[PATCH master 03/39] efi: loader: fix CRC32 computation in table header update

mail archive of the barebox mailing list
 help / color / mirror / Atom feed

From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
	"Claude Opus 4.6" <noreply@anthropic.com>
Subject: [PATCH master 03/39] efi: loader: fix CRC32 computation in table header update
Date: Mon, 16 Feb 2026 09:44:03 +0100	[thread overview]
Message-ID: <20260216084758.3548990-4-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20260216084758.3548990-1-a.fatoum@pengutronix.de>

The CRC32 is computed over the full table header, which includes the
crc32 field itself. Without zeroing the field first, the old CRC
value is included as input data in the new computation, producing
incorrect results on any update after the first.

The UEFI specification requires the field to be zero during CRC32
computation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 efi/loader/table.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/efi/loader/table.c b/efi/loader/table.c
index 0c200365b835..dc2ec893cb2e 100644
--- a/efi/loader/table.c
+++ b/efi/loader/table.c
@@ -13,6 +13,7 @@
  */
 void __efi_runtime efi_update_table_header_crc32(struct efi_table_hdr *table)
 {
+	table->crc32 = 0;
 	table->crc32 = __pi_crc32(0, table, table->headersize);
 }
 
-- 
2.47.3

next prev parent reply	other threads:[~2026-02-16  8:48 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-16  8:44 [PATCH master 00/39] efi: fix bugs Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 01/39] efi: fix potential NULL dereference Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 02/39] efi: trace: fix EFI_EXIT2 to not evaluate output value on error Ahmad Fatoum
2026-02-16  8:44 ` Ahmad Fatoum [this message]
2026-02-16  8:44 ` [PATCH master 04/39] efi: loader: fix pointer vs value comparison in free_efi_only Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 05/39] efi: loader: fix disk write return value check Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 06/39] efi: loader: fix EFI_ENTRY/EFI_EXIT ordering in efi_set_time Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 07/39] efi: runtime: fix missing EFI_EXIT in efirt_query_variable_info Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 08/39] efi: loader: fix file handle leak in efi_file_from_path Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 09/39] efi: loader: fix missing field init in deferred protocol add Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 10/39] efi: loader: fix memory leak in efi_var_to_file Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 11/39] efi: loader: fix multiple bugs in efi_loader_bootm Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 12/39] efi: loader: fix return type and memory leak in efi_smbios_register Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 13/39] efi: loader: fix memory leak in efi_dp_split_file_path Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 14/39] efi: loader: fix HII string table realloc and memset bugs Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 15/39] efi: loader: fix format specifier and missing EFI_EXIT in boot services Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 16/39] efi: fix unreachable free in efi_set_variable_printf Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 17/39] efi: payload: fix missing NULL check after read_file in handover Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 18/39] efi: payload: fix EFI page leak in efi_read_file Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 19/39] efi: payload: fix inverted error check after state_load Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 20/39] efi: fix out-of-bounds read in device path unknown node printing Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 21/39] efi: payload: fix wrong page count in efi_unload_fdt Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 22/39] efi: fix out-of-bounds read in 1394 device path printing Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 23/39] efi: loader: initialize block IO ops before installing protocol Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 24/39] efi: runtime: fix variable store bounds check to account for alignment Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 25/39] efi: fix Fibre Channel device path type vs sub_type comparison Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 26/39] efi: loader: fix file open mode always setting O_RDWR Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 27/39] efi: loader: fix NULL pointer dereference when deleting root volume handle Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 28/39] efi: loader: fix memory leak of variable file buffer on success Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 29/39] efi: loader: fix memory leak in efi_var_collect on buffer overflow Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 30/39] efi: fix signed format specifier for uint64_t timestamp Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 31/39] efi: payload: fix possible memory leaks during init Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 32/39] efi: payload: protect against missing state alias Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 33/39] efi: loader: fix stale return value in console out-of-memory path Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 34/39] efi: loader: fix off-by-one in FAT codepage translation Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 35/39] efi: loader: fix co-existence with EFI payload support Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 36/39] efi: payload: skip ELF MMU handling when booted via stub Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 37/39] efi: payload: register dummy device tree Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 38/39] console: introduce helper for printing binary buffers as-is Ahmad Fatoum
2026-02-16  8:44 ` [PATCH master 39/39] efi: loader: protocol: console: don't turn LF into CRLF Ahmad Fatoum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260216084758.3548990-4-a.fatoum@pengutronix.de \
    --to=a.fatoum@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    --cc=noreply@anthropic.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox