From dc204d5a0fd64d1ccbc90ebea827e7ad73b71f4d Mon Sep 17 00:00:00 2001
From: jyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Tue, 12 Jun 2012 08:28:43 +0000
Subject: Add comment for modules which have external input.

signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../DxeImageVerificationLib.c                      | 43 ++++++++++++++++++++--
 .../DxeImageVerificationLib.inf                    |  5 +++
 2 files changed, 44 insertions(+), 4 deletions(-)

(limited to 'SecurityPkg/Library/DxeImageVerificationLib')

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 2a54296134..dff4bd0371 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1,6 +1,17 @@
 /** @file
   Implement image verification services for secure boot service in UEFI2.3.1.
 
+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+  read is within the image buffer.
+
+  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+  untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@@ -14,15 +25,23 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #include "DxeImageVerificationLib.h"
 
+//
+// Caution: This is used by a function which may receive untrusted input.
+// These global variables hold PE/COFF image data, and they should be validated before use.
+//
 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
-UINTN                               mImageSize;
 UINT32                              mPeCoffHeaderOffset;
-UINT8                               mImageDigest[MAX_DIGEST_SIZE];
-UINTN                               mImageDigestSize;
 EFI_IMAGE_DATA_DIRECTORY            *mSecDataDir      = NULL;
-UINT8                               *mImageBase       = NULL;
 EFI_GUID                            mCertType;
 
+//
+// Information on current PE/COFF image
+//
+UINTN                               mImageSize;
+UINT8                               *mImageBase       = NULL;
+UINT8                               mImageDigest[MAX_DIGEST_SIZE];
+UINTN                               mImageDigestSize;
+
 //
 // Notify string for authorization UI.
 //
@@ -57,6 +76,10 @@ HASH_TABLE mHash[] = {
 /**
   Reads contents of a PE/COFF image in memory buffer.
 
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will make sure the PE/COFF image content
+  read is within the image buffer.
+
   @param  FileHandle      Pointer to the file handle to read the PE/COFF image.
   @param  FileOffset      Offset into the PE/COFF image to begin the read operation.
   @param  ReadSize        On input, the size in bytes of the requested read operation.  
@@ -229,6 +252,10 @@ GetImageType (
   Caculate hash of Pe/Coff image based on the authenticode image hashing in
   PE/COFF Specification 8.0 Appendix A
 
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will validate its data structure
+  within this image buffer before use.
+
   @param[in]    HashAlg   Hash algorithm type.
 
   @retval TRUE            Successfully hash image.
@@ -550,6 +577,10 @@ Done:
   Pe/Coff image based on the authenticode image hashing in PE/COFF Specification
   8.0 Appendix A
 
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will validate its data structure
+  within this image buffer before use.
+
   @retval EFI_UNSUPPORTED             Hash algorithm is not supported.
   @retval EFI_SUCCESS                 Hash successfully.
 
@@ -1184,6 +1215,10 @@ Done:
           If no,
             Error out
 
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will validate its data structure
+  within this image buffer before use.
+
   @param[in]    AuthenticationStatus
                            This is the authentication status returned from the security
                            measurement services for the input file.
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
index 860d64ba83..e561a648a1 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
@@ -2,6 +2,11 @@
 #  The library instance provides security service of image verification.
 #  Image verification Library module supports UEFI2.3.1
 #
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - PE/COFF image.
+#  This external input must be validated carefully to avoid security issue like
+#  buffer overflow, integer overflow.
+#
 # Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
-- 
cgit v1.2.3