diff options
| author | lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524> | 2010-06-11 07:47:06 +0000 |
|---|---|---|
| committer | lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524> | 2010-06-11 07:47:06 +0000 |
| commit | 4ac4deb706fcd6595d5ee96a3b322f37026561a3 (patch) | |
| tree | 9e7a18b38e4f186f21b0c1c2857708ce42b663d7 /EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib | |
| parent | 61ece967cb59509608aa747fc9424c619646fc9d (diff) | |
| download | edk2-platforms-4ac4deb706fcd6595d5ee96a3b322f37026561a3.tar.xz | |
Add more check to make sure code run safely.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10574 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib')
4 files changed, 82 insertions, 19 deletions
diff --git a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BasePeCoffLib/BasePeCoff.c b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BasePeCoffLib/BasePeCoff.c index cafda9ed8f..f99c23e5ee 100644 --- a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BasePeCoffLib/BasePeCoff.c +++ b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BasePeCoffLib/BasePeCoff.c @@ -1,6 +1,6 @@ /*++
-Copyright (c) 2004 - 2006, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -581,12 +581,18 @@ GluePeCoffLoaderRelocateImage ( // the optional header to verify a desired directory entry is there.
//
- if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
+ if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC && RelocDir->Size > 0) {
RelocBase = PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress);
RelocBaseEnd = PeCoffLoaderImageAddress (
ImageContext,
RelocDir->VirtualAddress + RelocDir->Size - 1
);
+ if ((RelocBase == NULL) || (RelocBaseEnd == NULL)) {
+ //
+ // If the base start or end address resolved to 0, then fail.
+ //
+ return RETURN_LOAD_ERROR;
+ }
} else {
//
// Set base and end to bypass processing below.
@@ -602,13 +608,21 @@ GluePeCoffLoaderRelocateImage ( // Find the relocation block
//
RelocDir = &Hdr.Te->DataDirectory[0];
- RelocBase = (EFI_IMAGE_BASE_RELOCATION *)(UINTN)(
- ImageContext->ImageAddress +
- RelocDir->VirtualAddress +
- sizeof(EFI_TE_IMAGE_HEADER) -
- Hdr.Te->StrippedSize
- );
- RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) ((UINTN) RelocBase + (UINTN) RelocDir->Size - 1);
+ if (RelocDir->Size > 0) {
+ RelocBase = (EFI_IMAGE_BASE_RELOCATION *)(UINTN)(
+ ImageContext->ImageAddress +
+ RelocDir->VirtualAddress +
+ sizeof(EFI_TE_IMAGE_HEADER) -
+ Hdr.Te->StrippedSize
+ );
+ RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) ((UINTN) RelocBase + (UINTN) RelocDir->Size - 1);
+ } else {
+ //
+ // Set base and end to bypass processing below.
+ //
+ RelocBase = NULL;
+ RelocBaseEnd = NULL;
+ }
}
//
@@ -621,6 +635,13 @@ GluePeCoffLoaderRelocateImage ( RelocEnd = (UINT16 *) ((CHAR8 *) RelocBase + RelocBase->SizeOfBlock);
if (!(ImageContext->IsTeImage)) {
FixupBase = PeCoffLoaderImageAddress (ImageContext, RelocBase->VirtualAddress);
+
+ if (FixupBase == NULL) {
+ //
+ // If the FixupBase address resolved to 0, then fail.
+ //
+ return RETURN_LOAD_ERROR;
+ }
} else {
FixupBase = (CHAR8 *)(UINTN)(ImageContext->ImageAddress +
RelocBase->VirtualAddress +
diff --git a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c index d91153fbdf..30ec41769e 100644 --- a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c +++ b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c @@ -1,6 +1,6 @@ /*++
-Copyright (c) 2004 - 2006, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -152,15 +152,32 @@ GlueMakeTable ( UINT16 WordOfStart;
UINT16 WordOfCount;
-
- for (Index = 1; Index <= 16; Index++) {
+ //
+ // TableBits should not be greater than 16.
+ //
+ if (TableBits >= (sizeof (Count)/sizeof (UINT16))) {
+ return (UINT16) BAD_TABLE;
+ }
+
+ //
+ // Initialize Count array starting from Index 0, as there is a possibility of Count array being uninitialized.
+ //
+ for (Index = 0; Index <= 16; Index++) {
Count[Index] = 0;
}
for (Index = 0; Index < NumOfChar; Index++) {
- Count[BitLen[Index]]++;
+ //
+ // Count array index should not be greater than or equal to its size.
+ //
+ if (BitLen[Index] < (sizeof (Count)/sizeof (UINT16))) {
+ Count[BitLen[Index]]++;
+ } else {
+ return (UINT16) BAD_TABLE;
+ }
}
+ Start[0] = 0;
Start[1] = 0;
for (Index = 1; Index <= 16; Index++) {
@@ -201,7 +218,7 @@ GlueMakeTable ( for (Char = 0; Char < NumOfChar; Char++) {
Len = BitLen[Char];
- if (Len == 0) {
+ if (Len == 0 || Len >= 17) {
continue;
}
@@ -220,14 +237,20 @@ GlueMakeTable ( Index = (UINT16) (Len - TableBits);
while (Index != 0) {
- if (*Pointer == 0) {
+ //
+ // Avail should be lesser than size of mRight and mLeft to prevent buffer overflow.
+ //
+ if ((*Pointer == 0) && (Avail < sizeof (Sd->mRight)/sizeof (UINT16)) && (Avail < sizeof (Sd->mLeft)/sizeof (UINT16))) {
Sd->mRight[Avail] = Sd->mLeft[Avail] = 0;
*Pointer = Avail++;
}
- if (Index3 & Mask) {
+ //
+ // *Pointer should be lesser than size of mRight and mLeft to prevent buffer overflow.
+ //
+ if ((Index3 & Mask) && (*Pointer < (sizeof (Sd->mRight)/sizeof (UINT16)))) {
Pointer = &Sd->mRight[*Pointer];
- } else {
+ } else if (*Pointer < (sizeof (Sd->mLeft)/sizeof (UINT16))) {
Pointer = &Sd->mLeft[*Pointer];
}
@@ -328,6 +351,13 @@ GlueReadPTLen ( //
Number = (UINT16) GetBits (Sd, nbit);
+ if ((Number > sizeof (Sd->mPTLen)) || (nn > sizeof (Sd->mPTLen))) {
+ //
+ // Fail if Number or nn is greater than size of mPTLen
+ //
+ return (UINT16) BAD_TABLE;
+ }
+
if (Number == 0) {
//
// This represents only Huffman code used
@@ -377,6 +407,12 @@ GlueReadPTLen ( if (Index == Special) {
CharC = (UINT16) GetBits (Sd, 2);
while ((INT16) (--CharC) >= 0) {
+ if (Index >= sizeof (Sd->mPTLen)) {
+ //
+ // Fail if Index is greater than or equal to mPTLen
+ //
+ return (UINT16) BAD_TABLE;
+ }
Sd->mPTLen[Index++] = 0;
}
}
diff --git a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/DxePerformanceLib/PerformanceLib.c b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/DxePerformanceLib/PerformanceLib.c index 9c3e1366b6..5949025d2b 100644 --- a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/DxePerformanceLib/PerformanceLib.c +++ b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/DxePerformanceLib/PerformanceLib.c @@ -1,6 +1,6 @@ /*++
-Copyright (c) 2004 - 2006, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -483,6 +483,9 @@ Returns: do {
GuidHob = (EFI_HOB_GUID_TYPE *)GlueGetNextGuidHob (&gEfiPeiPerformanceHobGuid, &HobList);
+ if (GuidHob == NULL) {
+ break;
+ }
LogHob = (EFI_HOB_GUID_DATA_PERFORMANCE_LOG *)GET_GUID_HOB_DATA (GuidHob);
for (Index = 0; Index < LogHob->NumberOfEntries; Index++) {
diff --git a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/HiiLib/HiiLib.c b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/HiiLib/HiiLib.c index 07bb0eea79..77634d906c 100644 --- a/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/HiiLib/HiiLib.c +++ b/EdkCompatibilityPkg/Foundation/Library/EdkIIGlueLib/Library/HiiLib/HiiLib.c @@ -1,6 +1,6 @@ /*++
-Copyright (c) 2004 - 2007, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -52,6 +52,9 @@ GluePreparePackages ( HiiPackages = AllocateZeroPool (sizeof (EFI_HII_PACKAGES) + NumberOfPackages * sizeof (VOID *));
ASSERT (HiiPackages != NULL);
+ if (HiiPackages == NULL) {
+ return NULL;
+ }
HiiPackages->GuidId = (EFI_GUID *) Guid;
HiiPackages->NumberOfPackages = NumberOfPackages;
|