SBAT: parse a copy of the table that's got a NUL at the end

Right now we allocate the PE file's contents in RW memory, but hopefully that won't always be the case. Our SBAT parsing, however, very much expects to be able to edit it. We also don't actually know that shim's .sbat section is loaded r/w, so we can't necessarily write there. This patch copies the SBAT data to its own buffer, plus one NUL byte at the end, so we can always be sure that will work. Signed-off-by: Peter Jones <pjones@redhat.com>
2025-11-06 12:55:24 +00:00 · 2021-02-09 20:02:26 -05:00 · 2021-02-09 20:02:26 -05:00 · 6b8ef61a1a
commit 6b8ef61a1a
parent ee8f7ed332
1 changed files with 13 additions and 1 deletions
--- a/pe.c
+++ b/pe.c
@ -1045,7 +1045,19 @@ handle_image (void *data, unsigned int datasize,
 		struct sbat_entry *entry = NULL;

 		if (SBATBase && SBATSize) {
-			res = parse_sbat(SBATBase, SBATSize, buffer, &sbat);
+			char *sbat_data;
+			size_t sbat_size;
+
+			sbat_size = SBATSize + 1;
+			sbat_data = AllocatePool(sbat_size);
+			if (!sbat_data) {
+				console_print(L"Failed to allocate SBAT buffer\n");
+				return EFI_OUT_OF_RESOURCES;
+			}
+			CopyMem(sbat_data, SBATBase, SBATSize);
+			sbat_data[SBATSize] = '\0';
+
+			res = parse_sbat(sbat_data, sbat_size, buffer, &sbat);
 			if (res < 0) {
 				console_print(L"SBAT data not correct: %r\n", res);
 				return EFI_UNSUPPORTED;