proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-16 02:01:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

shim: Improve the bounds checking of ImageAddress()

Browse Source 
Make ImageAddress() directly check for overflow in its math.

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2017-10-19 13:45:58 -04:00 committed by Peter Jones
parent 91e5f5324e
commit 568dc4944f
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
shim.c
View File

@ -50,6 +50,8 @@
#include <Library/BaseCryptLib.h> #include <Library/BaseCryptLib.h>
#include <stdint.h>
#define FALLBACK L"\\fb" EFI_ARCH L".efi" #define FALLBACK L"\\fb" EFI_ARCH L".efi"
#define MOK_MANAGER L"\\mm" EFI_ARCH L".efi" #define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
@ -111,11 +113,17 @@ typedef struct {
/* /*
* Perform basic bounds checking of the intra-image pointers * Perform basic bounds checking of the intra-image pointers
*/ */
static void *ImageAddress (void *image, unsigned int size, unsigned int address) static void *ImageAddress (void *image, uint64_t size, uint64_t address)
{ {
/* ensure our local pointer isn't bigger than our size */
if (address > size) if (address > size)
return NULL; return NULL;
/* Insure our math won't overflow */
if (UINT64_MAX - address < (uint64_t)image)
return NULL;
/* return the absolute pointer */
return image + address; return image + address;
} }