summaryrefslogtreecommitdiff
path: root/MdePkg/Library/BasePeCoffLib
diff options
context:
space:
mode:
authorjyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524>2012-06-12 08:28:43 +0000
committerjyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524>2012-06-12 08:28:43 +0000
commitdc204d5a0fd64d1ccbc90ebea827e7ad73b71f4d (patch)
tree780a18f56c08103c2bd577828a533f9d85556815 /MdePkg/Library/BasePeCoffLib
parent90eaa3c1e022e2b676da65cb41aa66136a18b4ea (diff)
downloadedk2-platforms-dc204d5a0fd64d1ccbc90ebea827e7ad73b71f4d.tar.xz
Add comment for modules which have external input.
signed-off-by: jiewen.yao@intel.com reviewed-by: guo.dong@intel.com reviewed-by: ting.ye@intel.com reviewed-by: liming.gao@intel.com reviewed-by: elvin.li@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdePkg/Library/BasePeCoffLib')
-rw-r--r--MdePkg/Library/BasePeCoffLib/BasePeCoff.c22
-rw-r--r--MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf7
2 files changed, 26 insertions, 3 deletions
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index e44f04c799..71089bbb0d 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -2,6 +2,19 @@
Base PE/COFF loader supports loading any PE32/PE32+ or TE image, but
only supports relocating IA32, x64, IPF, and EBC images.
+ Caution: This file requires additional review when modified.
+ This library will have external input - PE/COFF image.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ The basic guideline is that caller need provide ImageContext->ImageRead () with the
+ necessary data range check, to make sure when this library reads PE/COFF image, the
+ PE image buffer is always in valid range.
+ This library will also do some additional check for PE header fields.
+
+ PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header.
+ PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF image.
+
Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
This program and the accompanying materials
@@ -48,7 +61,10 @@ PeCoffLoaderGetPeHeaderMagicValue (
/**
Retrieves the PE or TE Header from a PE/COFF or TE image.
- Also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader,
+
+ Caution: This function may receive untrusted input.
+ PE/COFF image is external input, so this routine will
+ also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader,
SizeOfHeader, Section Data Region and Security Data Region be in PE image range.
@param ImageContext The context of the image being loaded.
@@ -376,7 +392,9 @@ PeCoffLoaderGetPeHeader (
The ImageRead and Handle fields of ImageContext structure must be valid prior
to invoking this service.
- Also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader,
+ Caution: This function may receive untrusted input.
+ PE/COFF image is external input, so this routine will
+ also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader,
SizeOfHeader, Section Data Region and Security Data Region be in PE image range.
@param ImageContext The pointer to the image context structure that describes the PE/COFF
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf b/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
index 45fdc2196d..470ae88406 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
@@ -4,7 +4,12 @@
# The IA32 version library support loading IA32, X64 and EBC PE/COFF images.
# The X64 version library support loading IA32, X64 and EBC PE/COFF images.
#
-# Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+# Caution: This module requires additional review when modified.
+# This library will have external input - PE/COFF image.
+# This external input must be validated carefully to avoid security issue like
+# buffer overflow, integer overflow.
+#
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
#
# This program and the accompanying materials