From dc204d5a0fd64d1ccbc90ebea827e7ad73b71f4d Mon Sep 17 00:00:00 2001 From: jyao1 Date: Tue, 12 Jun 2012 08:28:43 +0000 Subject: Add comment for modules which have external input. signed-off-by: jiewen.yao@intel.com reviewed-by: guo.dong@intel.com reviewed-by: ting.ye@intel.com reviewed-by: liming.gao@intel.com reviewed-by: elvin.li@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524 --- .../DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 25 ++++++++++++++++++++++ .../DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf | 7 +++++- 2 files changed, 31 insertions(+), 1 deletion(-) (limited to 'SecurityPkg/Library/DxeTpmMeasureBootLib') diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index bbd38b74ed..d4616fa3c9 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -1,6 +1,20 @@ /** @file The library instance provides security service of TPM measure boot. + Caution: This file requires additional review when modified. + This library will have external input - PE/COFF image and GPT partition. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content + read is within the image buffer. + + TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its + data structure within this image buffer before use. + + TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse + partition data carefully. + Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -42,6 +56,10 @@ UINTN mImageSize; /** Reads contents of a PE/COFF image in memory buffer. + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will make sure the PE/COFF image content + read is within the image buffer. + @param FileHandle Pointer to the file handle to read the PE/COFF image. @param FileOffset Offset into the PE/COFF image to begin the read operation. @param ReadSize On input, the size in bytes of the requested read operation. @@ -86,6 +104,9 @@ DxeTpmMeasureBootLibImageRead ( /** Measure GPT table data into TPM log. + Caution: This function may receive untrusted input. + The GPT partition table is external input, so this function should parse partition data carefully. + @param TcgProtocol Pointer to the located TCG protocol instance. @param GptHandle Handle that GPT partition was installed. @@ -247,6 +268,10 @@ TcgMeasureGptTable ( Measure PE image into TPM log based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A. + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + @param[in] TcgProtocol Pointer to the located TCG protocol instance. @param[in] ImageAddress Start address of image buffer. @param[in] ImageSize Image size diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf index bf83bf1022..44d27a0887 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf @@ -1,7 +1,12 @@ ## @file # The library instance provides security service of TPM measure boot. # -# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+# Caution: This module requires additional review when modified. +# This library will have external input - PE/COFF image and GPT partition. +# This external input must be validated carefully to avoid security issue like +# buffer overflow, integer overflow. +# +# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at -- cgit v1.2.3