mirror of https://github.com/acidanthera/audk.git
MdeModulePkg/UdfDxe: Add boundary check for ComponentIdentifier decode
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828 Within ResolveSymlink(): The boundary check will validate the 'LengthofComponentIdentifier' field of a Path Component matches the data within the relating (Extended) File Entry. Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> Acked-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
parent
5c0748f43f
commit
89f75aa04a
|
@ -2219,6 +2219,10 @@ ResolveSymlink (
|
||||||
return EFI_VOLUME_CORRUPTED;
|
return EFI_VOLUME_CORRUPTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((UINTN)PathComp->ComponentIdentifier + PathCompLength > (UINTN)EndData) {
|
||||||
|
return EFI_VOLUME_CORRUPTED;
|
||||||
|
}
|
||||||
|
|
||||||
Char = FileName;
|
Char = FileName;
|
||||||
for (Index = 1; Index < PathCompLength; Index++) {
|
for (Index = 1; Index < PathCompLength; Index++) {
|
||||||
if (CompressionId == 16) {
|
if (CompressionId == 16) {
|
||||||
|
|
Loading…
Reference in New Issue