tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/UdfDxe: Add boundary check for getting volume (free) size 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828

Within GetVolumeSize():

The boundary check will validate the 'NumberOfPartitions' field of a
Logical Volume Integrity Descriptor matches the data within the relating
Logical Volume Descriptor.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Acked-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Hao Wu 2017-12-13 16:28:33 +08:00
parent 89f75aa04a
commit 3b30351b75
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
View File

@ -2533,6 +2533,13 @@ SetFileInfo (
/** /**
Get volume and free space size information of an UDF volume. Get volume and free space size information of an UDF volume.
@attention This is boundary function that may receive untrusted input.
@attention The input is from FileSystem.
The Logical Volume Descriptor and the Logical Volume Integrity Descriptor are
external inputs, so this routine will do basic validation for both descriptors
and report status.
@param[in] BlockIo BlockIo interface. @param[in] BlockIo BlockIo interface.
@param[in] DiskIo DiskIo interface. @param[in] DiskIo DiskIo interface.
@param[in] Volume UDF volume information structure. @param[in] Volume UDF volume information structure.
@ -2571,7 +2578,8 @@ GetVolumeSize (
ExtentAd = &LogicalVolDesc->IntegritySequenceExtent; ExtentAd = &LogicalVolDesc->IntegritySequenceExtent;
if (ExtentAd->ExtentLength == 0) { if ((ExtentAd->ExtentLength == 0) ||
(ExtentAd->ExtentLength < sizeof (UDF_LOGICAL_VOLUME_INTEGRITY))) {
return EFI_VOLUME_CORRUPTED; return EFI_VOLUME_CORRUPTED;
} }
@ -2611,6 +2619,13 @@ GetVolumeSize (
goto Out_Free; goto Out_Free;
} }
if ((LogicalVolInt->NumberOfPartitions > MAX_UINT32 / sizeof (UINT32) / 2) ||
(LogicalVolInt->NumberOfPartitions * sizeof (UINT32) * 2 >
ExtentAd->ExtentLength - sizeof (UDF_LOGICAL_VOLUME_INTEGRITY))) {
Status = EFI_VOLUME_CORRUPTED;
goto Out_Free;
}
*VolumeSize = 0; *VolumeSize = 0;
*FreeSpaceSize = 0; *FreeSpaceSize = 0;

7
MdeModulePkg/Universal/Disk/UdfDxe/Udf.h
View File

@ -903,6 +903,13 @@ SetFileInfo (
/** /**
Get volume and free space size information of an UDF volume. Get volume and free space size information of an UDF volume.
@attention This is boundary function that may receive untrusted input.
@attention The input is from FileSystem.
The Logical Volume Descriptor and the Logical Volume Integrity Descriptor are
external inputs, so this routine will do basic validation for both descriptors
and report status.
@param[in] BlockIo BlockIo interface. @param[in] BlockIo BlockIo interface.
@param[in] DiskIo DiskIo interface. @param[in] DiskIo DiskIo interface.
@param[in] Volume UDF volume information structure. @param[in] Volume UDF volume information structure.