View | Details | Raw Unified | Return to bug 1215100
Collapse All | Expand All

(-)a/pe.c (-1 / +5 lines)
Lines 355-361 verify_sbat_section(char *SBATBase, size_t SBATSize) Link Here
355 
		return in_protocol ? EFI_SUCCESS : EFI_SECURITY_VIOLATION;
 355 
		return in_protocol ? EFI_SUCCESS : EFI_SECURITY_VIOLATION;
356 
	}
 356 
	}
357 

          357
          

        

          
            

              358
              
	sbat_size = SBATSize + 1;


              358
              
	if (checked_add(SBATSize, 1, &sbat_size)) {

            

            

              
              

              359
              
		dprint(L"SBATSize + 1 would overflow\n");

            

            


              360
              
		return EFI_SECURITY_VIOLATION;

            

            


              361
              
	}

            

            


              362
              

            

        

          359
          
	sbat_data = AllocatePool(sbat_size);

          363
          
	sbat_data = AllocatePool(sbat_size);

        

        

          360
          
	if (!sbat_data) {

          364
          
	if (!sbat_data) {

        

        

          361
          
		console_print(L"Failed to allocate .sbat section buffer\n");

          365
          
		console_print(L"Failed to allocate .sbat section buffer\n");

        



(-)a/shim.c
      (-1 / +6 lines)




  

    
      
            Lines 743-753
          verify_buffer_sbat (char *data, int datasize,
      
      
        Link Here
      
    
  

        

          743
          
		 * and ignore the section if it isn't. */

          743
          
		 * and ignore the section if it isn't. */

        

        

          744
          
		if (Section->SizeOfRawData &&

          744
          
		if (Section->SizeOfRawData &&

        

        

          745
          
		    Section->SizeOfRawData >= Section->Misc.VirtualSize) {

          745
          
		    Section->SizeOfRawData >= Section->Misc.VirtualSize) {

        

            

              
              
              746
              
			uint64_t boundary;

            

        

          746
          
			SBATBase = ImageAddress(data, datasize,

          747
          
			SBATBase = ImageAddress(data, datasize,

        

        

          747
          
						Section->PointerToRawData);

          748
          
						Section->PointerToRawData);

        

        

          748
          
			SBATSize = Section->SizeOfRawData;

          749
          
			SBATSize = Section->SizeOfRawData;

        

        

          749
          
			dprint(L"sbat section base:0x%lx size:0x%lx\n",

          750
          
			dprint(L"sbat section base:0x%lx size:0x%lx\n",

        

        

          750
          
			       SBATBase, SBATSize);

          751
          
			       SBATBase, SBATSize);

        

            

              
              
              752
              
			if (checked_add((uint64_t)SBATBase, SBATSize, &boundary) ||

            

            

              753
              
			    (boundary > (uint64_t)data + datasize)) {

            

            

              754
              
				perror(L"Section exceeds bounds of image\n");

            

            

              755
              
				return EFI_UNSUPPORTED;

            

            

              756
              
			}

            

        

          751
          
		}

          757
          
		}

        

        

          752
          
	}

          758
          
	}

        

        

          753
          

          759
          

        

            

              754
              
- 

              
              
            






  

  Return to bug 1215100