From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=chen.a.chen@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6E74A2194EB7A for ; Mon, 4 Mar 2019 16:21:58 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Mar 2019 16:21:57 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,441,1544515200"; d="scan'208";a="324193096" Received: from chenche4.ccr.corp.intel.com ([10.239.9.12]) by fmsmga006.fm.intel.com with ESMTP; 04 Mar 2019 16:21:56 -0800 From: Chen A Chen To: edk2-devel@lists.01.org Cc: Chen A Chen , Ray Ni , Eric Dong Date: Tue, 5 Mar 2019 08:21:18 +0800 Message-Id: <20190305002118.10572-1-chen.a.chen@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 Subject: [PATCH] UefiCpuPkg/Microcode.c: Add verification before calculate CheckSum32 X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2019 00:21:58 -0000 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1020 Should make sure the TotalSize of Microcode is aligned with 4 bytes before calling CalculateSum32 function. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chen A Chen Cc: Ray Ni Cc: Eric Dong --- UefiCpuPkg/Library/MpInitLib/Microcode.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/Microcode.c b/UefiCpuPkg/Library/MpInitLib/Microcode.c index 5f9ae22794..643a6f94f4 100644 --- a/UefiCpuPkg/Library/MpInitLib/Microcode.c +++ b/UefiCpuPkg/Library/MpInitLib/Microcode.c @@ -166,20 +166,29 @@ MicrocodeDetect ( // CorrectMicrocode = FALSE; - // - // Save an in-complete CheckSum32 from CheckSum Part1 for common parts. - // if (MicrocodeEntryPoint->DataSize == 0) { - InCompleteCheckSum32 = CalculateSum32 ( - (UINT32 *) MicrocodeEntryPoint, - sizeof (CPU_MICROCODE_HEADER) + 2000 - ); + TotalSize = sizeof (CPU_MICROCODE_HEADER) + 2000; } else { - InCompleteCheckSum32 = CalculateSum32 ( - (UINT32 *) MicrocodeEntryPoint, - sizeof (CPU_MICROCODE_HEADER) + MicrocodeEntryPoint->DataSize - ); + TotalSize = sizeof (CPU_MICROCODE_HEADER) + MicrocodeEntryPoint->DataSize; } + + /// + /// Check overflow and whether TotalSize is aligned with 4 bytes. + /// + if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd || + (TotalSize & 0x3) != 0 + ) { + MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (((UINTN) MicrocodeEntryPoint) + SIZE_1KB); + continue; + } + + // + // Save an in-complete CheckSum32 from CheckSum Part1 for common parts. + // + InCompleteCheckSum32 = CalculateSum32 ( + (UINT32 *) MicrocodeEntryPoint, + TotalSize + ); InCompleteCheckSum32 -= MicrocodeEntryPoint->ProcessorSignature.Uint32; InCompleteCheckSum32 -= MicrocodeEntryPoint->ProcessorFlags; InCompleteCheckSum32 -= MicrocodeEntryPoint->Checksum; -- 2.16.2.windows.1