mirror of https://github.com/acidanthera/audk.git
Fix the potential address overflow issue when checking PE signature.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <jeff.fan@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15602 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
8c01a99b84
commit
9e2364ef12
|
@ -214,10 +214,12 @@ FindAndReportModuleImageInfo (
|
||||||
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
|
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
|
||||||
//
|
//
|
||||||
// DOS image header is present, so read the PE header after the DOS image header.
|
// DOS image header is present, so read the PE header after the DOS image header.
|
||||||
// Check if address overflow firstly.
|
|
||||||
//
|
//
|
||||||
if ((MAX_ADDRESS - (UINTN)DosHdr->e_lfanew) > Pe32Data) {
|
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
|
||||||
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN)(DosHdr->e_lfanew));
|
//
|
||||||
|
// Make sure PE header address does not overflow and is less than the initial address.
|
||||||
|
//
|
||||||
|
if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < (UINTN)mErrorMsgVersionAlert)) {
|
||||||
if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
|
if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
|
||||||
//
|
//
|
||||||
// It's PE image.
|
// It's PE image.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/** @file
|
/** @file
|
||||||
CPU Exception Hanlder Library common functions.
|
CPU Exception Hanlder Library common functions.
|
||||||
|
|
||||||
Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
which accompanies this distribution. The full text of the license may be found at
|
which accompanies this distribution. The full text of the license may be found at
|
||||||
|
@ -90,13 +90,18 @@ FindModuleImageBase (
|
||||||
// DOS image header is present, so read the PE header after the DOS image header.
|
// DOS image header is present, so read the PE header after the DOS image header.
|
||||||
//
|
//
|
||||||
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
|
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
|
||||||
if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
|
//
|
||||||
//
|
// Make sure PE header address does not overflow and is less than the initial address.
|
||||||
// It's PE image.
|
//
|
||||||
//
|
if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < CurrentEip)) {
|
||||||
InternalPrintMessage ("!!!! Find PE image ");
|
if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
|
||||||
*EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff);
|
//
|
||||||
break;
|
// It's PE image.
|
||||||
|
//
|
||||||
|
InternalPrintMessage ("!!!! Find PE image ");
|
||||||
|
*EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff);
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
//
|
//
|
||||||
|
|
Loading…
Reference in New Issue