dp.h: check _ucs2size in format_ucs2()

dp_h-check-_ucs2size-in-format_ucs2.patch

@@ -0,0 +1,26 @@
+From 3f233dd9c8cbb267b2cf931c6191e650e8ab8a5f Mon Sep 17 00:00:00 2001
+From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+Date: Sat, 26 Aug 2023 14:36:24 +0800
+Subject: [PATCH] dp.h: check _ucs2size in format_ucs2()
+
+Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+---
+ src/dp.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dp.h b/src/dp.h
+index 8290cc1..27f7650 100644
+--- a/src/dp.h
++++ b/src/dp.h
+@@ -123,7 +123,7 @@ format_vendor_helper(unsigned char *buf, size_t size, char *label,
+ 		uint16_t *_ucs2buf;					\
+ 		uint32_t _ucs2size = sizeof(uint16_t) * len;		\
+ 		_ucs2buf = alloca(_ucs2size);				\
+-		if (_ucs2buf == NULL)					\
++		if (_ucs2buf == NULL || _ucs2size < sizeof(uint16_t))	\
+ 			return -1;					\
+ 		memset(_ucs2buf, '\0', _ucs2size);			\
+ 		memcpy(_ucs2buf, str, _ucs2size - sizeof(uint16_t));	\
+-- 
+2.23.0
+

efivar.spec

@@ -1,11 +1,13 @@
 Name:           efivar
 Version:        37
-Release:        3
+Release:        4
 Summary:        Tools and libraries to work with EFI variables
 License:        LGPLv2.1
 URL:            https://github.com/rhboot/%{name}
 Source0:        https://github.com/rhboot/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2
 
+Patch0001:      dp_h-check-_ucs2size-in-format_ucs2.patch
+
 BuildRequires:  popt-devel glibc-static
 Requires:       %{name}-libs = %{version}-%{release}
 
@@ -61,6 +63,12 @@ Development titles to use libefivar must be included.
 %{_mandir}/man3/*
 
 %changelog
+* Fri Dec 08 2023 zhouyihang <zhouyihang3@h-partners.com> - 37-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:dp.h: check _ucs2size in format_ucs2()
+
 * Mon Feb 17 2020 hexiujun <hexiujun1@huawei.com> - 37-3
 - Type:enhancement
 - ID:NA