-
Notifications
You must be signed in to change notification settings - Fork 505
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Backport a fix from upstream to resolve CVE-2024-38796
tianocore/edk2@c95233b
Signed-off-by: Hongxu Jia <[email protected]>- Loading branch information
1 parent
260fc21
commit c3d1be5
Showing
2 changed files
with
38 additions
and
0 deletions.
There are no files selected for viewing
37 changes: 37 additions & 0 deletions
37
meta/recipes-core/ovmf/ovmf/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| From c4d6af8428375c0343fcfd20bf1465e6d4be4690 Mon Sep 17 00:00:00 2001 | ||
| From: Doug Flick <[email protected]> | ||
| Date: Fri, 22 Nov 2024 17:44:27 +0800 | ||
| Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib | ||
|
|
||
| The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is | ||
| also a UINT32 value. The current code does not check for overflow when | ||
| adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a | ||
| check to ensure that the addition does not overflow. | ||
|
|
||
| Signed-off-by: Doug Flick <[email protected]> | ||
| Authored-by: sriraamx gobichettipalayam <[email protected]> | ||
|
|
||
| CVE: CVE-2024-38796 | ||
| Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65] | ||
|
|
||
| Signed-off-by: Hongxu Jia <[email protected]> | ||
| --- | ||
| MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +- | ||
| 1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
|
||
| diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c | ||
| index 6d8d9faeb8..2339b111b5 100644 | ||
| --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c | ||
| +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c | ||
| @@ -1014,7 +1014,7 @@ PeCoffLoaderRelocateImage ( | ||
| RelocDir = &Hdr.Te->DataDirectory[0]; | ||
| } | ||
|
|
||
| - if ((RelocDir != NULL) && (RelocDir->Size > 0)) { | ||
| + if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) { | ||
| RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset); | ||
| RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress ( | ||
| ImageContext, | ||
| -- | ||
| 2.34.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters