Re: [Patch] BaseTools: Fix Section header size larger than elf file size bug

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Gao, Liming" <liming.gao@intel.com>
To: "Zhu, Yonghong" <yonghong.zhu@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Feng, YunhuaX" <yunhuax.feng@intel.com>
Subject: Re: [Patch] BaseTools: Fix Section header size larger than elf file size bug
Date: Fri, 8 Jun 2018 03:38:47 +0000	[thread overview]
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E294A24@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <1528337339-1132-1-git-send-email-yonghong.zhu@intel.com>

Reviewed-by: Liming Gao <liming.gao@intel.com>

> -----Original Message-----
> From: Zhu, Yonghong
> Sent: Thursday, June 7, 2018 10:09 AM
> To: edk2-devel@lists.01.org
> Cc: Feng, YunhuaX <yunhuax.feng@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: [Patch] BaseTools: Fix Section header size larger than elf file size bug
> 
> From: Yunhua Feng <yunhuax.feng@intel.com>
> 
> Add the logic to handle the case that Section header size larger than
> elf file size.
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Yonghong Zhu <yonghong.zhu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
> ---
>  BaseTools/Source/C/GenFw/Elf32Convert.c |  3 +++
>  BaseTools/Source/C/GenFw/Elf64Convert.c |  3 +++
>  BaseTools/Source/C/GenFw/ElfConvert.c   | 20 ++++++++++++++++----
>  BaseTools/Source/C/GenFw/ElfConvert.h   |  3 ++-
>  4 files changed, 24 insertions(+), 5 deletions(-)
> 
> diff --git a/BaseTools/Source/C/GenFw/Elf32Convert.c b/BaseTools/Source/C/GenFw/Elf32Convert.c
> index e0f6491..e26b10b 100644
> --- a/BaseTools/Source/C/GenFw/Elf32Convert.c
> +++ b/BaseTools/Source/C/GenFw/Elf32Convert.c
> @@ -672,10 +672,13 @@ WriteSections32 (
>      Elf_Shdr *Shdr = GetShdrByIndex(Idx);
>      if ((*Filter)(Shdr)) {
>        switch (Shdr->sh_type) {
>        case SHT_PROGBITS:
>          /* Copy.  */
> +        if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
> +          return FALSE;
> +        }
>          memcpy(mCoffFile + mCoffSectionsOffset[Idx],
>                (UINT8*)mEhdr + Shdr->sh_offset,
>                Shdr->sh_size);
>          break;
> 
> diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
> index 9e68d22..cc0c2cf 100644
> --- a/BaseTools/Source/C/GenFw/Elf64Convert.c
> +++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
> @@ -668,10 +668,13 @@ WriteSections64 (
>      Elf_Shdr *Shdr = GetShdrByIndex(Idx);
>      if ((*Filter)(Shdr)) {
>        switch (Shdr->sh_type) {
>        case SHT_PROGBITS:
>          /* Copy.  */
> +        if (Shdr->sh_offset + Shdr->sh_size > mFileBufferSize) {
> +          return FALSE;
> +        }
>          memcpy(mCoffFile + mCoffSectionsOffset[Idx],
>                (UINT8*)mEhdr + Shdr->sh_offset,
>                (size_t) Shdr->sh_size);
>          break;
> 
> diff --git a/BaseTools/Source/C/GenFw/ElfConvert.c b/BaseTools/Source/C/GenFw/ElfConvert.c
> index 17913ff..6844c69 100644
> --- a/BaseTools/Source/C/GenFw/ElfConvert.c
> +++ b/BaseTools/Source/C/GenFw/ElfConvert.c
> @@ -1,9 +1,9 @@
>  /** @file
>  Elf convert solution
> 
> -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> 
>  This program and the accompanying materials are licensed and made available
>  under the terms and conditions of the BSD License which accompanies this
>  distribution.  The full text of the license may be found at
>  http://opensource.org/licenses/bsd-license.php
> @@ -56,10 +56,15 @@ UINT32 mCoffOffset;
>  // Offset in Coff file of headers and sections.
>  //
>  UINT32 mTableOffset;
> 
>  //
> +//mFileBufferSize
> +//
> +UINT32 mFileBufferSize;
> +
> +//
>  //*****************************************************************************
>  // Common ELF Functions
>  //*****************************************************************************
>  //
> 
> @@ -171,10 +176,11 @@ ConvertElf (
>    )
>  {
>    ELF_FUNCTION_TABLE              ElfFunctions;
>    UINT8                           EiClass;
> 
> +  mFileBufferSize = *FileLength;
>    //
>    // Determine ELF type and set function table pointer correctly.
>    //
>    VerboseMsg ("Check Elf Image Header");
>    EiClass = (*FileBuffer)[EI_CLASS];
> @@ -199,13 +205,19 @@ ConvertElf (
> 
>    //
>    // Write and relocate sections.
>    //
>    VerboseMsg ("Write and relocate sections.");
> -  ElfFunctions.WriteSections (SECTION_TEXT);
> -  ElfFunctions.WriteSections (SECTION_DATA);
> -  ElfFunctions.WriteSections (SECTION_HII);
> +  if (!ElfFunctions.WriteSections (SECTION_TEXT)) {
> +    return FALSE;
> +  }
> +  if (!ElfFunctions.WriteSections (SECTION_DATA)) {
> +    return FALSE;
> +  }
> +  if (!ElfFunctions.WriteSections (SECTION_HII)) {
> +    return FALSE;
> +  }
> 
>    //
>    // Translate and write relocations.
>    //
>    VerboseMsg ("Translate and write relocations.");
> diff --git a/BaseTools/Source/C/GenFw/ElfConvert.h b/BaseTools/Source/C/GenFw/ElfConvert.h
> index abf434d..fc8c63f 100644
> --- a/BaseTools/Source/C/GenFw/ElfConvert.h
> +++ b/BaseTools/Source/C/GenFw/ElfConvert.h
> @@ -1,9 +1,9 @@
>  /** @file
>  Header file for Elf convert solution
> 
> -Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> 
>  This program and the accompanying materials are licensed and made available
>  under the terms and conditions of the BSD License which accompanies this
>  distribution.  The full text of the license may be found at
>  http://opensource.org/licenses/bsd-license.php
> @@ -27,10 +27,11 @@ extern UINT32 mCoffOffset;
>  extern CHAR8  *mInImageName;
>  extern UINT32 mImageTimeStamp;
>  extern UINT8  *mCoffFile;
>  extern UINT32 mTableOffset;
>  extern UINT32 mOutImageType;
> +extern UINT32 mFileBufferSize;
> 
>  //
>  // Common EFI specific data.
>  //
>  #define ELF_HII_SECTION_NAME ".hii"
> --
> 2.6.1.windows.1

     prev parent reply	other threads:[~2018-06-08  3:38 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-07  2:08 [Patch] BaseTools: Fix Section header size larger than elf file size bug Yonghong Zhu
2018-06-08  3:38 ` Gao, Liming [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A89E2EF3DFEDB4C8BFDE51014F606A14E294A24@SHSMSX104.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox