Enhanced verification of Offset(CVE-2019-14562)

[edk2-devel] [PATCH EDK2 v1 0/1] Enhanced verification of Offset(CVE-2019-14562)

wenyi,xie via groups.io posted 1 patch 3 years, 8 months ago

Download series mbox

Failed in applying to current master (apply log)

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf |  1 +
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h   |  1 +
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c   | 21 +++++++++++++++-----
3 files changed, 18 insertions(+), 5 deletions(-)

Expand all Fold all

[edk2-devel] [PATCH EDK2 v1 0/1] Enhanced verification of Offset(CVE-2019-14562)

Posted by wenyi,xie via groups.io 3 years, 8 months ago

Main Changes:
1.check offset inbetween VirtualAddress and VirtualAddress + Size.
2.Using SafeintLib to do offset addition with result check.

Code can also be found in github:
https://github.com/leadsama/edk2.git
branch: bug-2215-v1

Wenyi Xie (1):
  SecurityPkg/DxeImageVerificationLib:Enhanced verification of
    Offset(CVE-2019-14562)

 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf |  1 +
 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h   |  1 +
 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c   | 21 +++++++++++++++-----
 3 files changed, 18 insertions(+), 5 deletions(-)

-- 
2.20.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64059): https://edk2.groups.io/g/devel/message/64059
Mute This Topic: https://groups.io/mt/76143919/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-