MdeModulePkg/PartitionDxe: Ensure blocksize holds MBR (CVE-2018-12180)

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1134

The commit adds checks for detecting GPT and MBR partitions.

These checks will ensure that the device block size is big enough to hold
an MBR (512 bytes).

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>

diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
index fe87761bde168ea97fad7a2a4cd6df662721d9ca..d679cc208be435ccbfeef1cc149311a2c4d0df7a 100644 (file)
--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
@@ -14,7 +14,7 @@
   partition content and validate the GPT table and GPT entry.\r
 \r
 Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc.\r
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -236,6 +236,13 @@ PartitionInstallGptChildHandles (
 \r
   GptValidStatus = EFI_NOT_FOUND;\r
 \r
+  //\r
+  // Ensure the block size can hold the MBR\r
+  //\r
+  if (BlockSize < sizeof (MASTER_BOOT_RECORD)) {\r
+    return EFI_NOT_FOUND;\r
+  }\r
+\r
   //\r
   // Allocate a buffer for the Protective MBR\r
   //\r

diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c
index b1a99ee85b278f612734e81c14e02f81bd8c57a7..419f8a17a73cce614fafba4dc5d644f7feaaf964 100644 (file)
--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c
+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c
@@ -13,7 +13,7 @@
 \r
 Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc.\r
 Copyright (c) 2014, Hewlett-Packard Development Company, L.P.<BR>\r
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -150,6 +150,13 @@ PartitionInstallMbrChildHandles (
   MediaId   = BlockIo->Media->MediaId;\r
   LastBlock = BlockIo->Media->LastBlock;\r
 \r
+  //\r
+  // Ensure the block size can hold the MBR\r
+  //\r
+  if (BlockSize < sizeof (MASTER_BOOT_RECORD)) {\r
+    return EFI_NOT_FOUND;\r
+  }\r
+\r
   Mbr = AllocatePool (BlockSize);\r
   if (Mbr == NULL) {\r
     return Found;\r