diff options
| author | Doug Flick <dougflick@microsoft.com> | 2024-10-03 09:37:18 -0700 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2025-04-09 00:13:21 +0000 |
| commit | 5f08635ee7c176f78f788aa6528b43f18536a80b (patch) | |
| tree | c6576508d9570bd9293b2f0494310958d4849fe1 /BaseTools/Source/Python | |
| parent | e4140a57015b8634d20de8faf3d393f3aae38d6e (diff) | |
| download | edk2-5f08635ee7c176f78f788aa6528b43f18536a80b.zip edk2-5f08635ee7c176f78f788aa6528b43f18536a80b.tar.gz edk2-5f08635ee7c176f78f788aa6528b43f18536a80b.tar.bz2 | |
SecurityPkg: Out of bound read in HashPeImageByType()
In HashPeImageByType(), the hash of PE/COFF image is calculated.
This function may get untrusted input.
Inside this function, the following code verifies the loaded image has
the correct format, by reading the second byte of the buffer.
```c
if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
...
}
```
The input image is not trusted and that may not have the second byte to
read. So this poses an out of bound read error.
With below fix we are assuring that we don't do out of bound read. i.e,
we make sure that AuthDataSize is greater than 1.
```c
if (AuthDataSize > 1
&& (*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE){
...
}
```
AuthDataSize size is verified before reading the second byte.
So if AuthDataSize is less than 2, the second byte will not be read, and
the out of bound read situation won't occur.
Tested the patch on real platform with and without TPM connected and
verified image is booting fine.
Authored-by: Raj AlwinX Selvaraj <Alw...@intel.com>
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
Diffstat (limited to 'BaseTools/Source/Python')
0 files changed, 0 insertions, 0 deletions