dp-hw.c: fix incorrect error handling of efidp_node_size() invocations

One of our analysis tools noticed the following error:

 Error: OVERRUN (CWE-119):
 efivar-38/src/dp-hw.c:64: return_constant: Function call "efidp_node_size(dp)" may return -1.
 efivar-38/src/dp-hw.c:64: overrun-buffer-arg: Calling "format_hex_helper" with "(uint8_t *)dp + 4" and "efidp_node_size(dp) - 4L" is suspicious because of the very large index, 18446744073709551611. The index may be due to a negative parameter being interpreted as unsigned.
 #   62|                   format(buf, size, off, "Hardware",
 #   63|                          "HardwarePath(%d,", dp->subtype);
 #   64|->                 format_hex(buf, size, off, "Hardware", (uint8_t *)dp+4,
 #   65|                              efidp_node_size(dp)-4);
 #   66|                   format(buf, size, off, "Hardware", ")");

This patch adds error checking to that use of efidp_node_size().

Resolves: RHEL-27676
Signed-off-by: Peter Jones <[email protected]>

Author: vathpela

src/dp-hw.c

@@ -58,13 +58,20 @@ _format_hw_dn(unsigned char *buf, size_t size, const_efidp dp)
 		format(buf, size, off, "BMC", "BMC(%d,0x%"PRIx64")",
 		       dp->bmc.interface_type, dp->bmc.base_addr);
 		break;
-	default:
+	default: {
+		ssize_t sz = efidp_node_size(dp);
+
+		if (SUB(sz, 4, &sz) ||
+		    sz < 0) {
+			efi_error("bad DP node size");
+			return -1;
+		}
 		format(buf, size, off, "Hardware",
 		       "HardwarePath(%d,", dp->subtype);
-		format_hex(buf, size, off, "Hardware", (uint8_t *)dp+4,
-			   efidp_node_size(dp)-4);
+		format_hex(buf, size, off, "Hardware", (uint8_t *)dp+4, sz);
 		format(buf, size, off, "Hardware", ")");
 		break;
+		 }
 	}
 	return off;
 }