From 2080f676df886be48f227d7bb74fd6b30b20e431 Mon Sep 17 00:00:00 2001 From: jyao1 Date: Wed, 12 Feb 2014 06:04:58 +0000 Subject: [PATCH] Add more check for PE COFF SizeOfHeader field. Signed-off by: jiewen yao reviewed by: eric dong Contributed-under: TianoCore Contribution Agreement 1.0 git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15233 6f19259b-4bc3-4df7-8a09-765794883524 --- MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 26 ++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c index b7ecc31715..d9e8809e55 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c @@ -15,7 +15,7 @@ PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header. PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF image. - Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -249,6 +249,10 @@ PeCoffLoaderGetPeHeader ( // // 3. Check the FileHeader.NumberOfSections field. // + if (Hdr.Pe32->OptionalHeader.SizeOfImage <= SectionHeaderOffset) { + ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; + return RETURN_UNSUPPORTED; + } if ((Hdr.Pe32->OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER <= Hdr.Pe32->FileHeader.NumberOfSections) { ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; return RETURN_UNSUPPORTED; @@ -257,6 +261,14 @@ PeCoffLoaderGetPeHeader ( // // 4. Check the OptionalHeader.SizeOfHeaders field. // + if (Hdr.Pe32->OptionalHeader.SizeOfHeaders <= SectionHeaderOffset) { + ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; + return RETURN_UNSUPPORTED; + } + if (Hdr.Pe32->OptionalHeader.SizeOfHeaders >= Hdr.Pe32->OptionalHeader.SizeOfImage) { + ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; + return RETURN_UNSUPPORTED; + } if ((Hdr.Pe32->OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER < (UINT32)Hdr.Pe32->FileHeader.NumberOfSections) { ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; return RETURN_UNSUPPORTED; @@ -351,6 +363,10 @@ PeCoffLoaderGetPeHeader ( // // 3. Check the FileHeader.NumberOfSections field. // + if (Hdr.Pe32Plus->OptionalHeader.SizeOfImage <= SectionHeaderOffset) { + ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; + return RETURN_UNSUPPORTED; + } if ((Hdr.Pe32Plus->OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER <= Hdr.Pe32Plus->FileHeader.NumberOfSections) { ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; return RETURN_UNSUPPORTED; @@ -359,6 +375,14 @@ PeCoffLoaderGetPeHeader ( // // 4. Check the OptionalHeader.SizeOfHeaders field. // + if (Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders <= SectionHeaderOffset) { + ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; + return RETURN_UNSUPPORTED; + } + if (Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders >= Hdr.Pe32Plus->OptionalHeader.SizeOfImage) { + ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; + return RETURN_UNSUPPORTED; + } if ((Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER < (UINT32)Hdr.Pe32Plus->FileHeader.NumberOfSections) { ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED; return RETURN_UNSUPPORTED; -- 2.39.2