Import from CS git
This commit is contained in:
parent
ea4b384111
commit
61ac0805fb
@ -0,0 +1,63 @@
|
|||||||
|
From 30da4837584643c637eea751dbb01e0718fa764d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Mon, 21 Oct 2024 14:45:37 -0400
|
||||||
|
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 96: MdePkg: Fix overflow issue in BasePeCoffLib
|
||||||
|
RH-Jira: RHEL-60830
|
||||||
|
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||||
|
RH-Commit: [1/1] 5406406ac2711215ec2bd3d9c1a2e6bb268dda38 (jmaloy/jons_fork)
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-60830
|
||||||
|
CVE: CVE-2024-38796
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit c95233b8525ca6828921affd1496146cff262e65
|
||||||
|
Author: Doug Flick <dougflick@microsoft.com>
|
||||||
|
Date: Fri Sep 27 12:08:55 2024 -0700
|
||||||
|
|
||||||
|
MdePkg: Fix overflow issue in BasePeCoffLib
|
||||||
|
|
||||||
|
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
|
||||||
|
also a UINT32 value. The current code does not check for overflow when
|
||||||
|
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
|
||||||
|
check to ensure that the addition does not overflow.
|
||||||
|
|
||||||
|
Signed-off-by: Doug Flick <dougflick@microsoft.com>
|
||||||
|
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 15 ++++++++-------
|
||||||
|
1 file changed, 8 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||||
|
index 1102833b94..6b1ccc7217 100644
|
||||||
|
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||||
|
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
|
||||||
|
@@ -991,13 +991,14 @@ PeCoffLoaderRelocateImage (
|
||||||
|
RelocDir = &Hdr.Te->DataDirectory[0];
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
|
||||||
|
- RelocBase = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
|
||||||
|
- RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext,
|
||||||
|
- RelocDir->VirtualAddress + RelocDir->Size - 1,
|
||||||
|
- TeStrippedOffset
|
||||||
|
- );
|
||||||
|
- if (RelocBase == NULL || RelocBaseEnd == NULL || (UINTN) RelocBaseEnd < (UINTN) RelocBase) {
|
||||||
|
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
|
||||||
|
+ RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
|
||||||
|
+ RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
|
||||||
|
+ ImageContext,
|
||||||
|
+ RelocDir->VirtualAddress + RelocDir->Size - 1,
|
||||||
|
+ TeStrippedOffset
|
||||||
|
+ );
|
||||||
|
+ if ((RelocBase == NULL) || (RelocBaseEnd == NULL) || ((UINTN)RelocBaseEnd < (UINTN)RelocBase)) {
|
||||||
|
ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
|
||||||
|
return RETURN_LOAD_ERROR;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64
|
|||||||
|
|
||||||
Name: edk2
|
Name: edk2
|
||||||
Version: %{GITDATE}git%{GITCOMMIT}
|
Version: %{GITDATE}git%{GITCOMMIT}
|
||||||
Release: 13%{?dist}.3
|
Release: 13%{?dist}.4
|
||||||
Summary: UEFI firmware for 64-bit virtual machines
|
Summary: UEFI firmware for 64-bit virtual machines
|
||||||
Group: Applications/Emulators
|
Group: Applications/Emulators
|
||||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||||
@ -386,6 +386,8 @@ Patch114: edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
|
|||||||
Patch115: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
|
Patch115: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
|
||||||
# For RHEL-53009 - No http boot support on edk2-ovmf-20231122-6.el9_4.2 [rhel-8.10.z]
|
# For RHEL-53009 - No http boot support on edk2-ovmf-20231122-6.el9_4.2 [rhel-8.10.z]
|
||||||
Patch116: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
|
Patch116: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
|
||||||
|
# For RHEL-60830 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z]
|
||||||
|
Patch117: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
|
||||||
|
|
||||||
|
|
||||||
# python3-devel and libuuid-devel are required for building tools.
|
# python3-devel and libuuid-devel are required for building tools.
|
||||||
@ -832,6 +834,11 @@ true
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 29 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.4
|
||||||
|
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60830]
|
||||||
|
- Resolves: RHEL-60830
|
||||||
|
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-8.10.z])
|
||||||
|
|
||||||
* Mon Aug 26 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.3
|
* Mon Aug 26 2024 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-13.el8.3
|
||||||
- edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-53009]
|
- edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-53009]
|
||||||
- Resolves: RHEL-53009
|
- Resolves: RHEL-53009
|
||||||
|
Loading…
Reference in New Issue
Block a user