From c4ba5b516d03ec0973b5c4ad58e2735d96b1bd83 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 28 Jan 2019 17:33:08 +0100
Subject: [PATCH] bootctl: safety check for regular file when reading EFI
 images

---
 src/boot/bootctl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index 1dbe00adb6..2424aa011f 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -96,6 +96,10 @@ static int get_file_version(int fd, char **v) {
         if (fstat(fd, &st) < 0)
                 return log_error_errno(errno, "Failed to stat EFI binary: %m");
 
+        r = stat_verify_regular(&st);
+        if (r < 0)
+                return log_error_errno(errno, "EFI binary is not a regular file: %m");
+
         if (st.st_size < 27) {
                 *v = NULL;
                 return 0;
-- 
2.25.1