From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.92.89.32]) by mx.groups.io with SMTP id smtpd.web11.35468.1578906593154832183 for ; Mon, 13 Jan 2020 01:09:53 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: outlook.de, ip: 40.92.89.32, mailfrom: mhaeuser@outlook.de) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O1SSBuzZyfBzqD8ECkxDljNyjyPjIoV+PjzGrUP8N+D55STCw32EDXvFyR7w5m5g11btaTR4HH97Lxrr0DJQlcGQO9JO09kfLtDT/8hKDc6WgwMI345HESEBBDRu8xJDW2tU6ff9nHmveGDpEi5lv9Kz7pvPG2py9D4x733gyOiYt6ecGeHDKWBtNbMIDsLF7RajdJt93N6j5tnfrBNsHBlm1+kb0qBJYrb1KNoI1LdDXUocgE8xoeKl750Fp5zKXd1+okVlH/mJO6zsUQZnyY0hO9rbk7Ia0En8Nav6N37a3XX2GhERs4xt4HTy3scHGgL76jGEpdfWBBv+Ppn2BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Rbs0fjpLLMlY0er3uzdQMQNHZlCY8pOJ6j+k412EbXo=; b=cMXbIXJEWGxIUdqRppN3L7nZYKuZfh/KyTjLdu3J7wizB6ntT8Rvx9fXgn+n1WiCfsijEX0Uqz/mEoHUNmA0cLJPTtYVtbZej6XZ+wANpyU2XfZzIglDLPYEy20JJpbw3UB9aiEuytDO2LNaPoecaaBK+KqauzqFgI34CQDUKL/ystkDC95xk/N7YVipdLpNj0cc1Z5Njd2dkVxNPLV7kFaFXiaTQ0iY33+xaWhFI2/n5XOZxTohcivhrwTU8Sy9CvqMi8voADxIzL0m0PtK4KFKd8kK1tWOUP/P52EVMWvHnXTTgsRGNhbNRhgtuJeL6fUSujwU9Oq7ED/1jIp/oQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.de; dmarc=pass action=none header.from=outlook.de; dkim=pass header.d=outlook.de; arc=none Received: from AM6EUR05FT022.eop-eur05.prod.protection.outlook.com (10.233.240.57) by AM6EUR05HT258.eop-eur05.prod.protection.outlook.com (10.233.241.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.9; Mon, 13 Jan 2020 09:09:50 +0000 Received: from AM6PR07MB5859.eurprd07.prod.outlook.com (10.233.240.56) by AM6EUR05FT022.mail.protection.outlook.com (10.233.240.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.9 via Frontend Transport; Mon, 13 Jan 2020 09:09:50 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:5E72460D3D733D6EB89E7F69B45A7F8A59FACDEFE9213DA4F0282D6D5F2F077B;UpperCasedChecksum:3B96CE74D9D4C0CA78A8CC234D9D8EB1B471C518D87770B4524D29E8874DD817;SizeAsReceived:8813;Count:48 Received: from AM6PR07MB5859.eurprd07.prod.outlook.com ([fe80::ac17:f1f5:349c:d068]) by AM6PR07MB5859.eurprd07.prod.outlook.com ([fe80::ac17:f1f5:349c:d068%7]) with mapi id 15.20.2644.015; Mon, 13 Jan 2020 09:09:50 +0000 Subject: Re: [edk2-devel] [PATCH] MdePkg: PE loader should zero out dest buffer on allocation To: devel@edk2.groups.io, zhiguang.liu@intel.com Cc: Jian J Wang , Hao A Wu References: <20200113081854.9732-1-zhiguang.liu@intel.com> From: =?UTF-8?B?TWFydmluIEjDpHVzZXI=?= Message-ID: Date: Mon, 13 Jan 2020 10:09:50 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 In-Reply-To: <20200113081854.9732-1-zhiguang.liu@intel.com> X-ClientProxiedBy: AM0PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:208:ac::36) To AM6PR07MB5859.eurprd07.prod.outlook.com (2603:10a6:20b:37::21) Return-Path: mhaeuser@outlook.de X-Microsoft-Original-Message-ID: <8e9aea82-36ff-8b97-71fb-4e822aa1260b@outlook.de> MIME-Version: 1.0 Received: from [192.168.1.234] (95.88.229.20) by AM0PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:208:ac::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.5 via Frontend Transport; Mon, 13 Jan 2020 09:09:50 +0000 X-Microsoft-Original-Message-ID: <8e9aea82-36ff-8b97-71fb-4e822aa1260b@outlook.de> X-TMN: [cRLxjDSF7jo5asOBfE0HCgf/PSzEX/72] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 48 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 4a80bdfa-7762-41e9-a2e1-08d79808583a X-MS-TrafficTypeDiagnostic: AM6EUR05HT258: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fxbhCYlDj4uJjpB0dEKyNEu8iiGD22iIkM1kLlk2uTNWr7PYOoqyHjQBy9tROEJntxWkd2Q0vFi0vXRXAH/wXDcYCd+tSuKHZ3pAKInwGileU31g3fG2evnkrsYrStUcVe+LSwRcn5m4Tmk+V1jWsGKlybsz+ew3LNU3zWBmvUH1WUx+6PdzEnJ0BtqnkIx54CGTUYNoRpf0Mngi8szPiS18Iz9v8t6vbqHkQsnmu0s= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4a80bdfa-7762-41e9-a2e1-08d79808583a X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2020 09:09:50.8649 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6EUR05HT258 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Good day, Please see my comment in the related BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1999#c5 Best regards, Marvin Am 13.01.2020 um 09:18 schrieb Zhiguang Liu: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1999 > > When PE loader loads image to memory, the first section of image may > not locate right next to the image header, which causes some memory > space remaining uninitialized. This is a security issue. > This patch compares the ending address of image header and the beginning > address of the first section. If there is a gap, zero out this gap. > > Cc: Jian J Wang > Cc: Hao A Wu > Signed-off-by: Zhiguang Liu > --- > MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > index 07bb62f860..2cdfb4a082 100644 > --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c > @@ -1306,6 +1306,14 @@ PeCoffLoaderLoadImage ( > // Load each section of the image > // > Section = FirstSection; > + // > + // Zero out the memory space between image header and the first section > + // > + End = (CHAR8 *)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders); > + Base = PeCoffLoaderImageAddress (ImageContext, Section->VirtualAddress, TeStrippedOffset); > + if (End < Base) { > + ZeroMem (End, Base - End); > + } > for (Index = 0; Index < NumberOfSections; Index++) { > // > // Read the section >