From 4df8f5bfa28b8b881e506437e8f08d92c1a00370 Mon Sep 17 00:00:00 2001 From: Hao Wu Date: Fri, 15 Dec 2017 11:22:16 +0800 Subject: [PATCH] MdeModulePkg/PartitionDxe: Add check for underlying device block size REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828 Within FindAnchorVolumeDescriptorPointer(): Add a check for the underlying device block size to ensure it is greater than the size of an Anchor Volume Descriptor Pointer. Cc: Ruiyu Ni Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu Reviewed-by: Paulo Alcantara Acked-by: Star Zeng --- .../Universal/Disk/PartitionDxe/Udf.c | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c index 83bd174231..49c56f6753 100644 --- a/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c +++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c @@ -1,8 +1,17 @@ /** @file Scan for an UDF file system on a formatted media. + Caution: This file requires additional review when modified. + This driver will have external input - CD/DVD media. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + FindUdfFileSystem() routine will consume the media properties and do basic + validation. + Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc. Copyright (C) 2014-2017 Paulo Alcantara + Copyright (c) 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this @@ -101,6 +110,20 @@ FindAnchorVolumeDescriptorPointer ( *LastRecordedBlock = EndLBA; AvdpsCount = 0; + // + // Check if the block size of the underlying media can hold the data of an + // Anchor Volume Descriptor Pointer + // + if (BlockSize < sizeof (UDF_ANCHOR_VOLUME_DESCRIPTOR_POINTER)) { + DEBUG (( + DEBUG_ERROR, + "%a: Media block size 0x%x unable to hold an AVDP.\n", + __FUNCTION__, + BlockSize + )); + return EFI_UNSUPPORTED; + } + // // Find AVDP at block 256 // @@ -598,6 +621,12 @@ Out_Free: /** Find a supported UDF file system in block device. + @attention This is boundary function that may receive untrusted input. + @attention The input is from Partition. + + The CD/DVD media is the external input, so this routine will do basic + validation for the media. + @param[in] BlockIo BlockIo interface. @param[in] DiskIo DiskIo interface. @param[out] StartingLBA UDF file system starting LBA.