Gua Guo 9a75b030cf StandaloneMmPkg/Hob: Integer Overflow in CreateHob() ... REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 Fix integer overflow in various CreateHob instances. Fixes: CVE-2022-36765 The CreateHob() function aligns the requested size to 8 performing the following operation: ``` HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); ``` No checks are performed to ensure this value doesn't overflow, and could lead to CreateHob() returning a smaller HOB than requested, which could lead to OOB HOB accesses. Reported-by: Marc Beatove <mbeatove@google.com> Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: John Mathew <john.mathews@intel.com> Authored-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gua Guo <gua.guo@intel.com>		2024-01-26 03:40:09 +00:00
..
FvLib	StandaloneMmPkg/FvLib: Support large file with EFI_FFS_FILE_HEADER2.	2021-12-15 07:24:22 +00:00
StandaloneMmCoreEntryPoint	StandaloneMmPkg: Include correct MmuLib header	2023-06-27 16:40:07 +00:00
StandaloneMmCoreHobLib	StandaloneMmPkg/Hob: Integer Overflow in CreateHob()	2024-01-26 03:40:09 +00:00
StandaloneMmCoreMemoryAllocationLib	StandaloneMmPkg: Apply uncrustify changes	2021-12-07 17:24:28 +00:00
StandaloneMmHobLib	StandaloneMmPkg/StandaloneMmHobLib: Remove HOB creation	2023-12-11 03:30:39 +00:00
StandaloneMmMemLib	StandaloneMmPkg: Update code to be more C11 compliant by using __func__	2023-04-10 14:19:57 +00:00
StandaloneMmMemoryAllocationLib	StandaloneMmPkg: Apply uncrustify changes	2021-12-07 17:24:28 +00:00
StandaloneMmPeCoffExtraActionLib	StandaloneMmPkg: Include correct MmuLib header	2023-06-27 16:40:07 +00:00
VariableMmDependency	StandaloneMmPkg: Apply uncrustify changes	2021-12-07 17:24:28 +00:00