Add more check for PE COFF SizeOfHeader field.

author jyao1 <jyao1>

Wed, 12 Feb 2014 06:04:58 +0000 (06:04 +0000)

committer jyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524>

Wed, 12 Feb 2014 06:04:58 +0000 (06:04 +0000)
author jyao1 <jyao1>
Wed, 12 Feb 2014 06:04:58 +0000 (06:04 +0000)
committer jyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524>
Wed, 12 Feb 2014 06:04:58 +0000 (06:04 +0000)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c

index b7ecc3171554a5e5ec648eb841c195650a933bf5..d9e8809e5512c78d401458c89b3c5292c29077ab 100644 (file)
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -15,7 +15,7 @@
    PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header.\r
    PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF image.\r
  \r
    PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header.\r
    PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF image.\r
  \r
-  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>\r
    Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>\r
    This program and the accompanying materials\r
    are licensed and made available under the terms and conditions of the BSD License\r
    Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>\r
    This program and the accompanying materials\r
    are licensed and made available under the terms and conditions of the BSD License\r
@@ -249,6 +249,10 @@ PeCoffLoaderGetPeHeader (
        //\r
        // 3. Check the FileHeader.NumberOfSections field.\r
        //\r
        //\r
        // 3. Check the FileHeader.NumberOfSections field.\r
        //\r
+      if (Hdr.Pe32->OptionalHeader.SizeOfImage <= SectionHeaderOffset) {\r
+        ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
+        return RETURN_UNSUPPORTED;\r
+      }\r
        if ((Hdr.Pe32->OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER <= Hdr.Pe32->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
        if ((Hdr.Pe32->OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER <= Hdr.Pe32->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
@@ -257,6 +261,14 @@ PeCoffLoaderGetPeHeader (
        //\r
        // 4. Check the OptionalHeader.SizeOfHeaders field.\r
        //\r
        //\r
        // 4. Check the OptionalHeader.SizeOfHeaders field.\r
        //\r
+      if (Hdr.Pe32->OptionalHeader.SizeOfHeaders <= SectionHeaderOffset) {\r
+        ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
+        return RETURN_UNSUPPORTED;\r
+      }\r
+      if (Hdr.Pe32->OptionalHeader.SizeOfHeaders >= Hdr.Pe32->OptionalHeader.SizeOfImage) {\r
+        ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
+        return RETURN_UNSUPPORTED;\r
+      }\r
        if ((Hdr.Pe32->OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER < (UINT32)Hdr.Pe32->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
        if ((Hdr.Pe32->OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER < (UINT32)Hdr.Pe32->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
@@ -351,6 +363,10 @@ PeCoffLoaderGetPeHeader (
        //\r
        // 3. Check the FileHeader.NumberOfSections field.\r
        //\r
        //\r
        // 3. Check the FileHeader.NumberOfSections field.\r
        //\r
+      if (Hdr.Pe32Plus->OptionalHeader.SizeOfImage <= SectionHeaderOffset) {\r
+        ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
+        return RETURN_UNSUPPORTED;\r
+      }\r
        if ((Hdr.Pe32Plus->OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER <= Hdr.Pe32Plus->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
        if ((Hdr.Pe32Plus->OptionalHeader.SizeOfImage - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER <= Hdr.Pe32Plus->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
@@ -359,6 +375,14 @@ PeCoffLoaderGetPeHeader (
        //\r
        // 4. Check the OptionalHeader.SizeOfHeaders field.\r
        //\r
        //\r
        // 4. Check the OptionalHeader.SizeOfHeaders field.\r
        //\r
+      if (Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders <= SectionHeaderOffset) {\r
+        ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
+        return RETURN_UNSUPPORTED;\r
+      }\r
+      if (Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders >= Hdr.Pe32Plus->OptionalHeader.SizeOfImage) {\r
+        ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
+        return RETURN_UNSUPPORTED;\r
+      }\r
        if ((Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER < (UINT32)Hdr.Pe32Plus->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
        if ((Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - SectionHeaderOffset) / EFI_IMAGE_SIZEOF_SECTION_HEADER < (UINT32)Hdr.Pe32Plus->FileHeader.NumberOfSections) {\r
          ImageContext->ImageError = IMAGE_ERROR_UNSUPPORTED;\r
          return RETURN_UNSUPPORTED;\r
author	jyao1 <jyao1>
	Wed, 12 Feb 2014 06:04:58 +0000 (06:04 +0000)
committer	jyao1 <jyao1@6f19259b-4bc3-4df7-8a09-765794883524>
	Wed, 12 Feb 2014 06:04:58 +0000 (06:04 +0000)