EFI_IMAGE_SECTION_HEADER *SectionHeader;\r
UINTN Index;\r
UINTN Pos;\r
- UINTN SumOfSectionBytes;\r
- EFI_IMAGE_SECTION_HEADER *SectionCache;\r
UINT32 CertSize;\r
UINT32 NumberOfRvaAndSizes;\r
\r
mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader\r
);\r
\r
- SectionCache = Section;\r
- for (Index = 0, SumOfSectionBytes = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++, SectionCache++) {\r
- SumOfSectionBytes += SectionCache->SizeOfRawData;\r
- }\r
-\r
//\r
// 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER\r
// structures in the image. The 'NumberOfSections' field of the image\r
\r
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);\r
\r
+ if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
for (Index = 0; Index < HASHALG_MAX; Index++) {\r
//\r
// Check the Hash algorithm in PE/COFF Authenticode.\r
continue;\r
}\r
\r
+ if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32 + mHash[Index].OidLength) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {\r
break;\r
}\r
UINT8 *SecureBootEnable;\r
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
UINT32 NumberOfRvaAndSizes;\r
+ UINT32 CertSize;\r
\r
if (File == NULL) {\r
return EFI_INVALID_PARAMETER;\r
goto Done;\r
}\r
\r
- DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;\r
+ Status = EFI_ACCESS_DENIED;\r
+\r
+ DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;\r
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r
//\r
// DOS image header is present,\r
//\r
// It is not a valid Pe/Coff file.\r
//\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
\r
//\r
// Image Hash is in forbidden database (DBX).\r
//\r
- Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
\r
//\r
// Image Hash is not found in both forbidden and allowed database.\r
//\r
- Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
\r
//\r
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress);\r
\r
+ CertSize = sizeof (WIN_CERTIFICATE);\r
+\r
+ if ((mSecDataDir->Size <= CertSize) || (mSecDataDir->Size < WinCertificate->dwLength)) {\r
+ goto Done;\r
+ }\r
+\r
switch (WinCertificate->wCertificateType) {\r
\r
case WIN_CERT_TYPE_EFI_GUID:\r
+ CertSize = sizeof (WIN_CERTIFICATE_UEFI_GUID) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256) - sizeof (UINT8);\r
+ if (WinCertificate->dwLength < CertSize) {\r
+ goto Done;\r
+ }\r
+\r
//\r
// Verify UEFI GUID type.\r
//\r
//\r
// Verify Pkcs signed data type.\r
//\r
- Status = HashPeImageByType();\r
+ Status = HashPeImageByType();\r
if (EFI_ERROR (Status)) {\r
goto Done;\r
}\r
break;\r
\r
default:\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
//\r