,21 @@ load_certs(EFI_HANDLE image_handle)
 	}
 
 	while (1) {
-		int old = buffersize;
+		UINTN old = buffersize;
 		efi_status = dir->Read(dir, &buffersize, buffer);
 		if (efi_status == EFI_BUFFER_TOO_SMALL) {
-			buffer = ReallocatePool(buffer, old, buffersize);
-			continue;
+			if (buffersize != old) {
+				buffer = ReallocatePool(buffer, old, buffersize);
+				if (buffer == NULL) {
+					perror(L"Failed to read directory %s - %r\n",
+					       PathName, EFI_OUT_OF_RESOURCES);
+					goto done;
+				}
+				continue;
+			}
+			perror(L"Failed to read directory %s - buggy firmware\n",
+			       PathName);
+			goto done;
 		} else if (EFI_ERROR(efi_status)) {
 			perror(L"Failed to read directory %s - %r\n", PathName,
 			       efi_status);