From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.92.89.32])
 by mx.groups.io with SMTP id smtpd.web11.35468.1578906593154832183
 for <devel@edk2.groups.io>;
 Mon, 13 Jan 2020 01:09:53 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: outlook.de, ip: 40.92.89.32, mailfrom: mhaeuser@outlook.de)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=O1SSBuzZyfBzqD8ECkxDljNyjyPjIoV+PjzGrUP8N+D55STCw32EDXvFyR7w5m5g11btaTR4HH97Lxrr0DJQlcGQO9JO09kfLtDT/8hKDc6WgwMI345HESEBBDRu8xJDW2tU6ff9nHmveGDpEi5lv9Kz7pvPG2py9D4x733gyOiYt6ecGeHDKWBtNbMIDsLF7RajdJt93N6j5tnfrBNsHBlm1+kb0qBJYrb1KNoI1LdDXUocgE8xoeKl750Fp5zKXd1+okVlH/mJO6zsUQZnyY0hO9rbk7Ia0En8Nav6N37a3XX2GhERs4xt4HTy3scHGgL76jGEpdfWBBv+Ppn2BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Rbs0fjpLLMlY0er3uzdQMQNHZlCY8pOJ6j+k412EbXo=;
 b=cMXbIXJEWGxIUdqRppN3L7nZYKuZfh/KyTjLdu3J7wizB6ntT8Rvx9fXgn+n1WiCfsijEX0Uqz/mEoHUNmA0cLJPTtYVtbZej6XZ+wANpyU2XfZzIglDLPYEy20JJpbw3UB9aiEuytDO2LNaPoecaaBK+KqauzqFgI34CQDUKL/ystkDC95xk/N7YVipdLpNj0cc1Z5Njd2dkVxNPLV7kFaFXiaTQ0iY33+xaWhFI2/n5XOZxTohcivhrwTU8Sy9CvqMi8voADxIzL0m0PtK4KFKd8kK1tWOUP/P52EVMWvHnXTTgsRGNhbNRhgtuJeL6fUSujwU9Oq7ED/1jIp/oQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=outlook.de; dmarc=pass action=none header.from=outlook.de;
 dkim=pass header.d=outlook.de; arc=none
Received: from AM6EUR05FT022.eop-eur05.prod.protection.outlook.com
 (10.233.240.57) by AM6EUR05HT258.eop-eur05.prod.protection.outlook.com
 (10.233.241.90) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.9; Mon, 13 Jan
 2020 09:09:50 +0000
Received: from AM6PR07MB5859.eurprd07.prod.outlook.com (10.233.240.56) by
 AM6EUR05FT022.mail.protection.outlook.com (10.233.240.168) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2623.9 via Frontend Transport; Mon, 13 Jan 2020 09:09:50 +0000
X-IncomingTopHeaderMarker: 
 OriginalChecksum:5E72460D3D733D6EB89E7F69B45A7F8A59FACDEFE9213DA4F0282D6D5F2F077B;UpperCasedChecksum:3B96CE74D9D4C0CA78A8CC234D9D8EB1B471C518D87770B4524D29E8874DD817;SizeAsReceived:8813;Count:48
Received: from AM6PR07MB5859.eurprd07.prod.outlook.com
 ([fe80::ac17:f1f5:349c:d068]) by AM6PR07MB5859.eurprd07.prod.outlook.com
 ([fe80::ac17:f1f5:349c:d068%7]) with mapi id 15.20.2644.015; Mon, 13 Jan 2020
 09:09:50 +0000
Subject: Re: [edk2-devel] [PATCH] MdePkg: PE loader should zero out dest buffer on allocation
To: devel@edk2.groups.io, zhiguang.liu@intel.com
Cc: Jian J Wang <jian.j.wang@intel.com>, Hao A Wu <hao.a.wu@intel.com>
References: <20200113081854.9732-1-zhiguang.liu@intel.com>
From: =?UTF-8?B?TWFydmluIEjDpHVzZXI=?= <mhaeuser@outlook.de>
Message-ID: 
 <AM6PR07MB5859007493DA84FAA1D6BEF5AC350@AM6PR07MB5859.eurprd07.prod.outlook.com>
Date: Mon, 13 Jan 2020 10:09:50 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101
 Thunderbird/68.3.1
In-Reply-To: <20200113081854.9732-1-zhiguang.liu@intel.com>
X-ClientProxiedBy: AM0PR07CA0023.eurprd07.prod.outlook.com
 (2603:10a6:208:ac::36) To AM6PR07MB5859.eurprd07.prod.outlook.com
 (2603:10a6:20b:37::21)
Return-Path: mhaeuser@outlook.de
X-Microsoft-Original-Message-ID: 
 <8e9aea82-36ff-8b97-71fb-4e822aa1260b@outlook.de>
MIME-Version: 1.0
Received: from [192.168.1.234] (95.88.229.20) by AM0PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:208:ac::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.5 via Frontend Transport; Mon, 13 Jan 2020 09:09:50 +0000
X-Microsoft-Original-Message-ID: 
 <8e9aea82-36ff-8b97-71fb-4e822aa1260b@outlook.de>
X-TMN: [cRLxjDSF7jo5asOBfE0HCgf/PSzEX/72]
X-MS-PublicTrafficType: Email
X-IncomingHeaderCount: 48
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-Correlation-Id: 4a80bdfa-7762-41e9-a2e1-08d79808583a
X-MS-TrafficTypeDiagnostic: AM6EUR05HT258:
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	fxbhCYlDj4uJjpB0dEKyNEu8iiGD22iIkM1kLlk2uTNWr7PYOoqyHjQBy9tROEJntxWkd2Q0vFi0vXRXAH/wXDcYCd+tSuKHZ3pAKInwGileU31g3fG2evnkrsYrStUcVe+LSwRcn5m4Tmk+V1jWsGKlybsz+ew3LNU3zWBmvUH1WUx+6PdzEnJ0BtqnkIx54CGTUYNoRpf0Mngi8szPiS18Iz9v8t6vbqHkQsnmu0s=
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4a80bdfa-7762-41e9-a2e1-08d79808583a
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2020 09:09:50.8649
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
	00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6EUR05HT258
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Good day,

Please see my comment in the related BZ: 
https://bugzilla.tianocore.org/show_bug.cgi?id=1999#c5

Best regards,
Marvin

Am 13.01.2020 um 09:18 schrieb Zhiguang Liu:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1999
> 
> When PE loader loads image to memory, the first section of image may
> not locate right next to the image header, which causes some memory
> space remaining uninitialized. This is a security issue.
> This patch compares the ending address of image header and the beginning
> address of the first section. If there is a gap, zero out this gap.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
> ---
>   MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
> 
> diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
> index 07bb62f860..2cdfb4a082 100644
> --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
> +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
> @@ -1306,6 +1306,14 @@ PeCoffLoaderLoadImage (
>     // Load each section of the image
>     //
>     Section = FirstSection;
> +  //
> +  // Zero out the memory space between image header and the first section
> +  //
> +  End  = (CHAR8 *)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders);
> +  Base = PeCoffLoaderImageAddress (ImageContext, Section->VirtualAddress, TeStrippedOffset);
> +  if (End < Base) {
> +    ZeroMem (End, Base - End);
> +  }
>     for (Index = 0; Index < NumberOfSections; Index++) {
>       //
>       // Read the section
>