Fix the potential address overflow issue when checking PE signature.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15602 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Jeff Fan 2014-06-30 06:13:53 +00:00 committed by vanjeff
parent 8c01a99b84
commit 9e2364ef12
2 changed files with 18 additions and 11 deletions

View File

@ -214,10 +214,12 @@ FindAndReportModuleImageInfo (
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
// //
// DOS image header is present, so read the PE header after the DOS image header. // DOS image header is present, so read the PE header after the DOS image header.
// Check if address overflow firstly.
// //
if ((MAX_ADDRESS - (UINTN)DosHdr->e_lfanew) > Pe32Data) { Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN)(DosHdr->e_lfanew)); //
// Make sure PE header address does not overflow and is less than the initial address.
//
if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < (UINTN)mErrorMsgVersionAlert)) {
if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) { if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
// //
// It's PE image. // It's PE image.

View File

@ -1,7 +1,7 @@
/** @file /** @file
CPU Exception Hanlder Library common functions. CPU Exception Hanlder Library common functions.
Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -90,13 +90,18 @@ FindModuleImageBase (
// DOS image header is present, so read the PE header after the DOS image header. // DOS image header is present, so read the PE header after the DOS image header.
// //
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff)); Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff));
if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) { //
// // Make sure PE header address does not overflow and is less than the initial address.
// It's PE image. //
// if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < CurrentEip)) {
InternalPrintMessage ("!!!! Find PE image "); if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) {
*EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff); //
break; // It's PE image.
//
InternalPrintMessage ("!!!! Find PE image ");
*EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff);
break;
}
} }
} else { } else {
// //