From ece4c1de3e7b2340d351c2054c79ea689a954ed6 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Fri, 5 Jan 2018 13:37:35 +0800 Subject: [PATCH] IntelFrameworkModulePkg/FwVolDxe: Ensure FfsFileHeader 8 bytes aligned REF: https://bugzilla.tianocore.org/show_bug.cgi?id=864 REF: CVE-2018-3630 To follow PI spec, ensure FfsFileHeader 8 bytes aligned. Current code only handles (FwVolHeader->ExtHeaderOffset != 0) path, update code to also handle (FwVolHeader->ExtHeaderOffset == 0) path. Cc: Jiewen Yao Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng Reviewed-by: Jian J Wang --- .../Universal/FirmwareVolume/FwVolDxe/FwVol.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c index 9a031bab14..9a892240b4 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c @@ -4,7 +4,7 @@ Layers on top of Firmware Block protocol to produce a file abstraction of FV based files. - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions @@ -510,10 +510,10 @@ FvCheck ( // FwVolExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) (UINTN) (FvDevice->CachedFv + FvDevice->FwVolHeader->ExtHeaderOffset); Ptr = (UINT8 *) FwVolExtHeader + FwVolExtHeader->ExtHeaderSize; - Ptr = (UINT8 *) ALIGN_POINTER (Ptr, 8); } else { Ptr = (UINT8 *) (UINTN) (FvDevice->CachedFv + FvDevice->FwVolHeader->HeaderLength); } + Ptr = (UINT8 *) ALIGN_POINTER (Ptr, 8); TopFvAddress = (UINT8 *) (UINTN) (FvDevice->CachedFv + FvDevice->FwVolHeader->FvLength); // -- 2.39.2