From 568dc4944f851c493047ef372f4c7969bbf47431 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 19 Oct 2017 13:45:58 -0400
Subject: [PATCH] shim: Improve the bounds checking of ImageAddress()

Make ImageAddress() directly check for overflow in its math.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 shim.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/shim.c b/shim.c
index 38cc452..e8401f8 100644
--- a/shim.c
+++ b/shim.c
@@ -50,6 +50,8 @@
 
 #include <Library/BaseCryptLib.h>
 
+#include <stdint.h>
+
 #define FALLBACK L"\\fb" EFI_ARCH L".efi"
 #define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
 
@@ -111,11 +113,17 @@ typedef struct {
 /*
  * Perform basic bounds checking of the intra-image pointers
  */
-static void *ImageAddress (void *image, unsigned int size, unsigned int address)
+static void *ImageAddress (void *image, uint64_t size, uint64_t address)
 {
+	/* ensure our local pointer isn't bigger than our size */
 	if (address > size)
 		return NULL;
 
+	/* Insure our math won't overflow */
+	if (UINT64_MAX - address < (uint64_t)image)
+		return NULL;
+
+	/* return the absolute pointer */
 	return image + address;
 }