diff options
| author | Jeff Fan <jeff.fan@intel.com> | 2014-06-30 06:13:53 +0000 |
|---|---|---|
| committer | vanjeff <vanjeff@6f19259b-4bc3-4df7-8a09-765794883524> | 2014-06-30 06:13:53 +0000 |
| commit | 9e2364ef1203f81c8572766d360fb7b10c2cda56 (patch) | |
| tree | 1329330bc79b3b5b3b1070e331f68b07ca99d69d | |
| parent | 8c01a99b8472f231e746c7eb9bade0ddddf2b445 (diff) | |
| download | edk2-platforms-9e2364ef1203f81c8572766d360fb7b10c2cda56.tar.xz | |
Fix the potential address overflow issue when checking PE signature.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15602 6f19259b-4bc3-4df7-8a09-765794883524
| -rw-r--r-- | SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c | 8 | ||||
| -rw-r--r-- | UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c | 21 |
2 files changed, 18 insertions, 11 deletions
diff --git a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c index 48bc38ca54..f3da983946 100644 --- a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c +++ b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c @@ -214,10 +214,12 @@ FindAndReportModuleImageInfo ( if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
//
// DOS image header is present, so read the PE header after the DOS image header.
- // Check if address overflow firstly.
//
- if ((MAX_ADDRESS - (UINTN)DosHdr->e_lfanew) > Pe32Data) {
- Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN)(DosHdr->e_lfanew));
+ Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
+ //
+ // Make sure PE header address does not overflow and is less than the initial address.
+ //
+ if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < (UINTN)mErrorMsgVersionAlert)) {
if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
//
// It's PE image.
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c index c075d5f168..0754aa9832 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c @@ -1,7 +1,7 @@ /** @file
CPU Exception Hanlder Library common functions.
- Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -90,13 +90,18 @@ FindModuleImageBase ( // DOS image header is present, so read the PE header after the DOS image header.
//
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
- if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
- //
- // It's PE image.
- //
- InternalPrintMessage ("!!!! Find PE image ");
- *EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff);
- break;
+ //
+ // Make sure PE header address does not overflow and is less than the initial address.
+ //
+ if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < CurrentEip)) {
+ if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
+ //
+ // It's PE image.
+ //
+ InternalPrintMessage ("!!!! Find PE image ");
+ *EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff);
+ break;
+ }
}
} else {
//
|