From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web12.2539.1585819396326785905 for ; Thu, 02 Apr 2020 02:23:16 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: yunhuax.feng@intel.com) IronPort-SDR: 6z/PyvcVBbU8Psquo3YB7sMhqEH42ul5OHk3lnz1mR4yKrjHRSBGwyyeiMUsyk4uwnH6aJXopU GSGzrVG505DA== X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Apr 2020 02:23:15 -0700 IronPort-SDR: GDL8mSVCW0nL3RHOuAROyOAjJeJAZQoSbPxpIGgNYUjLS2kDYlwDpSK4eAjr3Xk0itlLSbIM4l h9OjtOfuabhA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,335,1580803200"; d="dat'59?scan'59,208,59";a="243012062" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga008.jf.intel.com with ESMTP; 02 Apr 2020 02:23:14 -0700 Received: from shsmsx602.ccr.corp.intel.com (10.109.6.142) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 2 Apr 2020 02:23:13 -0700 Received: from shsmsx605.ccr.corp.intel.com (10.109.6.215) by SHSMSX602.ccr.corp.intel.com (10.109.6.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 2 Apr 2020 17:23:11 +0800 Received: from shsmsx605.ccr.corp.intel.com ([10.109.6.215]) by SHSMSX605.ccr.corp.intel.com ([10.109.6.215]) with mapi id 15.01.1713.004; Thu, 2 Apr 2020 17:23:11 +0800 From: "Feng, YunhuaX" To: "devel@edk2.groups.io" CC: "Feng, Bob C" , "Gao, Liming" Subject: [edk2-staging][PATCH] BaseTools/Fmmt: Enhance for check input FD size Thread-Topic: [edk2-staging][PATCH] BaseTools/Fmmt: Enhance for check input FD size Thread-Index: AdX8wyZi/riU2Y7QTLumctCnv45a2g== Date: Thu, 2 Apr 2020 09:23:11 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.36] MIME-Version: 1.0 Return-Path: yunhuax.feng@intel.com X-Groupsio-MsgNum: 56891 Content-Type: multipart/mixed; boundary="_000_b5b6eed00ed64598973022a6e87d351cintelcom_" Content-Language: en-US --_000_b5b6eed00ed64598973022a6e87d351cintelcom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Enhance for check input FD if empty file or not. Cc: Bob Feng Cc: Liming Gao Signed-off-by: Yunhua Feng --- BaseTools/Source/C/FMMT/FirmwareModuleManagement.c | 2 +- BaseTools/Source/C/FMMT/FmmtLib.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/BaseTools/Source/C/FMMT/FirmwareModuleManagement.c b/BaseTools= /Source/C/FMMT/FirmwareModuleManagement.c index db9b585541..4252c698aa 100644 --- a/BaseTools/Source/C/FMMT/FirmwareModuleManagement.c +++ b/BaseTools/Source/C/FMMT/FirmwareModuleManagement.c @@ -833,11 +833,11 @@ FmmtImageView ( } =20 Status =3D LibFindFvInFd (InputFile, &LocalFdData); =20 if (EFI_ERROR(Status)) { - Error("FMMT", 0, 1001, "Error while search FV in FD", ""); + Error("FMMT", 0, 1001, "Error while search FV in FD", FdInName); fclose (InputFile); return EFI_ABORTED; } =20 CurrentFv =3D LocalFdData->Fv; diff --git a/BaseTools/Source/C/FMMT/FmmtLib.c b/BaseTools/Source/C/FMMT/Fm= mtLib.c index cdbee3d629..30deec532f 100644 --- a/BaseTools/Source/C/FMMT/FmmtLib.c +++ b/BaseTools/Source/C/FMMT/FmmtLib.c @@ -265,10 +265,15 @@ LibFindFvInFd ( } =20 FdBufferOri =3D FdBuffer; FdBufferEnd =3D FdBuffer + FdSize; =20 + if (FdSize < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + Error ("FMMT", 0, 0002, "Error Check the input FD, Please make sure th= e FD is valid", "Check FD size error!"); + return EFI_ABORTED; + } + while (FdBuffer <=3D FdBufferEnd - sizeof (EFI_FIRMWARE_VOLUME_HEADER)) = { FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *) FdBuffer; // // Copy 4 bytes of fd data to check the _FVH signature // --=20 2.12.2.windows.2 --_000_b5b6eed00ed64598973022a6e87d351cintelcom_ Content-Disposition: attachment; filename="winmail.dat" Content-Transfer-Encoding: base64 Content-Type: application/ms-tnef; name="winmail.dat" eJ8+IjwHAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEJgAEAIQAAADE0NjQ0NThG NkQ1NTc1NDA4RDlGNERCNkE1MDY4NDVEABYHAQ2ABAACAAAAAgACAAEFgAMADgAAAOQHBAACAAkA FwALAAQAIAEBIIADAA4AAADkBwQAAgAJABcACwAEACABAQiABwAYAAAASVBNLk1pY3Jvc29mdCBN YWlsLk5vdGUAMQgBBIABAEYAAABbZWRrMi1zdGFnaW5nXVtQQVRDSF0gQmFzZVRvb2xzL0ZtbXQ6 IEVuaGFuY2UgZm9yIGNoZWNrIGlucHV0IEZEIHNpemUANRgBC4ABACEAAAAxNDY0NDU4RjZENTU3 NTQwOEQ5RjREQjZBNTA2ODQ1RAAWBwEDkAYAFBUAAEUAAAACAX8AAQAAAC0AAAA8YjViNmVlZDAw ZWQ2NDU5ODk3MzAyMmE2ZTg3ZDM1MWNAaW50ZWwuY29tPgAAAAALAB8OAAAAAAIBCRABAAAAvwQA ALsEAAAwCQAATFpGdRA8bIphAApmYmlkBAAAY2PAcGcxMjUyAP4DQ/B0ZXh0AfcCpAPjAgAEY2gK wHNldDAg7wdtAoMAUBFNMgqABrQCgJZ9CoAIyDsJYjE5DsC/CcMWcgoyFnECgBViKgmwcwnwBJBh dAWyDlADYHOibwGAIEV4EcFuGDBdBlJ2BJAXtgIQcgDAdH0IUG4aMRAgBcAFoBtkZJogA1IgECIX slx2CJDkd2sLgGQ1HVME8AdADRdwMApxF/Jia21rBnMBkAAgIEJNX0LgRUdJTn0K/AHxC/F1GWBu GaFjGeAa4RvQaEkFkGsgC4BwdQVARkJEIrBmIGVtBTB5DxxwAxAZ4AWxbm90LjRcbAuAZQqBJLRD YzI6H7BvYiMQCfBnIII8BuBiLmMuZiYRtkALgBAgbCaQA3A+JRmOTAdwC4AmMEdhbyZAcySwKIIu ZyjgJw8UwGkSZxhQZC0ZMGYtYpJ5JaBZdSGwdWEl9dp5K+N4Jr8ktC0ugCSlJR+wYRIAVG8G8HMv BlMIYSHwL0MvRk1UTVQwUGkbAHcKwGWqTQRwdR5wTQBwYRgwBweAAjAmkCB8IDIgdisury+/bRAQ KGAmgSD7NV8yYDUykDayMsYygCPiwwQgGZRkLCA2IrESAIUAIGkCIHMoKyk4cBwxIAEAHnA5Aigt KZckrA3gASAgLoBnaQVA3GEvM08wTzFfYjwfPS8fPj8kpR2xEDA5sGI5YgA1ODU1NDEuLoI0DqFj Njk4YSwg8R6RNjQ0Lhg7/0BfQW8/Qnc2sT9PRu9H/0J3QEBBO5A4MzMsMTmgK7dNxU2BNMJJAMAY MFYdcewgKDLGNWBcIEAy1U/YUlMBkHR1BCA9KFFig0twHcBGdkluRhxgPihS0CLhS3AecDhwJkyW bx5RUvBEGIBhKRYgA1CvI1EoRUZJX0UgUlJPUihRtCkpTwMwAAAuJTViRXIDYHLUKCJLIiI4cDA5 gR6gijE4cCJYMyB3aCPy7xIACsARwCMQViKxIxFY4fwiIlSnSbBYD1kfWi9bNPNS8FLQTmEHgFSo NWIRsP8JABIAUxlgfAlwUeAEoVYixEFCVpBURURgiVB//TVhQwhwCXACMFKwUhJUCPwtPlKwVLY7 X0o/NJtJ3xtqT0KMY0NgCeAzZDZkMjlEADMwAQAFkDX8MzIjYETfaT9sj0kfcU9jcl9NVTI2NU3w EjArf3azNpBNgVJNZH9Q61LwQvZ1ASAEkE8FEFIReqZgiX96piGgHGB7aDKQX+Eq4Hr+ZVS+XEFV 4n5EJkBewH5xBxkwVhNWMFJNV0FSgEVfVk9MVU2BwPBIRUFEVmBXKlxIeKBTXPkeoDAyXedDInN0 tyJwIrc4cFAecHQBIADAfmtesQhwGeCGEiMiBCB2/wdADdBbYoW0IyGAoiNwXKL+IVutY09kV1xB eWc29zVg9150gAF9tTx7aH0ycNCApN9WBIFfgm81Y1KwSF7gBIHnUhGQ/5IIICpXMHuPNWJMLy+W 7GZAb3AjwDT9c8B5ECAEIJDBBXA5sFRxnxzAKPAiZIYSlKBWSICRPysAUdEJcJbvLkRRBjIu3Q6Q Lp3QA/AdwG8eMJ4QBySsFUKf8AAfAEIAAQAAABwAAABGAGUAbgBnACwAIABZAHUAbgBoAHUAYQBY AAAAHwBlAAEAAAAuAAAAeQB1AG4AaAB1AGEAeAAuAGYAZQBuAGcAQABpAG4AdABlAGwALgBjAG8A bQAAAAAAHwBkAAEAAAAKAAAAUwBNAFQAUAAAAAAAAgFBAAEAAABsAAAAAAAAAIErH6S+oxAZnW4A 3QEPVAIAAACARgBlAG4AZwAsACAAWQB1AG4AaAB1AGEAWAAAAFMATQBUAFAAAAB5AHUAbgBoAHUA YQB4AC4AZgBlAG4AZwBAAGkAbgB0AGUAbAAuAGMAbwBtAAAAHwACXQEAAAAuAAAAeQB1AG4AaAB1 AGEAeAAuAGYAZQBuAGcAQABpAG4AdABlAGwALgBjAG8AbQAAAAAAHwDlXwEAAAA2AAAAcwBpAHAA OgB5AHUAbgBoAHUAYQB4AC4AZgBlAG4AZwBAAGkAbgB0AGUAbAAuAGMAbwBtAAAAAAAfABoMAQAA ABwAAABGAGUAbgBnACwAIABZAHUAbgBoAHUAYQBYAAAAHwAfDAEAAAAuAAAAeQB1AG4AaAB1AGEA eAAuAGYAZQBuAGcAQABpAG4AdABlAGwALgBjAG8AbQAAAAAAHwAeDAEAAAAKAAAAUwBNAFQAUAAA AAAAAgEZDAEAAABsAAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAACARgBlAG4AZwAsACAAWQB1AG4A aAB1AGEAWAAAAFMATQBUAFAAAAB5AHUAbgBoAHUAYQB4AC4AZgBlAG4AZwBAAGkAbgB0AGUAbAAu AGMAbwBtAAAAHwABXQEAAAAuAAAAeQB1AG4AaAB1AGEAeAAuAGYAZQBuAGcAQABpAG4AdABlAGwA LgBjAG8AbQAAAAAACwBAOgEAAAAfABoAAQAAABIAAABJAFAATQAuAE4AbwB0AGUAAAAAAAMA8T8J BAAACwBAOgEAAAADAP0/5AQAAAIBCzABAAAAEAAAABRkRY9tVXVAjZ9NtqUGhF0DABcAAQAAAEAA OQCAaQdU0AjWAUAACDAKMklU0AjWAQsAKQAAAAAAHwDZPwEAAAAAAgAARQBuAGgAYQBuAGMAZQAg AGYAbwByACAAYwBoAGUAYwBrACAAaQBuAHAAdQB0ACAARgBEACAAaQBmACAAZQBtAHAAdAB5ACAA ZgBpAGwAZQAgAG8AcgAgAG4AbwB0AC4ADQAKAA0ACgBDAGMAOgAgAEIAbwBiACAARgBlAG4AZwAg ADwAYgBvAGIALgBjAC4AZgBlAG4AZwBAAGkAbgB0AGUAbAAuAGMAbwBtAD4ADQAKAEMAYwA6ACAA TABpAG0AaQBuAGcAIABHAGEAbwAgADwAbABpAG0AaQBuAGcALgBnAGEAbwBAAGkAbgB0AGUAbAAu AGMAbwBtAD4ADQAKAFMAaQBnAG4AZQBkAC0AbwBmAGYALQBiAHkAOgAgAFkAdQBuAGgAdQBhACAA RgBlAG4AZwAgADwAeQB1AG4AaAB1AGEAeAAuAGYAZQBuAGcAQABpAG4AdABlAGwALgBjAG8AbQA+ AA0ACgAtAC0ALQANAAoAIABCAGEAcwBlAFQAbwBvAGwAcwAvAFMAbwB1AHIAYwBlAC8AQwAvAEYA TQBNAFQALwBGAGkAcgBtAHcAYQByAGUATQBvAGQAdQBsAGUATQBhAG4AYQBnAGUAbQBlAG4AdAAu AGMAIAB8ACAAMgAgACsALQANAAoAIABCAGEAcwBlAFQAbwBvAGwAAAALAACACCAGAAAAAADAAAAA AAAARgAAAAAUhQAAAQAAAB8AAICGAwIAAAAAAMAAAAAAAABGAQAAAB4AAABhAGMAYwBlAHAAdABs AGEAbgBnAHUAYQBnAGUAAAAAAAEAAAAMAAAAZQBuAC0AVQBTAAAAAwAAgAggBgAAAAAAwAAAAAAA AEYBAAAAMgAAAEUAeABjAGgAYQBuAGcAZQBBAHAAcABsAGkAYwBhAHQAaQBvAG4ARgBsAGEAZwBz AAAAAAAgAAAASAAAgAggBgAAAAAAwAAAAAAAAEYBAAAAIgAAAE4AZQB0AHcAbwByAGsATQBlAHMA cwBhAGcAZQBJAGQAAAAAAJuAUBZZzC1EMjoI19bndt8fAACAE4/yQfSDFEGlhO7bWmsL/wEAAAAW AAAAQwBsAGkAZQBuAHQASQBuAGYAbwAAAAAAAQAAACoAAABDAGwAaQBlAG4AdAA9AE0AUwBFAHgA YwBoAGEAbgBnAGUAUgBQAEMAAAAAAB8A+j8BAAAAHAAAAEYAZQBuAGcALAAgAFkAdQBuAGgAdQBh AFgAAAAfADcAAQAAAIwAAABbAGUAZABrADIALQBzAHQAYQBnAGkAbgBnAF0AWwBQAEEAVABDAEgA XQAgAEIAYQBzAGUAVABvAG8AbABzAC8ARgBtAG0AdAA6ACAARQBuAGgAYQBuAGMAZQAgAGYAbwBy ACAAYwBoAGUAYwBrACAAaQBuAHAAdQB0ACAARgBEACAAcwBpAHoAZQAAAB8APQABAAAAAgAAAAAA AAADADYAAAAAAAIBcQABAAAAFgAAAAHV/MMmYv64lNmO0Ey7pnLQp7+OWtoAAB8AcAABAAAAjAAA AFsAZQBkAGsAMgAtAHMAdABhAGcAaQBuAGcAXQBbAFAAQQBUAEMASABdACAAQgBhAHMAZQBUAG8A bwBsAHMALwBGAG0AbQB0ADoAIABFAG4AaABhAG4AYwBlACAAZgBvAHIAIABjAGgAZQBjAGsAIABp AG4AcAB1AHQAIABGAEQAIABzAGkAegBlAAAAHwA1EAEAAABaAAAAPABiADUAYgA2AGUAZQBkADAA MABlAGQANgA0ADUAOQA4ADkANwAzADAAMgAyAGEANgBlADgANwBkADMANQAxAGMAQABpAG4AdABl AGwALgBjAG8AbQA+AAAAAAADAN4/n04AAAMAExIAAAAAAgEAgBOP8kH0gxRBpYTu21prC/8BAAAA LgAAAEgAZQBhAGQAZQByAEIAbwBkAHkARgByAGEAZwBtAGUAbgB0AEwAaQBzAHQAAAAAAAEAAAAi AAAAAQAKAAAABAAAAAAAAAAUAAAAAAAAAAAAAAD/////AAAAAAAACwAAgBOP8kH0gxRBpYTu21pr C/8BAAAAHAAAAEgAYQBzAFEAdQBvAHQAZQBkAFQAZQB4AHQAAAAAAAAACwAAgBOP8kH0gxRBpYTu 21prC/8BAAAAKAAAAEkAcwBRAHUAbwB0AGUAZABUAGUAeAB0AEMAaABhAG4AZwBlAGQAAAAAAAAA QAAHMId4LlTQCNYBAgELAAEAAAAQAAAAFGRFj21VdUCNn022pQaEXQMAJgAAAAAACwAGDAAAAAAC ARAwAQAAAEYAAAAAAAAAdfNqJ9meSkubzHdMyrzYewcAR8ZEQsCMzUCJ3EO2teRrxAAAAHwrDwAA r/Jh2QOpYUWX1QvFnv9lIAAP2OUDmAAAAAACARMwAQAAABAAAAD+uJTZjtBMu6Zy0Ke/jlraAgEU MAEAAAAMAAAAkwAAAOMSnMlFAAAAHwD4PwEAAAAcAAAARgBlAG4AZwAsACAAWQB1AG4AaAB1AGEA WAAAAB8AIkABAAAABgAAAEUAWAAAAAAAHwAjQAEAAAC8AAAALwBPAD0ASQBOAFQARQBMAC8ATwBV AD0ARQBYAEMASABBAE4ARwBFACAAQQBEAE0ASQBOAEkAUwBUAFIAQQBUAEkAVgBFACAARwBSAE8A VQBQACAAKABGAFkARABJAEIATwBIAEYAMgAzAFMAUABEAEwAVAApAC8AQwBOAD0AUgBFAEMASQBQ AEkARQBOAFQAUwAvAEMATgA9AEYARQBOAEcALAAgAFkAVQBOAEgAVQBBAFgANABFADEAAAAfACRA AQAAAAYAAABFAFgAAAAAAB8AJUABAAAAvAAAAC8ATwA9AEkATgBUAEUATAAvAE8AVQA9AEUAWABD AEgAQQBOAEcARQAgAEEARABNAEkATgBJAFMAVABSAEEAVABJAFYARQAgAEcAUgBPAFUAUAAgACgA RgBZAEQASQBCAE8ASABGADIAMwBTAFAARABMAFQAKQAvAEMATgA9AFIARQBDAEkAUABJAEUATgBU AFMALwBDAE4APQBGAEUATgBHACwAIABZAFUATgBIAFUAQQBYADQARQAxAAAAHwAwQAEAAAAcAAAA RgBlAG4AZwAsACAAWQB1AG4AaAB1AGEAWAAAAB8AMUABAAAAHAAAAEYAZQBuAGcALAAgAFkAdQBu AGgAdQBhAFgAAAAfADhAAQAAABwAAABGAGUAbgBnACwAIABZAHUAbgBoAHUAYQBYAAAAHwA5QAEA AAAcAAAARgBlAG4AZwAsACAAWQB1AG4AaAB1AGEAWAAAAAMAWUAAAAAAAwBaQAAAAAADAAlZAQAA AB8ACl0BAAAALgAAAHkAdQBuAGgAdQBhAHgALgBmAGUAbgBnAEAAaQBuAHQAZQBsAC4AYwBvAG0A AAAAAB8AC10BAAAALgAAAHkAdQBuAGgAdQBhAHgALgBmAGUAbgBnAEAAaQBuAHQAZQBsAC4AYwBv AG0AAAAAAB8AAIAfpOszqHouQr57eeGpjlSzAQAAADgAAABDAG8AbgB2AGUAcgBzAGEAdABpAG8A bgBJAG4AZABlAHgAVAByAGEAYwBrAGkAbgBnAEUAeAAAAAEAAAAkAQAASQBJAD0AWwBDAEkARAA9 AGQAOQA5ADQAYgA4AGYAZQAtAGQAMAA4AGUALQBiAGIANABjAC0AYQA2ADcAMgAtAGQAMABhADcA YgBmADgAZQA1AGEAZABhADsASQBEAFgASABFAEEARAA9AEQANQBGAEMAQwAzADIANgA2ADIAOwBJ AEQAWABDAE8AVQBOAFQAPQAxAF0AOwBQAFMAPQBVAG4AawBuAG8AdwBuADsAVgBlAHIAcwBpAG8A bgA9AFYAZQByAHMAaQBvAG4AIAAxADUALgAxACAAKABCAHUAaQBsAGQAIAAxADcAMQAzAC4AMAAp ACwAIABTAHQAYQBnAGUAPQBIADQAOwBVAFAAPQAxADAAOwBEAFAAPQAxAEMANQAAAAsAAIAIIAYA AAAAAMAAAAAAAABGAAAAAIKFAAAAAAAAAwAAgAggBgAAAAAAwAAAAAAAAEYAAAAA64UAAAkEAAAD AA00/T8AAB8AAICGAwIAAAAAAMAAAAAAAABGAQAAACAAAAB4AC0AbQBzAC0AaABhAHMALQBhAHQA dABhAGMAaAAAAAEAAAACAAAAAAAAAB8AAICGAwIAAAAAAMAAAAAAAABGAQAAACIAAAB4AC0AbwBy AGkAZwBpAG4AYQB0AGkAbgBnAC0AaQBwAAAAAAABAAAAIAAAAFsAMQAwAC4AMgAzADkALgAxADIA NwAuADMANgBdAAAAhjw= --_000_b5b6eed00ed64598973022a6e87d351cintelcom_--