| From 66e6579dbf921152f647a0c16da1d3b2f40861ca Mon Sep 17 00:00:00 2001 |
| From: Peter Jones <pjones@redhat.com> |
| Date: Wed, 7 Jun 2023 13:15:49 -0400 |
| Subject: [PATCH] CVE-2023-40546 mok: fix LogError() invocation |
| |
| On some ARM platform, jlinton noticed that when we fail to set a |
| variable (because it isn't supported at all, presumably), our error |
| message has an extra argument that doesn't match the format string. |
| |
| This patch removes the extra argument. |
| |
| Resolves: CVE-2023-40546 |
| Signed-off-by: Peter Jones <pjones@redhat.com> |
| --- |
| mok.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| diff --git a/mok.c b/mok.c |
| index be1eaa15..0ac34158 100644 |
| --- a/mok.c |
| +++ b/mok.c |
| @@ -291,7 +291,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, |
| &var, &varsz); |
| if (EFI_ERROR(efi_status) || !var || !varsz) { |
| LogError(L"Couldn't allocate %lu bytes for mok variable \"%s\": %r\n", |
| - varsz, var, efi_status); |
| + varsz, name, efi_status); |
| return efi_status; |
| } |
| |
| @@ -302,7 +302,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, |
| FreePool(var); |
| if (EFI_ERROR(efi_status)) { |
| LogError(L"Couldn't create mok variable \"%s\": %r\n", |
| - varsz, var, efi_status); |
| + name, efi_status); |
| return efi_status; |
| } |
| |