From f04d50b74770f5c7f7e0a1c3c24b7713fbec0802 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sat, 20 Sep 2014 16:47:08 -0400
Subject: [PATCH 57/74] Validate computed hash bases/hash sizes more
 thoroughly.

I screwed one of these up when working on 750584c, and it's a real pain
to figure out, so that means we should be validating them.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 shim.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/shim.c b/shim.c
index c1b5c17..cfa90d1 100644
--- a/shim.c
+++ b/shim.c
@@ -593,6 +593,22 @@ static BOOLEAN secure_mode (void)
 	return TRUE;
 }
 
+#define check_size_line(data, datasize_in, hashbase, hashsize, l) ({	\
+	if ((unsigned long)hashbase >					\
+			(unsigned long)data + datasize_in) {		\
+		perror(L"shim.c:%d Invalid hash base 0x%016x\n", l,	\
+			hashbase);					\
+		goto done;						\
+	}								\
+	if ((unsigned long)hashbase + hashsize >			\
+			(unsigned long)data + datasize_in) {		\
+		perror(L"shim.c:%d Invalid hash size 0x%016x\n", l,	\
+			hashsize);					\
+		goto done;						\
+	}								\
+})
+#define check_size(d,ds,h,hs) check_size_line(d,ds,h,hs,__LINE__)
+
 /*
  * Calculate the SHA1 and SHA256 hashes of a binary
  */
@@ -650,6 +666,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
 	hashbase = data;
 	hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum -
 		hashbase;
+	check_size(data, datasize_in, hashbase, hashsize);
 
 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
@@ -662,6 +679,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
 	hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum +
 		sizeof (int);
 	hashsize = (char *)context->SecDir - hashbase;
+	check_size(data, datasize_in, hashbase, hashsize);
 
 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
@@ -679,6 +697,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
 		status = EFI_INVALID_PARAMETER;
 		goto done;
 	}
+	check_size(data, datasize_in, hashbase, hashsize);
 
 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
@@ -763,6 +782,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
 			goto done;
 		}
 		hashsize  = (unsigned int) Section->SizeOfRawData;
+		check_size(data, datasize_in, hashbase, hashsize);
 
 		if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
 		    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
@@ -777,6 +797,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
 	if (datasize > SumOfBytesHashed) {
 		hashbase = data + SumOfBytesHashed;
 		hashsize = datasize - context->SecDir->Size - SumOfBytesHashed;
+		check_size(data, datasize_in, hashbase, hashsize);
 
 		if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
 		    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
-- 
1.9.3