packages/edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-38796

Browse Source
This commit is contained in:
zhangxianting 2024-10-09 16:26:15 +08:00
parent d4f51e20dd
commit a95770f140
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
0102-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch Normal file
View File

@ -0,0 +1,32 @@
From c95233b8525ca6828921affd1496146cff262e65 Mon Sep 17 00:00:00 2001
From: Doug Flick <dougflick@microsoft.com>
Date: Fri, 27 Sep 2024 12:08:55 -0700
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 1102833..7fa4714 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -991,7 +991,7 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
RelocBase = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext,
RelocDir->VirtualAddress + RelocDir->Size - 1,
--
2.43.0

9
edk2.spec
View File

@ -5,7 +5,7 @@
Name: edk2 Name: edk2
Version: %{stable_date} Version: %{stable_date}
Release: 24 Release: 25
Summary: EFI Development Kit II Summary: EFI Development Kit II
License: BSD-2-Clause-Patent License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/edk2 URL: https://github.com/tianocore/edk2
@ -117,6 +117,10 @@ Patch0098: 0096-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch
Patch0099: 0097-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch Patch0099: 0097-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch
Patch0100: 0098-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch Patch0100: 0098-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch
Patch0101: 0099-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch Patch0101: 0099-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch
# Fix CVE-2024-38796
patch0102: 0102-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python2 BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python2
%description %description
@ -311,6 +315,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%endif %endif
%changelog %changelog
* Wed Oct 09 2024 zhangxianting <zhangxianting@uniontech.com> - 202002-25
- fix CVE-2024-38796
* Tue Sep 3 2024 shenyage<shenyage1@huawei.com> - 202002-24 * Tue Sep 3 2024 shenyage<shenyage1@huawei.com> - 202002-24
- fix CVE-2021-3712、CVE-2022-0778 - fix CVE-2021-3712、CVE-2022-0778