MdeModulePkg/UdfDxe: Add boundary check for getting volume (free) size

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828

Within GetVolumeSize():

The boundary check will validate the 'NumberOfPartitions' field of a
Logical Volume Integrity Descriptor matches the data within the relating
Logical Volume Descriptor.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Acked-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Hao Wu 2017-12-13 16:28:33 +08:00
parent 89f75aa04a
commit 3b30351b75
2 changed files with 23 additions and 1 deletions

View File

@ -2533,6 +2533,13 @@ SetFileInfo (
/**
Get volume and free space size information of an UDF volume.
@attention This is boundary function that may receive untrusted input.
@attention The input is from FileSystem.
The Logical Volume Descriptor and the Logical Volume Integrity Descriptor are
external inputs, so this routine will do basic validation for both descriptors
and report status.
@param[in] BlockIo BlockIo interface.
@param[in] DiskIo DiskIo interface.
@param[in] Volume UDF volume information structure.
@ -2571,7 +2578,8 @@ GetVolumeSize (
ExtentAd = &LogicalVolDesc->IntegritySequenceExtent;
if (ExtentAd->ExtentLength == 0) {
if ((ExtentAd->ExtentLength == 0) ||
(ExtentAd->ExtentLength < sizeof (UDF_LOGICAL_VOLUME_INTEGRITY))) {
return EFI_VOLUME_CORRUPTED;
}
@ -2611,6 +2619,13 @@ GetVolumeSize (
goto Out_Free;
}
if ((LogicalVolInt->NumberOfPartitions > MAX_UINT32 / sizeof (UINT32) / 2) ||
(LogicalVolInt->NumberOfPartitions * sizeof (UINT32) * 2 >
ExtentAd->ExtentLength - sizeof (UDF_LOGICAL_VOLUME_INTEGRITY))) {
Status = EFI_VOLUME_CORRUPTED;
goto Out_Free;
}
*VolumeSize = 0;
*FreeSpaceSize = 0;

View File

@ -903,6 +903,13 @@ SetFileInfo (
/**
Get volume and free space size information of an UDF volume.
@attention This is boundary function that may receive untrusted input.
@attention The input is from FileSystem.
The Logical Volume Descriptor and the Logical Volume Integrity Descriptor are
external inputs, so this routine will do basic validation for both descriptors
and report status.
@param[in] BlockIo BlockIo interface.
@param[in] DiskIo DiskIo interface.
@param[in] Volume UDF volume information structure.