OcBootManagementLib: Improved robustness in PE image file parsing

07f0091f · vit9696 · 9efcabc6 · 07f0091f · 07f0091f · 07f0091f
Showing with 21 addition and 0 deletion

Changelog.md Changelog.md +1 -0

Library/OcBootManagementLib/ImageLoader.c Library/OcBootManagementLib/ImageLoader.c +16 -0

Utilities/TestPeCoff/PeCoff.c Utilities/TestPeCoff/PeCoff.c +4 -0

未找到文件。
--- a/Changelog.md
+++ b/Changelog.md
@@ -12,6 +12,7 @@ OpenCore Changelog
 - Fixed OpenLinuxBoot entry name disambiguation when `LINUX_BOOT_USE_LATEST` flag is clear
 - Updated builtin firmware versions for SMBIOS and the rest
 - Fixed crash in OpenLinuxBoot with partly (re-)installed Linux distro
+- Improved robustness in malformed PE image file parsing

 #### v0.7.7
 - Fixed rare crash caused by register corruption in the entry point

--- a/Library/OcBootManagementLib/ImageLoader.c
+++ b/Library/OcBootManagementLib/ImageLoader.c
@@ -255,6 +255,7 @@ OcImageLoaderLoad (
  EFI_STATUS                   ImageStatus;
  PE_COFF_IMAGE_CONTEXT        ImageContext;
  EFI_PHYSICAL_ADDRESS         DestinationArea;
+  UINT32                       DestinationSize;
  VOID                         *DestinationBuffer;
  OC_LOADED_IMAGE_PROTOCOL     *OcLoadedImage;
  EFI_LOADED_IMAGE_PROTOCOL    *LoadedImage;
@@ -294,6 +295,21 @@ OcImageLoaderLoad (
    DEBUG ((DEBUG_INFO, "OCB: PeCoff no support for RT drivers\n"));
    return EFI_UNSUPPORTED;
  }
+
+  //
+  // FIXME: This needs to be backported as a function:
+  // https://github.com/mhaeuser/edk2/blob/2021-gsoc-secure-loader/MdePkg/Library/BaseUefiImageLib/CommonSupport.c#L19-L53
+  //
+  DestinationSize = ImageContext.SizeOfImage + ImageContext.SizeOfImageDebugAdd;
+  if (OcOverflowAddU32 (DestinationSize, ImageContext.SectionAlignment, &DestinationSize)) {
+    return RETURN_UNSUPPORTED;
+  }
+
+  if (DestinationSize >= BASE_16MB) {
+    DEBUG ((DEBUG_INFO, "OCB: PeCoff prohibits files over 16M (%u)\n", DestinationSize));
+    return RETURN_UNSUPPORTED;
+  }
+
  //
  // Allocate the image destination memory.
  // FIXME: RT drivers require EfiRuntimeServicesCode.

--- a/Utilities/TestPeCoff/PeCoff.c
+++ b/Utilities/TestPeCoff/PeCoff.c
@@ -178,6 +178,10 @@ PeCoffTestLoadFull (
    return RETURN_UNSUPPORTED;
  }

+  if (DestinationSize >= BASE_16MB) {
+    return RETURN_UNSUPPORTED;
+  }
+
  Destination = AllocatePages (EFI_SIZE_TO_PAGES (DestinationSize));
  if (Destination == NULL) {
    return RETURN_UNSUPPORTED;