From 3a2e6a740dff2dd2978264af17cc26f5b56e6623 Mon Sep 17 00:00:00 2001 From: "Cohen, Eugene" Date: Mon, 19 Oct 2015 02:53:22 +0000 Subject: [PATCH] SecurityPkg : Fix Rsa2048Sha256GuidedSectionExtractLib issue This issue causes section extraction overrun and possible hang due to bad output size calculation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Cohen, Eugene" Reviewed-by: "Zhang, Chao B" git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18625 6f19259b-4bc3-4df7-8a09-765794883524 --- .../DxeRsa2048Sha256GuidedSectionExtractLib.c | 4 ++-- .../PeiRsa2048Sha256GuidedSectionExtractLib.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c index 1f7a29904f..5f5d242d6e 100644 --- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c @@ -86,7 +86,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION2_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->DataOffset; + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); } else { // // Check whether the input guid section is recognized. @@ -101,7 +101,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION *) InputSection)->DataOffset; + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); } return EFI_SUCCESS; diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c index e2a0fb6708..e448164a5a 100644 --- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c @@ -84,7 +84,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION2_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->DataOffset; + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); } else { // // Check whether the input guid section is recognized. @@ -99,7 +99,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( // *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; *ScratchBufferSize = 0; - *OutputBufferSize = SECTION_SIZE (InputSection) - ((EFI_GUID_DEFINED_SECTION *) InputSection)->DataOffset; + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); } return EFI_SUCCESS; -- 2.39.2