BaseTools/Source/C/GenFw/Elf32Convert.c | 3 +++ BaseTools/Source/C/GenFw/Elf64Convert.c | 3 +++ BaseTools/Source/C/GenFw/ElfConvert.c | 20 ++++++++++++++++---- BaseTools/Source/C/GenFw/ElfConvert.h | 3 ++- 4 files changed, 24 insertions(+), 5 deletions(-)
From: Yunhua Feng <yunhuax.feng@intel.com>
Add the logic to handle the case that Section header size larger than
elf file size.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
---
BaseTools/Source/C/GenFw/Elf32Convert.c | 3 +++
BaseTools/Source/C/GenFw/Elf64Convert.c | 3 +++
BaseTools/Source/C/GenFw/ElfConvert.c | 20 ++++++++++++++++----
BaseTools/Source/C/GenFw/ElfConvert.h | 3 ++-
4 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c
index e0f6491..e26b10b 100644
--- a/BaseTools/Source/C/GenFw/Elf32Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf32Convert.c
@@ -672,10 +672,13 @@ WriteSections32 (
Elf_Shdr *Shdr = GetShdrByIndex(Idx);
if ((*Filter)(Shdr)) {
switch (Shdr->sh_type) {
case SHT_PROGBITS:
/* Copy. */
+ if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
+ return FALSE;
+ }
memcpy(mCoffFile + mCoffSectionsOffset[Idx],
(UINT8*)mEhdr + Shdr->sh_offset,
Shdr->sh_size);
break;
diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
index 9e68d22..cc0c2cf 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -668,10 +668,13 @@ WriteSections64 (
Elf_Shdr *Shdr = GetShdrByIndex(Idx);
if ((*Filter)(Shdr)) {
switch (Shdr->sh_type) {
case SHT_PROGBITS:
/* Copy. */
+ if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
+ return FALSE;
+ }
memcpy(mCoffFile + mCoffSectionsOffset[Idx],
(UINT8*)mEhdr + Shdr->sh_offset,
(size_t) Shdr->sh_size);
break;
diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c
index 17913ff..6844c69 100644
--- a/BaseTools/Source/C/GenFw/ElfConvert.c
+++ b/BaseTools/Source/C/GenFw/ElfConvert.c
@@ -1,9 +1,9 @@
/** @file
Elf convert solution
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
@@ -56,10 +56,15 @@ UINT32 mCoffOffset;
// Offset in Coff file of headers and sections.
//
UINT32 mTableOffset;
//
+//mFileBufferSize
+//
+UINT32 mFileBufferSize;
+
+//
//*****************************************************************************
// Common ELF Functions
//*****************************************************************************
//
@@ -171,10 +176,11 @@ ConvertElf (
)
{
ELF_FUNCTION_TABLE ElfFunctions;
UINT8 EiClass;
+ mFileBufferSize = *FileLength;
//
// Determine ELF type and set function table pointer correctly.
//
VerboseMsg ("Check Elf Image Header");
EiClass = (*FileBuffer)[EI_CLASS];
@@ -199,13 +205,19 @@ ConvertElf (
//
// Write and relocate sections.
//
VerboseMsg ("Write and relocate sections.");
- ElfFunctions.WriteSections (SECTION_TEXT);
- ElfFunctions.WriteSections (SECTION_DATA);
- ElfFunctions.WriteSections (SECTION_HII);
+ if (!ElfFunctions.WriteSections (SECTION_TEXT)) {
+ return FALSE;
+ }
+ if (!ElfFunctions.WriteSections (SECTION_DATA)) {
+ return FALSE;
+ }
+ if (!ElfFunctions.WriteSections (SECTION_HII)) {
+ return FALSE;
+ }
//
// Translate and write relocations.
//
VerboseMsg ("Translate and write relocations.");
diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h
index abf434d..fc8c63f 100644
--- a/BaseTools/Source/C/GenFw/ElfConvert.h
+++ b/BaseTools/Source/C/GenFw/ElfConvert.h
@@ -1,9 +1,9 @@
/** @file
Header file for Elf convert solution
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
@@ -27,10 +27,11 @@ extern UINT32 mCoffOffset;
extern CHAR8 *mInImageName;
extern UINT32 mImageTimeStamp;
extern UINT8 *mCoffFile;
extern UINT32 mTableOffset;
extern UINT32 mOutImageType;
+extern UINT32 mFileBufferSize;
//
// Common EFI specific data.
//
#define ELF_HII_SECTION_NAME ".hii"
--
2.6.1.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Liming Gao <liming.gao@intel.com>
> -----Original Message-----
> From: Zhu, Yonghong
> Sent: Thursday, June 7, 2018 10:09 AM
> To: edk2-devel@lists.01.org
> Cc: Feng, YunhuaX <yunhuax.feng@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: [Patch] BaseTools: Fix Section header size larger than elf file size bug
>
> From: Yunhua Feng <yunhuax.feng@intel.com>
>
> Add the logic to handle the case that Section header size larger than
> elf file size.
>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Yonghong Zhu <yonghong.zhu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
> ---
> BaseTools/Source/C/GenFw/Elf32Convert.c | 3 +++
> BaseTools/Source/C/GenFw/Elf64Convert.c | 3 +++
> BaseTools/Source/C/GenFw/ElfConvert.c | 20 ++++++++++++++++----
> BaseTools/Source/C/GenFw/ElfConvert.h | 3 ++-
> 4 files changed, 24 insertions(+), 5 deletions(-)
>
> diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c
> index e0f6491..e26b10b 100644
> --- a/BaseTools/Source/C/GenFw/Elf32Convert.c
> +++ b/BaseTools/Source/C/GenFw/Elf32Convert.c
> @@ -672,10 +672,13 @@ WriteSections32 (
> Elf_Shdr *Shdr = GetShdrByIndex(Idx);
> if ((*Filter)(Shdr)) {
> switch (Shdr->sh_type) {
> case SHT_PROGBITS:
> /* Copy. */
> + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
> + return FALSE;
> + }
> memcpy(mCoffFile + mCoffSectionsOffset[Idx],
> (UINT8*)mEhdr + Shdr->sh_offset,
> Shdr->sh_size);
> break;
>
> diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
> index 9e68d22..cc0c2cf 100644
> --- a/BaseTools/Source/C/GenFw/Elf64Convert.c
> +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
> @@ -668,10 +668,13 @@ WriteSections64 (
> Elf_Shdr *Shdr = GetShdrByIndex(Idx);
> if ((*Filter)(Shdr)) {
> switch (Shdr->sh_type) {
> case SHT_PROGBITS:
> /* Copy. */
> + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
> + return FALSE;
> + }
> memcpy(mCoffFile + mCoffSectionsOffset[Idx],
> (UINT8*)mEhdr + Shdr->sh_offset,
> (size_t) Shdr->sh_size);
> break;
>
> diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c
> index 17913ff..6844c69 100644
> --- a/BaseTools/Source/C/GenFw/ElfConvert.c
> +++ b/BaseTools/Source/C/GenFw/ElfConvert.c
> @@ -1,9 +1,9 @@
> /** @file
> Elf convert solution
>
> -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
>
> This program and the accompanying materials are licensed and made available
> under the terms and conditions of the BSD License which accompanies this
> distribution. The full text of the license may be found at
> http://opensource.org/licenses/bsd-license.php
> @@ -56,10 +56,15 @@ UINT32 mCoffOffset;
> // Offset in Coff file of headers and sections.
> //
> UINT32 mTableOffset;
>
> //
> +//mFileBufferSize
> +//
> +UINT32 mFileBufferSize;
> +
> +//
> //*****************************************************************************
> // Common ELF Functions
> //*****************************************************************************
> //
>
> @@ -171,10 +176,11 @@ ConvertElf (
> )
> {
> ELF_FUNCTION_TABLE ElfFunctions;
> UINT8 EiClass;
>
> + mFileBufferSize = *FileLength;
> //
> // Determine ELF type and set function table pointer correctly.
> //
> VerboseMsg ("Check Elf Image Header");
> EiClass = (*FileBuffer)[EI_CLASS];
> @@ -199,13 +205,19 @@ ConvertElf (
>
> //
> // Write and relocate sections.
> //
> VerboseMsg ("Write and relocate sections.");
> - ElfFunctions.WriteSections (SECTION_TEXT);
> - ElfFunctions.WriteSections (SECTION_DATA);
> - ElfFunctions.WriteSections (SECTION_HII);
> + if (!ElfFunctions.WriteSections (SECTION_TEXT)) {
> + return FALSE;
> + }
> + if (!ElfFunctions.WriteSections (SECTION_DATA)) {
> + return FALSE;
> + }
> + if (!ElfFunctions.WriteSections (SECTION_HII)) {
> + return FALSE;
> + }
>
> //
> // Translate and write relocations.
> //
> VerboseMsg ("Translate and write relocations.");
> diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h
> index abf434d..fc8c63f 100644
> --- a/BaseTools/Source/C/GenFw/ElfConvert.h
> +++ b/BaseTools/Source/C/GenFw/ElfConvert.h
> @@ -1,9 +1,9 @@
> /** @file
> Header file for Elf convert solution
>
> -Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
>
> This program and the accompanying materials are licensed and made available
> under the terms and conditions of the BSD License which accompanies this
> distribution. The full text of the license may be found at
> http://opensource.org/licenses/bsd-license.php
> @@ -27,10 +27,11 @@ extern UINT32 mCoffOffset;
> extern CHAR8 *mInImageName;
> extern UINT32 mImageTimeStamp;
> extern UINT8 *mCoffFile;
> extern UINT32 mTableOffset;
> extern UINT32 mOutImageType;
> +extern UINT32 mFileBufferSize;
>
> //
> // Common EFI specific data.
> //
> #define ELF_HII_SECTION_NAME ".hii"
> --
> 2.6.1.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.