Commit 031f2c6

committed

uefi: memory safety fixes (UB!) in SNP Protocol

Parameter mutability was used in the wrong way. I also double-checked everything in the specification [0]. [0] https://uefi.org/specs/UEFI/2.10/24_Network_Protocols_SNP_PXE_BIS.html#efi-simple-network-nvdata

1 parent 90c5ba4 commit 031f2c6Copy full SHA for 031f2c6

File tree

2 files changed

+13

-9

lines changed

uefi
- CHANGELOG.md
- src/proto/network
  - snp.rs

2 files changed

+13

-9

lines changed

`‎uefi/CHANGELOG.md‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@`
`23`	`23`	`image in QEMU or Cloud Hypervisor, when the debugcon/debug-console device is`
`24`	`24`	`available.`
`25`	`25`	`- The documentation for UEFI protocols has been streamlined and improved.`
	`26`	+- Fixed memory safety bug in `SimpleNetwork::read_nv_data`. The `buffer`
	`27`	`+ parameter is now mutable.`
`26`	`28`
`27`	`29`	`# uefi - 0.35.0 (2025年05月04日)`
`28`	`30`

`‎uefi/src/proto/network/snp.rs‎`

Lines changed: 11 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -142,30 +142,32 @@ impl SimpleNetwork {`
`142`	`142`	`status.to_result_with_val(\|\| mac_address)`
`143`	`143`	`}`
`144`	`144`
`145`		`- /// Perform read operations on the NVRAM device attached to`
`146`		`- /// a network interface.`
`147`		`- pub fn read_nv_data(&self, offset: usize, buffer: &[u8]) -> Result {`
	`145`	`+ /// Reads data from the NVRAM device attached to the network interface into`
	`146`	+ /// the provided `dst_buffer`.
	`147`	`+ pub fn read_nv_data(&self, offset: usize, dst_buffer: &mut[u8]) -> Result {`
`148`	`148`	`unsafe {`
`149`	`149`	`(self.0.non_volatile_data)(`
`150`	`150`	`&self.0,`
`151`	`151`	`Boolean::from(true),`
`152`	`152`	`offset,`
`153`		`- buffer.len(),`
`154`		`- buffer.as_ptr()as*mutc_void,`
	`153`	`+ dst_buffer.len(),`
	`154`	`+ dst_buffer.as_mut_ptr().cast(),`
`155`	`155`	`)`
`156`	`156`	`}`
`157`	`157`	`.to_result()`
`158`	`158`	`}`
`159`	`159`
`160`		`- /// Perform write operations on the NVRAM device attached to a network interface.`
`161`		`- pub fn write_nv_data(&self, offset: usize, buffer: &mut [u8]) -> Result {`
	`160`	`+ /// Writes data into the NVRAM device attached to the network interface from`
	`161`	+ /// the provided `src_buffer`.
	`162`	`+ pub fn write_nv_data(&self, offset: usize, src_buffer: &[u8]) -> Result {`
`162`	`163`	`unsafe {`
`163`	`164`	`(self.0.non_volatile_data)(`
`164`	`165`	`&self.0,`
`165`	`166`	`Boolean::from(false),`
`166`	`167`	`offset,`
`167`		`- buffer.len(),`
`168`		`- buffer.as_mut_ptr().cast(),`
	`168`	`+ src_buffer.len(),`
	`169`	`+ // SAFETY: The buffer is only used for reading.`
	`170`	`+ src_buffer.as_ptr().cast::<c_void>().cast_mut(),`
`169`	`171`	`)`
`170`	`172`	`}`
`171`	`173`	`.to_result()`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit 031f2c6

File tree

2 files changed

2 files changed

`‎uefi/CHANGELOG.md‎`

`‎uefi/src/proto/network/snp.rs‎`

0 commit comments