From 964f068d05422e6f7d33210ee7e80f02f883c694 Mon Sep 17 00:00:00 2001 From: "Cohen, Eugene" Date: Mon, 16 Nov 2015 07:17:53 +0000 Subject: SecurityPkg : Fix Rsa2048Sha256GuidedSectionExtractLib issue This issue causes section extraction overrun and possible hang due to bad output size calculation. (Sync patch r18625 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Cohen, Eugene" Reviewed-by: "Zhang, Chao B" git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@18801 6f19259b-4bc3-4df7-8a09-765794883524 --- .../DxeRsa2048Sha256GuidedSectionExtractLib.c | 4 ++-- .../PeiRsa2048Sha256GuidedSectionExtractLib.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'SecurityPkg') diff --git a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c index 1f7a29904f..5f5d242d6e 100644 --- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c @@ -86,7 +86,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION2_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->DataOffset; + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); } else { // // Check whether the input guid section is recognized. @@ -101,7 +101,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION *) InputSection)->DataOffset; + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); } return EFI_SUCCESS; diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c index e2a0fb6708..e448164a5a 100644 --- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c @@ -84,7 +84,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION2_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->DataOffset; + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); } else { // // Check whether the input guid section is recognized. @@ -99,7 +99,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION *) InputSection)->DataOffset; + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); } return EFI_SUCCESS; -- cgit v1.2.3