|
 |
3c2ede |
From adfd3101494f52d71cbd8d15be9146e7570e6397 Mon Sep 17 00:00:00 2001
|
|
|
3c2ede |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
3c2ede |
Date: Fri, 22 Mar 2019 21:53:22 +0100
|
|
|
3c2ede |
Subject: [PATCH 6/8] MdeModulePkg/UdfDxe: Add boundary check for
|
|
|
3c2ede |
ComponentIdentifier decode
|
|
|
3c2ede |
MIME-Version: 1.0
|
|
|
3c2ede |
Content-Type: text/plain; charset=UTF-8
|
|
|
3c2ede |
Content-Transfer-Encoding: 8bit
|
|
|
3c2ede |
|
|
|
3c2ede |
Message-id: <20190322205323.17693-5-lersek@redhat.com>
|
|
|
3c2ede |
Patchwork-id: 85133
|
|
|
3c2ede |
O-Subject: [RHEL-7.7 ovmf PATCH 4/5] MdeModulePkg/UdfDxe: Add boundary check for
|
|
|
3c2ede |
ComponentIdentifier decode
|
|
|
3c2ede |
Bugzilla: 1691647
|
|
|
3c2ede |
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
3c2ede |
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
3c2ede |
|
|
|
3c2ede |
From: Hao Wu <hao.a.wu@intel.com>
|
|
|
3c2ede |
|
|
|
3c2ede |
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828
|
|
|
3c2ede |
|
|
|
3c2ede |
Within ResolveSymlink():
|
|
|
3c2ede |
|
|
|
3c2ede |
The boundary check will validate the 'LengthofComponentIdentifier' field
|
|
|
3c2ede |
of a Path Component matches the data within the relating (Extended) File
|
|
|
3c2ede |
Entry.
|
|
|
3c2ede |
|
|
|
3c2ede |
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
|
|
|
3c2ede |
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
|
|
3c2ede |
Contributed-under: TianoCore Contribution Agreement 1.1
|
|
|
3c2ede |
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
|
|
|
3c2ede |
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
|
|
|
3c2ede |
Acked-by: Star Zeng <star.zeng@intel.com>
|
|
|
3c2ede |
(cherry picked from commit 89f75aa04a97293a8ed9db2a90851a5053730cf5)
|
|
|
3c2ede |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
3c2ede |
---
|
|
|
3c2ede |
MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c | 4 ++++
|
|
|
3c2ede |
1 file changed, 4 insertions(+)
|
|
|
3c2ede |
|
|
|
3c2ede |
diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
|
|
|
3c2ede |
index 0012075..1aefed8 100644
|
|
|
3c2ede |
--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
|
|
|
3c2ede |
+++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
|
|
|
3c2ede |
@@ -2137,6 +2137,10 @@ ResolveSymlink (
|
|
|
3c2ede |
return EFI_VOLUME_CORRUPTED;
|
|
|
3c2ede |
}
|
|
|
3c2ede |
|
|
|
3c2ede |
+ if ((UINTN)PathComp->ComponentIdentifier + PathCompLength > (UINTN)EndData) {
|
|
|
3c2ede |
+ return EFI_VOLUME_CORRUPTED;
|
|
|
3c2ede |
+ }
|
|
|
3c2ede |
+
|
|
|
3c2ede |
Char = FileName;
|
|
|
3c2ede |
for (Index = 1; Index < PathCompLength; Index++) {
|
|
|
3c2ede |
if (CompressionId == 16) {
|
|
|
3c2ede |
--
|
|
|
3c2ede |
1.8.3.1
|
|
|
3c2ede |
|