security fix: possible heap corruption with LzmaUefiDecompressGetInfo

[edk2-devel] [PATCH RESEND 0/1] security fix: possible heap corruption with LzmaUefiDecompressGetInfo

Posted by Laszlo Ersek 3 years, 5 months ago

Repo:   https://pagure.io/lersek/edk2.git
Branch: tianocore_1816_resend
Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1816

"RESEND" because I'm publicly posting the patch from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c9>.

The Reviewed-by tags on the patch originate from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c12> and
<https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c17>.

Repeated the simple regression test at
<https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c10>.

This series targets edk2-stable202011. I plan to merge it later this
week, based on Liming's R-b.

Liming, highlighting TianoCore#1816 in the "proposed features" list
could be useful.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>

Thanks!
Laszlo

Laszlo Ersek (1):
  MdeModulePkg/LzmaCustomDecompressLib: catch 4GB+ uncompressed buffer
    sizes

 MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h | 5 +++++
 MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c            | 7 +++++++
 2 files changed, 12 insertions(+)

-- 
2.19.1.3.g30247aa5d201



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67708): https://edk2.groups.io/g/devel/message/67708
Mute This Topic: https://groups.io/mt/78362921/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH RESEND 0/1] security fix: possible heap corruption with LzmaUefiDecompressGetInfo

Posted by Laszlo Ersek 3 years, 5 months ago

On 11/19/20 12:50, Laszlo Ersek wrote:
> Repo:   https://pagure.io/lersek/edk2.git
> Branch: tianocore_1816_resend
> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1816
> 
> "RESEND" because I'm publicly posting the patch from
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c9>.
> 
> The Reviewed-by tags on the patch originate from
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c12> and
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c17>.
> 
> Repeated the simple regression test at
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1816#c10>.
> 
> This series targets edk2-stable202011. I plan to merge it later this
> week, based on Liming's R-b.
> 
> Liming, highlighting TianoCore#1816 in the "proposed features" list
> could be useful.
> 
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
> 
> Thanks!
> Laszlo
> 
> Laszlo Ersek (1):
>   MdeModulePkg/LzmaCustomDecompressLib: catch 4GB+ uncompressed buffer
>     sizes
> 
>  MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h | 5 +++++
>  MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c            | 7 +++++++
>  2 files changed, 12 insertions(+)
> 

Merged as commit e7bd0dd26db7, via
<https://github.com/tianocore/edk2/pull/1138>.

Thanks,
Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67775): https://edk2.groups.io/g/devel/message/67775
Mute This Topic: https://groups.io/mt/78362921/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-