From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 321B094066C for ; Mon, 27 Nov 2023 00:41:56 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=TePfmi//vS/Hl/mKdgsCY3xIl4AEwW6UsJ4YkSsXJRY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1701045715; v=1; b=YqA/1EPYn8zyICuRsx8ndhapzj3dYgQlKieTMn6kbh9vR3APy6M3JcPpwvroKx5MZUiVOdFM LTIHj+AIiDL17x4ZrOYjORvckcYiHsofaHhpjBfVH4XGNwJFGrbdiYKsrnIK8Sn+W5jYW8m/pid lqOpPbklyZkjzv1gIht1TezI= X-Received: by 127.0.0.2 with SMTP id eGMQYY7687511x9xkry6TcaL; Sun, 26 Nov 2023 16:41:55 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10]) by mx.groups.io with SMTP id smtpd.web11.82585.1701045714775171041 for ; Sun, 26 Nov 2023 16:41:55 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10906"; a="5862799" X-IronPort-AV: E=Sophos;i="6.04,229,1695711600"; d="scan'208";a="5862799" X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Nov 2023 16:41:54 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10906"; a="838557521" X-IronPort-AV: E=Sophos;i="6.04,229,1695711600"; d="scan'208";a="838557521" X-Received: from cepingsx-mobl1.ccr.corp.intel.com ([10.239.49.140]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Nov 2023 16:41:52 -0800 From: "sunceping" To: devel@edk2.groups.io Cc: Ceping Sun , Jiewen Yao , Min Xu Subject: [edk2-devel] [PATCH V1 1/1] SecurityPkg/DxeTpm2MeasureBootLib: Check the Integer overflow Date: Mon, 27 Nov 2023 08:41:01 +0800 Message-Id: <20231127004101.495-1-cepingx.sun@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,cepingx.sun@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: L1vCo3rReL64iMN0Xn6Gb2Zhx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="YqA/1EPY"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Ceping Sun REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4604 Fields of NumberOfPartitionEntries and SizeOfPartitionEntry in PrimaryHeader are both UINT32. UINT32 * UINT32 produce UINT32 but it may overflow. So The result should be checked if it is overflow. Cc: Jiewen Yao Signed-off-by: Min Xu Signed-off-by: Ceping Sun --- .../Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c index 36a256a7af50..1f891ae7f216 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c @@ -210,6 +210,11 @@ Tcg2MeasureGptTable ( return EFI_BAD_BUFFER_SIZE; } + if (PrimaryHeader->NumberOfPartitionEntries > MAX_UINT32 / PrimaryHeader->SizeOfPartitionEntry) { + DEBUG ((DEBUG_ERROR, "Overflow of PrimaryHeader->NumberOfPartitionEntries(%d) * PrimaryHeader->SizeOfPartitionEntry(%d)\n", PrimaryHeader->NumberOfPartitionEntries, PrimaryHeader->SizeOfPartitionEntry)); + return EFI_INVALID_PARAMETER; + } + // // Read the partition entry. // -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111710): https://edk2.groups.io/g/devel/message/111710 Mute This Topic: https://groups.io/mt/102820849/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-