From b4e027f1c6063278c741757d82f3f787236673b6 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Wed, 31 Jul 2013 01:09:38 +0000 Subject: MdeModulePkg PartitionDxe: Ensure the NumberOfPartitionEntries * SizeOfPartitionEntry doesn't overflow. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Chao Zhang git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14520 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c') diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c index a3910041a3..0778588298 100644 --- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c +++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c @@ -13,7 +13,7 @@ PartitionValidGptTable(), PartitionCheckGptEntry() routine will accept disk partition content and validate the GPT table and GPT entry. -Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -307,7 +307,7 @@ PartitionInstallGptChildHandles ( DEBUG ((EFI_D_INFO, " Valid primary and !Valid backup partition table\n")); DEBUG ((EFI_D_INFO, " Restore backup partition table by the primary\n")); if (!PartitionRestoreGptTable (BlockIo, DiskIo, PrimaryHeader)) { - DEBUG ((EFI_D_INFO, " Restore backup partition table error\n")); + DEBUG ((EFI_D_INFO, " Restore backup partition table error\n")); } if (PartitionValidGptTable (BlockIo, DiskIo, PrimaryHeader->AlternateLBA, BackupHeader)) { @@ -487,13 +487,22 @@ PartitionValidGptTable ( if ((PartHdr->Header.Signature != EFI_PTAB_HEADER_ID) || !PartitionCheckCrc (BlockSize, &PartHdr->Header) || - PartHdr->MyLBA != Lba + PartHdr->MyLBA != Lba || + (PartHdr->SizeOfPartitionEntry < sizeof (EFI_PARTITION_ENTRY)) ) { DEBUG ((EFI_D_INFO, "Invalid efi partition table header\n")); FreePool (PartHdr); return FALSE; } + // + // Ensure the NumberOfPartitionEntries * SizeOfPartitionEntry doesn't overflow. + // + if (PartHdr->NumberOfPartitionEntries > DivU64x32 (MAX_UINTN, PartHdr->SizeOfPartitionEntry)) { + FreePool (PartHdr); + return FALSE; + } + CopyMem (PartHeader, PartHdr, sizeof (EFI_PARTITION_TABLE_HEADER)); if (!PartitionCheckGptEntryArrayCRC (BlockIo, DiskIo, PartHeader)) { FreePool (PartHdr); -- cgit v1.2.3