From b0a2ea0caa2ac501ceb96c46df4fc0d4eb6ec891 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sat, 13 Feb 2021 13:02:14 -0500
Subject: [PATCH] get_variable: always allocate a NUL character at the end.

Sometimes we're loading structures that are parsed in string-like ways,
but can't necessarily be trusted to be zero-terminated.  Solve that by
making sure we always have enough aligned, trailing zero bytes to always
have at least one NUL character, no matter which character type is being
parsed.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 lib/variables.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/variables.c b/lib/variables.c
index 8123ae6..5d90918 100644
--- a/lib/variables.c
+++ b/lib/variables.c
@@ -245,7 +245,11 @@ get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner,
 		return efi_status;
 	}
 
-	*data = AllocateZeroPool(*len);
+	/*
+	 * Add three zero pad bytes; at least one correctly aligned UCS-2
+	 * character.
+	 */
+	*data = AllocateZeroPool(*len + 3);
 	if (!*data)
 		return EFI_OUT_OF_RESOURCES;
 
@@ -254,6 +258,7 @@ get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner,
 		FreePool(*data);
 		*data = NULL;
 	}
+
 	return efi_status;
 }