Main Changes:
1.check offset inbetween VirtualAddress and VirtualAddress + Size.
2.Using SafeintLib to do offset addition with result check.
Code can also be found in github:
https://github.com/leadsama/edk2.git
branch: bug-2215-v1
Wenyi Xie (1):
SecurityPkg/DxeImageVerificationLib:Enhanced verification of
Offset(CVE-2019-14562)
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf | 1 +
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h | 1 +
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 21 +++++++++++++++-----
3 files changed, 18 insertions(+), 5 deletions(-)
--
2.20.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#64059): https://edk2.groups.io/g/devel/message/64059
Mute This Topic: https://groups.io/mt/76143919/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-