fix CVE-2024-38796
This commit is contained in:
zhangxianting
parent
d4f51e20dd
commit
a95770f140
32
0102-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
Normal file
32
0102-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From c95233b8525ca6828921affd1496146cff262e65 Mon Sep 17 00:00:00 2001
|
||||
From: Doug Flick <dougflick@microsoft.com>
|
||||
Date: Fri, 27 Sep 2024 12:08:55 -0700
|
||||
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
|
||||
|
||||
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
|
||||
also a UINT32 value. The current code does not check for overflow when
|
||||
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
|
||||
check to ensure that the addition does not overflow.
|
||||
|
||||
Signed-off-by: Doug Flick <dougflick@microsoft.com>
|
||||
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
|
||||
---
|
||||
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||
index 1102833..7fa4714 100644
|
||||
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||
@@ -991,7 +991,7 @@ PeCoffLoaderRelocateImage (
|
||||
RelocDir = &Hdr.Te->DataDirectory[0];
|
||||
}
|
||||
|
||||
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
|
||||
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
|
||||
RelocBase = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
|
||||
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext,
|
||||
RelocDir->VirtualAddress + RelocDir->Size - 1,
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
Name: edk2
|
||||
Version: %{stable_date}
|
||||
Release: 24
|
||||
Release: 25
|
||||
Summary: EFI Development Kit II
|
||||
License: BSD-2-Clause-Patent
|
||||
URL: https://github.com/tianocore/edk2
|
||||
@ -117,6 +117,10 @@ Patch0098: 0096-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch
|
||||
Patch0099: 0097-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch
|
||||
Patch0100: 0098-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch
|
||||
Patch0101: 0099-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch
|
||||
|
||||
# Fix CVE-2024-38796
|
||||
patch0102: 0102-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
|
||||
|
||||
BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python2
|
||||
|
||||
%description
|
||||
@ -311,6 +315,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 09 2024 zhangxianting <zhangxianting@uniontech.com> - 202002-25
|
||||
- fix CVE-2024-38796
|
||||
|
||||
* Tue Sep 3 2024 shenyage<shenyage1@huawei.com> - 202002-24
|
||||
- fix CVE-2021-3712、CVE-2022-0778
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user