[efi] Ensure NUL byte is at lowest address within stack cookie
The NUL byte included within the stack cookie to act as a string
terminator should be placed at the lowest byte address within the
stack cookie, in order to avoid potentially including the stack cookie
value within an accidentally unterminated string.
Suggested-by: Pete Beck <pete.beck@ioactive.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
diff --git a/src/interface/efi/efi_init.c b/src/interface/efi/efi_init.c
index 284c39b..e1041a5 100644
--- a/src/interface/efi/efi_init.c
+++ b/src/interface/efi/efi_init.c
@@ -21,6 +21,7 @@
#include <string.h>
#include <errno.h>
+#include <endian.h>
#include <ipxe/init.h>
#include <ipxe/rotate.h>
#include <ipxe/efi/efi.h>
@@ -128,6 +129,13 @@
*/
cookie <<= 8;
+ /* Ensure that the NUL byte is placed at the bottom of the
+ * stack cookie, to avoid potential disclosure via an
+ * unterminated string.
+ */
+ if ( __BYTE_ORDER == __BIG_ENDIAN )
+ cookie >>= 8;
+
return cookie;
}