From d78675d1956aaae05d5db872eddd4119a01d0ecb Mon Sep 17 00:00:00 2001 From: Yunhua Feng Date: Fri, 1 Jun 2018 17:21:02 +0800 Subject: [PATCH] BaseTools: Fix Section header size larger than elf file size bug Add the logic to handle the case that Section header size larger than elf file size. Cc: Liming Gao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Yunhua Feng Reviewed-by: Liming Gao --- BaseTools/Source/C/GenFw/Elf32Convert.c | 3 +++ BaseTools/Source/C/GenFw/Elf64Convert.c | 3 +++ BaseTools/Source/C/GenFw/ElfConvert.c | 20 ++++++++++++++++---- BaseTools/Source/C/GenFw/ElfConvert.h | 3 ++- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c index 436eb529ee..ac0e2b1377 100644 --- a/BaseTools/Source/C/GenFw/Elf32Convert.c +++ b/BaseTools/Source/C/GenFw/Elf32Convert.c @@ -674,6 +674,9 @@ WriteSections32 ( switch (Shdr->sh_type) { case SHT_PROGBITS: /* Copy. */ + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) { + return FALSE; + } memcpy(mCoffFile + mCoffSectionsOffset[Idx], (UINT8*)mEhdr + Shdr->sh_offset, Shdr->sh_size); diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c index 54011d75f1..9ffb367e43 100644 --- a/BaseTools/Source/C/GenFw/Elf64Convert.c +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c @@ -670,6 +670,9 @@ WriteSections64 ( switch (Shdr->sh_type) { case SHT_PROGBITS: /* Copy. */ + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) { + return FALSE; + } memcpy(mCoffFile + mCoffSectionsOffset[Idx], (UINT8*)mEhdr + Shdr->sh_offset, (size_t) Shdr->sh_size); diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c index 17913ff2df..86f844d2a9 100644 --- a/BaseTools/Source/C/GenFw/ElfConvert.c +++ b/BaseTools/Source/C/GenFw/ElfConvert.c @@ -1,7 +1,7 @@ /** @file Elf convert solution -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this @@ -57,6 +57,11 @@ UINT32 mCoffOffset; // UINT32 mTableOffset; +// +//mFileBufferSize +// +UINT32 mFileBufferSize; + // //***************************************************************************** // Common ELF Functions @@ -173,6 +178,7 @@ ConvertElf ( ELF_FUNCTION_TABLE ElfFunctions; UINT8 EiClass; + mFileBufferSize = *FileLength; // // Determine ELF type and set function table pointer correctly. // @@ -201,9 +207,15 @@ ConvertElf ( // Write and relocate sections. // VerboseMsg ("Write and relocate sections."); - ElfFunctions.WriteSections (SECTION_TEXT); - ElfFunctions.WriteSections (SECTION_DATA); - ElfFunctions.WriteSections (SECTION_HII); + if (!ElfFunctions.WriteSections (SECTION_TEXT)) { + return FALSE; + } + if (!ElfFunctions.WriteSections (SECTION_DATA)) { + return FALSE; + } + if (!ElfFunctions.WriteSections (SECTION_HII)) { + return FALSE; + } // // Translate and write relocations. diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h index abf434dd11..fc8c63f34b 100644 --- a/BaseTools/Source/C/GenFw/ElfConvert.h +++ b/BaseTools/Source/C/GenFw/ElfConvert.h @@ -1,7 +1,7 @@ /** @file Header file for Elf convert solution -Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this @@ -29,6 +29,7 @@ extern UINT32 mImageTimeStamp; extern UINT8 *mCoffFile; extern UINT32 mTableOffset; extern UINT32 mOutImageType; +extern UINT32 mFileBufferSize; // // Common EFI specific data. -- 2.39.2