diff options
| author | ydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-04-24 03:00:32 +0000 |
|---|---|---|
| committer | ydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-04-24 03:00:32 +0000 |
| commit | 28186d45660c92b8d98b8b19b5f8e6ff71ea5fba (patch) | |
| tree | 256d494851b79fcc27adb0e51586337b4a161390 /SecurityPkg/Library/DxeTpmMeasureBootLib | |
| parent | 035da677c8d4967d548ae1c81fa546075463cf27 (diff) | |
| download | edk2-platforms-28186d45660c92b8d98b8b19b5f8e6ff71ea5fba.tar.xz | |
Validate some fields in PE image to make sure not access violation for later code.
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13211 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Library/DxeTpmMeasureBootLib')
| -rw-r--r-- | SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index d3c7bfec62..f0039c8048 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -36,6 +36,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. BOOLEAN mMeasureGptTableFlag = FALSE;
EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
UINTN mMeasureGptCount = 0;
+VOID *mFileBuffer;
+UINTN mImageSize;
/**
Reads contents of a PE/COFF image in memory buffer.
@@ -57,7 +59,27 @@ ImageRead ( OUT VOID *Buffer
)
{
+ UINTN EndPosition;
+
+ if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (MAX_ADDRESS - FileOffset < *ReadSize) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ EndPosition = FileOffset + *ReadSize;
+ if (EndPosition > mImageSize) {
+ *ReadSize = (UINT32)(mImageSize - FileOffset);
+ }
+
+ if (FileOffset >= mImageSize) {
+ *ReadSize = 0;
+ }
+
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
+
return EFI_SUCCESS;
}
@@ -495,6 +517,10 @@ TcgMeasurePeImage ( if (ImageSize > SumOfBytesHashed) {
HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+ if (ImageSize - SumOfBytesHashed < Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size) {
+ Status = EFI_INVALID_PARAMETER;
+ goto Finish;
+ }
//
// Use PE32 offset
//
@@ -502,6 +528,10 @@ TcgMeasurePeImage ( Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
SumOfBytesHashed);
} else {
+ if (ImageSize - SumOfBytesHashed < Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size) {
+ Status = EFI_INVALID_PARAMETER;
+ goto Finish;
+ }
//
// Use PE32+ offset
//
@@ -735,6 +765,9 @@ DxeTpmMeasureBootHandler ( goto Finish;
}
+ mImageSize = FileSize;
+ mFileBuffer = FileBuffer;
+
//
// Measure PE Image
//
|