1 files changed, 17 insertions, 18 deletions

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 5dd6019..478aaf5 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -212,14 +212,16 @@ static void efi_set_code_and_data_type(
 
 #ifdef CONFIG_EFI_SECURE_BOOT
 /**
- * cmp_pe_section - compare two sections
- * @arg1:	Pointer to pointer to first section
- * @arg2:	Pointer to pointer to second section
+ * cmp_pe_section() - compare virtual addresses of two PE image sections
+ * @arg1:	pointer to pointer to first section header
+ * @arg2:	pointer to pointer to second section header
  *
- * Compare two sections in PE image.
+ * Compare the virtual addresses of two sections of an portable executable.
+ * The arguments are defined as const void * to allow usage with qsort().
  *
- * Return:	-1, 0, 1 respectively if arg1 < arg2, arg1 == arg2 or
- *		arg1 > arg2
+ * Return:	-1 if the virtual address of arg1 is less than that of arg2,
+ *		0 if the virtual addresses are equal, 1 if the virtual address
+ *		of arg1 is greater than that of arg2.
  */
 static int cmp_pe_section(const void *arg1, const void *arg2)
 {
@@ -237,7 +239,7 @@ static int cmp_pe_section(const void *arg1, const void *arg2)
 }
 
 /**
- * efi_image_parse - parse a PE image
+ * efi_image_parse() - parse a PE image
  * @efi:	Pointer to image
  * @len:	Size of @efi
  * @regp:	Pointer to a list of regions
@@ -404,7 +406,7 @@ err:
 }
 
 /**
- * efi_image_unsigned_authenticate - authenticate unsigned image with
+ * efi_image_unsigned_authenticate() - authenticate unsigned image with
  * SHA256 hash
  * @regs:	List of regions to be verified
  *
@@ -451,7 +453,7 @@ out:
 }
 
 /**
- * efi_image_authenticate - verify a signature of signed image
+ * efi_image_authenticate() - verify a signature of signed image
  * @efi:	Pointer to image
  * @efi_size:	Size of @efi
  *
@@ -635,21 +637,18 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
 		goto err;
 	}
 
-	/* assume sizeof(IMAGE_NT_HEADERS32) <= sizeof(IMAGE_NT_HEADERS64) */
-	if (efi_size < dos->e_lfanew + sizeof(IMAGE_NT_HEADERS32)) {
+	/*
+	 * Check if the image section header fits into the file. Knowing that at
+	 * least one section header follows we only need to check for the length
+	 * of the 64bit header which is longer than the 32bit header.
+	 */
+	if (efi_size < dos->e_lfanew + sizeof(IMAGE_NT_HEADERS64)) {
 		printf("%s: Invalid offset for Extended Header\n", __func__);
 		ret = EFI_LOAD_ERROR;
 		goto err;
 	}
 
 	nt = (void *) ((char *)efi + dos->e_lfanew);
-	if ((nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) &&
-	    (efi_size < dos->e_lfanew + sizeof(IMAGE_NT_HEADERS64))) {
-		printf("%s: Invalid offset for Extended Header\n", __func__);
-		ret = EFI_LOAD_ERROR;
-		goto err;
-	}
-
 	if (nt->Signature != IMAGE_NT_SIGNATURE) {
 		printf("%s: Invalid NT Signature\n", __func__);
 		ret = EFI_LOAD_ERROR;