MdeModulePkg/UdfDxe: Add boundary check for ComponentIdentifier decode

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828

Within ResolveSymlink():

The boundary check will validate the 'LengthofComponentIdentifier' field
of a Path Component matches the data within the relating (Extended) File
Entry.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Acked-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Hao Wu 2017-12-13 14:39:07 +08:00
parent 5c0748f43f
commit 89f75aa04a
1 changed files with 4 additions and 0 deletions

View File

@ -2219,6 +2219,10 @@ ResolveSymlink (
return EFI_VOLUME_CORRUPTED; return EFI_VOLUME_CORRUPTED;
} }
if ((UINTN)PathComp->ComponentIdentifier + PathCompLength > (UINTN)EndData) {
return EFI_VOLUME_CORRUPTED;
}
Char = FileName; Char = FileName;
for (Index = 1; Index < PathCompLength; Index++) { for (Index = 1; Index < PathCompLength; Index++) {
if (CompressionId == 16) { if (CompressionId == 16) {