From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web10.9054.1598951559103597976 for ; Tue, 01 Sep 2020 02:12:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=barNDapY; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598951558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=opxOr098HenlJSsnR3rCGfX2lLYCf/ZCZM69LBAPSG8=; b=barNDapYq3Q28teObxy1y9z5RWz1RXUgzBBTKjRG2ljlyXU/daFDhix4LzlSkIOQtt+7i8 Z+gvC4kiHV0Oolk4DI2B9DhfvA1hVBPijMHi5auCLiaeJ/9AEKXtixv7jpcXkvLyq/PcKq vI6uk3LgzOosF4D79+23JO9rnIYxC9k= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-15-3sAqj50vMi2wRN3BQRAt2A-1; Tue, 01 Sep 2020 05:12:30 -0400 X-MC-Unique: 3sAqj50vMi2wRN3BQRAt2A-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7E929425D3; Tue, 1 Sep 2020 09:12:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-251.ams2.redhat.com [10.36.112.251]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3C96410013C4; Tue, 1 Sep 2020 09:12:28 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jian J Wang , Jiewen Yao , Min Xu , Wenyi Xie Subject: [PATCH 3/3] SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562) Date: Tue, 1 Sep 2020 11:12:21 +0200 Message-Id: <20200901091221.20948-4-lersek@redhat.com> In-Reply-To: <20200901091221.20948-1-lersek@redhat.com> References: <20200901091221.20948-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: base64 VGhlIER4ZUltYWdlVmVyaWZpY2F0aW9uSGFuZGxlcigpIGZ1bmN0aW9uIGN1cnJlbnRseSBjaGVj a3Mgd2hldGhlcgoiU2VjRGF0YURpciIgaGFzIGVub3VnaCByb29tIGZvciAiV2luQ2VydGlmaWNh dGUtPmR3TGVuZ3RoIi4gSG93ZXZlciwgZm9yCmFkdmFuY2luZyAiT2ZmU2V0IiwgIldpbkNlcnRp ZmljYXRlLT5kd0xlbmd0aCIgaXMgYWxpZ25lZCB0byB0aGUgbmV4dAptdWx0aXBsZSBvZiA4LiBJ ZiAiV2luQ2VydGlmaWNhdGUtPmR3TGVuZ3RoIiBpcyBsYXJnZSBlbm91Z2gsIHRoZQphbGlnbm1l bnQgd2lsbCByZXR1cm4gMCwgYW5kICJPZmZTZXQiIHdpbGwgYmUgc3R1Y2sgYXQgdGhlIHNhbWUg dmFsdWUuCgpDaGVjayB3aGV0aGVyICJTZWNEYXRhRGlyIiBoYXMgcm9vbSBsZWZ0IGZvciBib3Ro CiJXaW5DZXJ0aWZpY2F0ZS0+ZHdMZW5ndGgiIGFuZCB0aGUgYWxpZ25tZW50LgoKQ2M6IEppYW4g SiBXYW5nIDxqaWFuLmoud2FuZ0BpbnRlbC5jb20+CkNjOiBKaWV3ZW4gWWFvIDxqaWV3ZW4ueWFv QGludGVsLmNvbT4KQ2M6IE1pbiBYdSA8bWluLm0ueHVAaW50ZWwuY29tPgpDYzogV2VueWkgWGll IDx4aWV3ZW55aTJAaHVhd2VpLmNvbT4KUmVmOiBodHRwczovL2J1Z3ppbGxhLnRpYW5vY29yZS5v cmcvc2hvd19idWcuY2dpP2lkPTIyMTUKU2lnbmVkLW9mZi1ieTogTGFzemxvIEVyc2VrIDxsZXJz ZWtAcmVkaGF0LmNvbT4KLS0tCiBTZWN1cml0eVBrZy9MaWJyYXJ5L0R4ZUltYWdlVmVyaWZpY2F0 aW9uTGliL0R4ZUltYWdlVmVyaWZpY2F0aW9uTGliLmMgfCA0ICsrKy0KIDEgZmlsZSBjaGFuZ2Vk LCAzIGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9TZWN1cml0eVBr Zy9MaWJyYXJ5L0R4ZUltYWdlVmVyaWZpY2F0aW9uTGliL0R4ZUltYWdlVmVyaWZpY2F0aW9uTGli LmMgYi9TZWN1cml0eVBrZy9MaWJyYXJ5L0R4ZUltYWdlVmVyaWZpY2F0aW9uTGliL0R4ZUltYWdl VmVyaWZpY2F0aW9uTGliLmMKaW5kZXggMTAwNzM5ZWIzZWI2Li4xMTE1NGI2Y2M1OGEgMTAwNjQ0 Ci0tLSBhL1NlY3VyaXR5UGtnL0xpYnJhcnkvRHhlSW1hZ2VWZXJpZmljYXRpb25MaWIvRHhlSW1h Z2VWZXJpZmljYXRpb25MaWIuYworKysgYi9TZWN1cml0eVBrZy9MaWJyYXJ5L0R4ZUltYWdlVmVy aWZpY2F0aW9uTGliL0R4ZUltYWdlVmVyaWZpY2F0aW9uTGliLmMKQEAgLTE4NjAsNyArMTg2MCw5 IEBAIER4ZUltYWdlVmVyaWZpY2F0aW9uSGFuZGxlciAoCiAgICAgICBicmVhazsNCiAgICAgfQ0K ICAgICBXaW5DZXJ0aWZpY2F0ZSA9IChXSU5fQ0VSVElGSUNBVEUgKikgKG1JbWFnZUJhc2UgKyBP ZmZTZXQpOw0KLSAgICBpZiAoU2VjRGF0YURpckxlZnQgPCBXaW5DZXJ0aWZpY2F0ZS0+ZHdMZW5n dGgpIHsNCisgICAgaWYgKFNlY0RhdGFEaXJMZWZ0IDwgV2luQ2VydGlmaWNhdGUtPmR3TGVuZ3Ro IHx8DQorICAgICAgICAoU2VjRGF0YURpckxlZnQgLSBXaW5DZXJ0aWZpY2F0ZS0+ZHdMZW5ndGgg PA0KKyAgICAgICAgIEFMSUdOX1NJWkUgKFdpbkNlcnRpZmljYXRlLT5kd0xlbmd0aCkpKSB7DQog ICAgICAgYnJlYWs7DQogICAgIH0NCiANCi0tIAoyLjE5LjEuMy5nMzAyNDdhYTVkMjAxCgo=