uefi: memory safety fixes (UB!) in SNP Protocol

phip1611 · phip1611 · commit 031f2c69c358 · 2025-09-13T10:14:31.000+02:00
Parameter mutability was used in the wrong way. I also double-checked everything in the specification [0]. [0] https://uefi.org/specs/UEFI/2.10/24_Network_Protocols_SNP_PXE_BIS.html#efi-simple-network-nvdata
diff --git a/uefi/CHANGELOG.md b/uefi/CHANGELOG.md
@@ -23,6 +23,8 @@
   image in QEMU or Cloud Hypervisor, when the debugcon/debug-console device is
   available.
 - The documentation for UEFI protocols has been streamlined and improved.
+- Fixed memory safety bug in `SimpleNetwork::read_nv_data`. The `buffer`
+  parameter is now mutable.
 
 # uefi - 0.35.0 (2025-05-04)
 
diff --git a/uefi/src/proto/network/snp.rs b/uefi/src/proto/network/snp.rs
@@ -142,30 +142,32 @@ impl SimpleNetwork {
         status.to_result_with_val(|| mac_address)
     }
 
-    /// Perform read operations on the NVRAM device attached to
-    /// a network interface.
-    pub fn read_nv_data(&self, offset: usize, buffer: &[u8]) -> Result {
+    /// Reads data from the NVRAM device attached to the network interface into
+    /// the provided `dst_buffer`.
+    pub fn read_nv_data(&self, offset: usize, dst_buffer: &mut [u8]) -> Result {
         unsafe {
             (self.0.non_volatile_data)(
                 &self.0,
                 Boolean::from(true),
                 offset,
-                buffer.len(),
-                buffer.as_ptr() as *mut c_void,
+                dst_buffer.len(),
+                dst_buffer.as_mut_ptr().cast(),
             )
         }
         .to_result()
     }
 
-    /// Perform write operations on the NVRAM device attached to a network interface.
-    pub fn write_nv_data(&self, offset: usize, buffer: &mut [u8]) -> Result {
+    /// Writes data into the NVRAM device attached to the network interface from
+    /// the provided `src_buffer`.
+    pub fn write_nv_data(&self, offset: usize, src_buffer: &[u8]) -> Result {
         unsafe {
             (self.0.non_volatile_data)(
                 &self.0,
                 Boolean::from(false),
                 offset,
-                buffer.len(),
-                buffer.as_mut_ptr().cast(),
+                src_buffer.len(),
+                // SAFETY: The buffer is only used for reading.
+                src_buffer.as_ptr().cast::<c_void>().cast_mut(),
             )
         }
         .to_result()
