:: commit 64583e497c2d9db0a8a36e94c73f3aba49deea0c
lib/config: Guard against zero-length EFI device path nodes
diff --git a/common/lib/config.c b/common/lib/config.c
index 244457e5..47b9f724 100644
--- a/common/lib/config.c
+++ b/common/lib/config.c
@@ -53,7 +53,11 @@ static bool init_efi_app_path(size_t *len_out) {
goto found;
}
- path = (void *)path + *((uint16_t *)&path->Length[0]);
+ uint16_t node_length = *((uint16_t *)&path->Length[0]);
+ if (node_length < 4) {
+ return false;
+ }
+ path = (void *)path + node_length;
}
return false;
