From 9e2364ef1203f81c8572766d360fb7b10c2cda56 Mon Sep 17 00:00:00 2001 From: Jeff Fan Date: Mon, 30 Jun 2014 06:13:53 +0000 Subject: [PATCH] Fix the potential address overflow issue when checking PE signature. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan Reviewed-by: Liming Gao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15602 6f19259b-4bc3-4df7-8a09-765794883524 --- .../DebugAgent/DebugAgentCommon/DebugAgent.c | 8 ++++--- .../CpuExceptionCommon.c | 21 ++++++++++++------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c index 48bc38ca54..f3da983946 100644 --- a/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c +++ b/SourceLevelDebugPkg/Library/DebugAgent/DebugAgentCommon/DebugAgent.c @@ -214,10 +214,12 @@ FindAndReportModuleImageInfo ( if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { // // DOS image header is present, so read the PE header after the DOS image header. - // Check if address overflow firstly. // - if ((MAX_ADDRESS - (UINTN)DosHdr->e_lfanew) > Pe32Data) { - Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN)(DosHdr->e_lfanew)); + Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff)); + // + // Make sure PE header address does not overflow and is less than the initial address. + // + if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < (UINTN)mErrorMsgVersionAlert)) { if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) { // // It's PE image. diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c index c075d5f168..0754aa9832 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c @@ -1,7 +1,7 @@ /** @file CPU Exception Hanlder Library common functions. - Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.
+ Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -90,13 +90,18 @@ FindModuleImageBase ( // DOS image header is present, so read the PE header after the DOS image header. // Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(Pe32Data + (UINTN) ((DosHdr->e_lfanew) & 0x0ffff)); - if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) { - // - // It's PE image. - // - InternalPrintMessage ("!!!! Find PE image "); - *EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff); - break; + // + // Make sure PE header address does not overflow and is less than the initial address. + // + if (((UINTN)Hdr.Pe32 > Pe32Data) && ((UINTN)Hdr.Pe32 < CurrentEip)) { + if (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE) { + // + // It's PE image. + // + InternalPrintMessage ("!!!! Find PE image "); + *EntryPoint = (UINTN)Pe32Data + (UINTN)(Hdr.Pe32->OptionalHeader.AddressOfEntryPoint & 0x0ffffffff); + break; + } } } else { // -- 2.39.2