From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=yonghong.zhu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B43D0210D97B1 for ; Wed, 6 Jun 2018 19:09:04 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Jun 2018 19:09:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,485,1520924400"; d="scan'208";a="64963305" Received: from shwdeopenpsi168.ccr.corp.intel.com ([10.239.158.129]) by orsmga002.jf.intel.com with ESMTP; 06 Jun 2018 19:09:03 -0700 From: Yonghong Zhu To: edk2-devel@lists.01.org Cc: Yunhua Feng , Liming Gao Date: Thu, 7 Jun 2018 10:08:59 +0800 Message-Id: <1528337339-1132-1-git-send-email-yonghong.zhu@intel.com> X-Mailer: git-send-email 2.6.1.windows.1 Subject: [Patch] BaseTools: Fix Section header size larger than elf file size bug X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2018 02:09:04 -0000 From: Yunhua Feng Add the logic to handle the case that Section header size larger than elf file size. Cc: Liming Gao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Yunhua Feng --- BaseTools/Source/C/GenFw/Elf32Convert.c | 3 +++ BaseTools/Source/C/GenFw/Elf64Convert.c | 3 +++ BaseTools/Source/C/GenFw/ElfConvert.c | 20 ++++++++++++++++---- BaseTools/Source/C/GenFw/ElfConvert.h | 3 ++- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c index e0f6491..e26b10b 100644 --- a/BaseTools/Source/C/GenFw/Elf32Convert.c +++ b/BaseTools/Source/C/GenFw/Elf32Convert.c @@ -672,10 +672,13 @@ WriteSections32 ( Elf_Shdr *Shdr = GetShdrByIndex(Idx); if ((*Filter)(Shdr)) { switch (Shdr->sh_type) { case SHT_PROGBITS: /* Copy. */ + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) { + return FALSE; + } memcpy(mCoffFile + mCoffSectionsOffset[Idx], (UINT8*)mEhdr + Shdr->sh_offset, Shdr->sh_size); break; diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c index 9e68d22..cc0c2cf 100644 --- a/BaseTools/Source/C/GenFw/Elf64Convert.c +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c @@ -668,10 +668,13 @@ WriteSections64 ( Elf_Shdr *Shdr = GetShdrByIndex(Idx); if ((*Filter)(Shdr)) { switch (Shdr->sh_type) { case SHT_PROGBITS: /* Copy. */ + if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) { + return FALSE; + } memcpy(mCoffFile + mCoffSectionsOffset[Idx], (UINT8*)mEhdr + Shdr->sh_offset, (size_t) Shdr->sh_size); break; diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c index 17913ff..6844c69 100644 --- a/BaseTools/Source/C/GenFw/ElfConvert.c +++ b/BaseTools/Source/C/GenFw/ElfConvert.c @@ -1,9 +1,9 @@ /** @file Elf convert solution -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -56,10 +56,15 @@ UINT32 mCoffOffset; // Offset in Coff file of headers and sections. // UINT32 mTableOffset; // +//mFileBufferSize +// +UINT32 mFileBufferSize; + +// //***************************************************************************** // Common ELF Functions //***************************************************************************** // @@ -171,10 +176,11 @@ ConvertElf ( ) { ELF_FUNCTION_TABLE ElfFunctions; UINT8 EiClass; + mFileBufferSize = *FileLength; // // Determine ELF type and set function table pointer correctly. // VerboseMsg ("Check Elf Image Header"); EiClass = (*FileBuffer)[EI_CLASS]; @@ -199,13 +205,19 @@ ConvertElf ( // // Write and relocate sections. // VerboseMsg ("Write and relocate sections."); - ElfFunctions.WriteSections (SECTION_TEXT); - ElfFunctions.WriteSections (SECTION_DATA); - ElfFunctions.WriteSections (SECTION_HII); + if (!ElfFunctions.WriteSections (SECTION_TEXT)) { + return FALSE; + } + if (!ElfFunctions.WriteSections (SECTION_DATA)) { + return FALSE; + } + if (!ElfFunctions.WriteSections (SECTION_HII)) { + return FALSE; + } // // Translate and write relocations. // VerboseMsg ("Translate and write relocations."); diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h index abf434d..fc8c63f 100644 --- a/BaseTools/Source/C/GenFw/ElfConvert.h +++ b/BaseTools/Source/C/GenFw/ElfConvert.h @@ -1,9 +1,9 @@ /** @file Header file for Elf convert solution -Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -27,10 +27,11 @@ extern UINT32 mCoffOffset; extern CHAR8 *mInImageName; extern UINT32 mImageTimeStamp; extern UINT8 *mCoffFile; extern UINT32 mTableOffset; extern UINT32 mOutImageType; +extern UINT32 mFileBufferSize; // // Common EFI specific data. // #define ELF_HII_SECTION_NAME ".hii" -- 2.6.1.windows.1