tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/FaultTolerantWriteDxe: Fix buffer overrun issue

Browse Source 
- This PR aims to  prevent a buffer overrun issue found in FtwGetLastWriteHeader
function.As per the current code, when there is a malformed blocks (with all bytes as 0s)
then `Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites,
FtwHeader->PrivateDataSize)` would access beyond FtwWorkSpaceSize.

- Also added the signature check to validate work space

Signed-off-by: Sureshkumar Ponnusamy <sponnusamy@microsoft.com>
This commit is contained in:
Sureshkumar Ponnusamy 2024-08-06 18:16:33 -04:00 committed by mergify[bot]
parent 1a89d9887f
commit 8504d2be17
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
MdeModulePkg/Universal/FaultTolerantWriteDxe/FtwMisc.c
View File

@ -810,12 +810,18 @@ FtwGetLastWriteHeader (
FtwHeader = (EFI_FAULT_TOLERANT_WRITE_HEADER *)(FtwWorkSpaceHeader + 1);
Offset = sizeof (EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER);
if (!CompareGuid (&FtwWorkSpaceHeader->Signature, &gEdkiiWorkingBlockSignatureGuid)) {
*FtwWriteHeader = FtwHeader;
return EFI_ABORTED;
}
while (FtwHeader->Complete == FTW_VALID_STATE) {
Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites, FtwHeader->PrivateDataSize);
//
// If Offset exceed the FTW work space boudary, return error.
//
if (Offset >= FtwWorkSpaceSize) {
if ((Offset + sizeof (EFI_FAULT_TOLERANT_WRITE_HEADER)) >= FtwWorkSpaceSize) {
*FtwWriteHeader = FtwHeader;
return EFI_ABORTED;
}