diff options
author | jyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-06-12 08:28:43 +0000 |
---|---|---|
committer | jyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-06-12 08:28:43 +0000 |
commit | dc204d5a0fd64d1ccbc90ebea827e7ad73b71f4d (patch) | |
tree | 780a18f56c08103c2bd577828a533f9d85556815 /SecurityPkg/Library/DxeImageVerificationLib | |
parent | 90eaa3c1e022e2b676da65cb41aa66136a18b4ea (diff) | |
download | edk2-platforms-dc204d5a0fd64d1ccbc90ebea827e7ad73b71f4d.tar.xz |
Add comment for modules which have external input.
signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Library/DxeImageVerificationLib')
-rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 43 | ||||
-rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf | 5 |
2 files changed, 44 insertions, 4 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 2a54296134..dff4bd0371 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1,6 +1,17 @@ /** @file
Implement image verification services for secure boot service in UEFI2.3.1.
+ Caution: This file requires additional review when modified.
+ This library will have external input - PE/COFF image.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+
+ DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+ read is within the image buffer.
+
+ DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+ untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -14,16 +25,24 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "DxeImageVerificationLib.h"
+//
+// Caution: This is used by a function which may receive untrusted input.
+// These global variables hold PE/COFF image data, and they should be validated before use.
+//
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
-UINTN mImageSize;
UINT32 mPeCoffHeaderOffset;
-UINT8 mImageDigest[MAX_DIGEST_SIZE];
-UINTN mImageDigestSize;
EFI_IMAGE_DATA_DIRECTORY *mSecDataDir = NULL;
-UINT8 *mImageBase = NULL;
EFI_GUID mCertType;
//
+// Information on current PE/COFF image
+//
+UINTN mImageSize;
+UINT8 *mImageBase = NULL;
+UINT8 mImageDigest[MAX_DIGEST_SIZE];
+UINTN mImageDigestSize;
+
+//
// Notify string for authorization UI.
//
CHAR16 mNotifyString1[MAX_NOTIFY_STRING_LEN] = L"Image verification pass but not found in authorized database!";
@@ -57,6 +76,10 @@ HASH_TABLE mHash[] = { /**
Reads contents of a PE/COFF image in memory buffer.
+ Caution: This function may receive untrusted input.
+ PE/COFF image is external input, so this function will make sure the PE/COFF image content
+ read is within the image buffer.
+
@param FileHandle Pointer to the file handle to read the PE/COFF image.
@param FileOffset Offset into the PE/COFF image to begin the read operation.
@param ReadSize On input, the size in bytes of the requested read operation.
@@ -229,6 +252,10 @@ GetImageType ( Caculate hash of Pe/Coff image based on the authenticode image hashing in
PE/COFF Specification 8.0 Appendix A
+ Caution: This function may receive untrusted input.
+ PE/COFF image is external input, so this function will validate its data structure
+ within this image buffer before use.
+
@param[in] HashAlg Hash algorithm type.
@retval TRUE Successfully hash image.
@@ -550,6 +577,10 @@ Done: Pe/Coff image based on the authenticode image hashing in PE/COFF Specification
8.0 Appendix A
+ Caution: This function may receive untrusted input.
+ PE/COFF image is external input, so this function will validate its data structure
+ within this image buffer before use.
+
@retval EFI_UNSUPPORTED Hash algorithm is not supported.
@retval EFI_SUCCESS Hash successfully.
@@ -1184,6 +1215,10 @@ Done: If no,
Error out
+ Caution: This function may receive untrusted input.
+ PE/COFF image is external input, so this function will validate its data structure
+ within this image buffer before use.
+
@param[in] AuthenticationStatus
This is the authentication status returned from the security
measurement services for the input file.
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf index 860d64ba83..e561a648a1 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -2,6 +2,11 @@ # The library instance provides security service of image verification.
# Image verification Library module supports UEFI2.3.1
#
+# Caution: This module requires additional review when modified.
+# This library will have external input - PE/COFF image.
+# This external input must be validated carefully to avoid security issue like
+# buffer overflow, integer overflow.
+#
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
|