mirror of
https://github.com/acidanthera/audk.git
synced 2025-04-08 17:05:09 +02:00
Fix a security hole in shell binaries:
For gBS->LoadImage() if the return status is EFI_SECURITY_VIOLATION, the image handle may not be NULL. Shell environment should not have the assumption that the output ImageHandle must be NULL if the error status is returned by gBS->LoadImage(). git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9838 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
qhuang8
parent
90f1486c8e
commit
6dec88649a
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,10 +1,11 @@
|
||||
The binaries of EdkShellBinPkg are generated with Efi-Shell-Dev-Snapshot-20091214.zip and build with Edk Compatibility & BaseTools Package
|
||||
The binaries of EdkShellBinPkg are generated with Efi-Shell-Dev-Snapshot-20091214.zip (plus a security hot-fix see EdkShellbinPkg\SecurityPatch.diff) and build with Edk Compatibility & BaseTools Package
|
||||
(r9623)
|
||||
|
||||
The following steps can help to re-generate these binaries for customization:
|
||||
1. Check out EdkCompatibilityPkg (r9623) to $(WORKSPACE)\EdkCompatibilityPkg (svn https://edk2.tianocore.org/svn/edk2/trunk/edk2/EdkCompatibilityPkg).
|
||||
2. Check out EdkShellPkg(r9623) to $(WORKSPACE)\EdkShellPkg (svn https://edk2.tianocore.org/svn/edk2/trunk/edk2/EdkShellPkg).
|
||||
3 Check out Edk Shell project source (r36) to $(WORKSPACE) (svn https://efi-shell.tianocore.org/svn/efi-shell/trunk/Shell). It is read-only and current revison (r36) is identical to Efi-Shell-Dev-Snapshot-20091214.zip.
|
||||
3a.Check out Edk Shell project source (r36) to $(WORKSPACE) (svn https://efi-shell.tianocore.org/svn/efi-shell/trunk/Shell). It is read-only and current revison (r36) is identical to Efi-Shell-Dev-Snapshot-20091214.zip.
|
||||
3b.Apply the security hot fix in EdkShellBinPkg\SecurityPatch.diff to patch in Shell\shellenv\exec.c
|
||||
4. Update to the newest BaseTools package. (r9623 or later)
|
||||
5. Under workspace directory (i.e. c:\EdkII),
|
||||
To generate Minimum Shell, execute: "build -a IA32 -a X64 -a IPF -p EdkShellPkg\EdkShellPkg.dsc -m EdkShellPkg\Shell\Shell.inf"
|
||||
|
||||
15
EdkShellBinPkg/SecurityPatch.diff
Normal file
15
EdkShellBinPkg/SecurityPatch.diff
Normal file
@ -0,0 +1,15 @@
|
||||
Index: shellenv/exec.c
|
||||
===================================================================
|
||||
--- shellenv/exec.c (revision 36)
|
||||
+++ shellenv/exec.c (working copy)
|
||||
@@ -2079,6 +2079,10 @@
|
||||
if (!EFI_ERROR (Status)) {
|
||||
goto Done;
|
||||
} else {
|
||||
+ //
|
||||
+ // Set ImageHandle to NULL if any error status is returned.
|
||||
+ //
|
||||
+ ImageHandle = NULL;
|
||||
Status = LibGetImageHeader (
|
||||
DevicePath,
|
||||
&DosHeader,
|
||||
Loading…
x
Reference in New Issue
Block a user