[efi] Fix uninitialised data in HII IFR structures

The HII IFR structures are allocated via realloc() rather than zalloc(), and so are not automatically zeroed. This results in the presence of uninitialised and invalid data, causing crashes elsewhere in the UEFI firmware. Fix by explicitly zeroing the newly allocated portion of any IFR structure in efi_ifr_op(). Debugged-by: Laszlo Ersek <lersek@redhat.com> Debugged-by: Gary Lin <glin@suse.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
ipxe · Jun 29, 2016 · c9f6a86 · c9f6a86
1 parent 0418631
commit c9f6a86
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/interface/efi/efi_hii.c b/src/interface/efi/efi_hii.c
@@ -117,6 +117,7 @@ static void * efi_ifr_op ( struct efi_ifr_builder *ifr, unsigned int opcode,
 	ifr->ops_len = new_ops_len;
 
 	/* Fill in opcode header */
+	memset ( op, 0, len );
 	op->OpCode = opcode;
 	op->Length = len;