From 63f7943dbe0583dd0bf89ee8fe8230d4b7373b91 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 4 Aug 2020 12:42:43 -0400 Subject: [PATCH] mirror_one_mok_variable(): round allocation up to a full page The code currently computes the size of the MoK variable in ram and rounds up to a full page, but then actually allocates the exact size, rather than the rounded up version. This should be completely safe, but the intent was to round up to at least the page size boundary, and to always guarantee rounding up /some/, to ensure extra 0-bytes at the end of the buffer. Signed-off-by: Peter Jones --- mok.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/mok.c b/mok.c index 3e6c7e4..393f77c 100644 --- a/mok.c +++ b/mok.c @@ -616,9 +616,12 @@ mirror_one_mok_variable(struct mok_state_variable *v, * make sure we've got some zeroes at the end, just * in case. */ - UINTN allocsz = FullDataSize + sizeof(EFI_SIGNATURE_LIST); - allocsz = ALIGN_VALUE(allocsz, 4096); - FullData = AllocateZeroPool(FullDataSize); + UINTN new, allocsz; + + allocsz = FullDataSize + sizeof(EFI_SIGNATURE_LIST); + new = ALIGN_VALUE(allocsz, 4096); + allocsz = new == allocsz ? new + 4096 : new; + FullData = AllocateZeroPool(allocsz); if (!FullData) { perror(L"Failed to allocate %lu bytes for %s\n", FullDataSize, v->name);