From patchwork Tue Feb  9 06:21:50 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Asherah Connor <ashe@kivikakk.ee>
X-Patchwork-Id: 1438312
X-Patchwork-Delegate: xypron.glpk@gmx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=kivikakk.ee header.i=@kivikakk.ee header.a=rsa-sha256
 header.s=fm3 header.b=2ivXkSQ/;
	dkim=pass (2048-bit key;
 unprotected) header.d=messagingengine.com header.i=@messagingengine.com
 header.a=rsa-sha256 header.s=fm2 header.b=XbtDi8oL;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DZhZk01Pxz9sVb
	for <incoming@patchwork.ozlabs.org>; Tue,  9 Feb 2021 23:11:32 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id DB106829F8;
	Tue,  9 Feb 2021 13:11:17 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=kivikakk.ee
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=kivikakk.ee header.i=@kivikakk.ee header.b="2ivXkSQ/";
	dkim=pass (2048-bit key;
 unprotected) header.d=messagingengine.com header.i=@messagingengine.com
 header.b="XbtDi8oL";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 74622829C6; Tue,  9 Feb 2021 07:21:58 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=ham
 autolearn_force=no version=3.4.2
Received: from wnew1-smtp.messagingengine.com (wnew1-smtp.messagingengine.com
 [64.147.123.26])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 9DEC2829B9
 for <u-boot@lists.denx.de>; Tue,  9 Feb 2021 07:21:55 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=kivikakk.ee
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ashe@kivikakk.ee
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailnew.west.internal (Postfix) with ESMTP id 929EC9D0
 for <u-boot@lists.denx.de>; Tue,  9 Feb 2021 01:21:53 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Tue, 09 Feb 2021 01:21:53 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kivikakk.ee; h=
 date:from:to:subject:message-id:mime-version:content-type; s=
 fm3; bh=7qo0JYChiygpj2O9khdCe4OL6IYuR/jhIPpQp+ryEtQ=; b=2ivXkSQ/
 fBaynqhlaFj7OD+nKocdl0TPaWTfaFE2bsk1GxFPJ2tFmT+YqoH15r8ytQNPTssp
 EverVGUHTR+Jw62eEKfI1b95+f0H44+cUIV6d8I1OmhtvSi46jWQoqczi9mnYMYu
 zs26NC2p5OP0l/DaQTbgQZt9XI1BG52FbsG7vM5yUCzHROpZCDy+PIUDV6YfrzLk
 oVd/NiYnJEtx19gBrOCBtA3K2aXmmXp9VjIQQC3RtC8+oA6zAEjqQqSv4pAi7b7I
 Grgmw5OtAFenWx/iX1S1gGpWVYKvPUNJNL+KRucDyUtEJeCe0L7Eb66XTCwY3Gqf
 H2WjasIGX3BquA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm2; bh=7qo0JYChiygpj2O9khdCe4OL6IYuR
 /jhIPpQp+ryEtQ=; b=XbtDi8oLNgDcOx3a34Nl6qZq1AUDa63WbWaQSDAICRr4N
 BrTwxTLGOwPeICrmoVF4o/P1OyEsRbbCIECS/pJ0eSQNw9bThrTHaBfej5K+bhDs
 TkKy2hPObCPUNA85gJ1LPoPEBRVjQDB0I79LKPAriWi9PbX/JjQ4Wb97RVYg/I6A
 F5U1WWPprWe1QKRAFe24gUO4qf8s08BMAKWHXiJ5lfcbkRO1J4T4o2oM77jzv9/v
 rJNhmOFbnpkHH/1hJxG1Awcc3svbA5kBOjLOX0CchzyXE4jtbL098SDErqKIApzC
 M2ICcLvX9OaDFYCUejUHCmwZYFEc1JMawFVzj0SgQ==
X-ME-Sender: <xms:ACoiYLkARPZwxQWkqWNAJUm2CZd9rtZJxn1QC4eE-QWGZVjnKYkdjg>
 <xme:ACoiYO2gHFTvBsh03CBW97VjvN4161IrQZbMFT_MDKbXOBx4e_Gia2BuPkAeK1_AK
 73TYJdN1Ju_nWiP3rY>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeduledrheeggdelhecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehttdertddttd
 dvnecuhfhrohhmpeetshhhvghrrghhucevohhnnhhorhcuoegrshhhvgeskhhivhhikhgr
 khhkrdgvvgeqnecuggftrfgrthhtvghrnhepueeujeeugedvjeekteffgeelfeejjeethf
 fffeegieehvdeitdekieeuhfegffegnecukfhppedufedrjeefrddvtdeirdeiudenucev
 lhhushhtvghrufhiiigvpedunecurfgrrhgrmhepmhgrihhlfhhrohhmpegrshhhvgeskh
 hivhhikhgrkhhkrdgvvg
X-ME-Proxy: <xmx:ASoiYBrLoWAGy0WgQ4ZxxeOusRIyVongivXyukxG8ytE2I2pkMUYrg>
 <xmx:ASoiYDlCOI6aRB5KMlc5Caf0ibf9Uo3MxKZLUnEvU29gcXGlsy3M9w>
 <xmx:ASoiYJ0sQ9BhwJjkiFameAX19KagbSHyyypnQFTw6f39TwUW1sGrhA>
 <xmx:ASoiYKBpRInJPl994dGzv5zMWw3x95HXTw1Czu5wmp6S2DGbt0wAgcnn6uM>
Received: from talia.n4wrvuuuhszuhem3na2pm5saea.px.internal.cloudapp.net
 (talia.hrzn.ee [13.73.206.61])
 by mail.messagingengine.com (Postfix) with ESMTPA id 43876108005C
 for <u-boot@lists.denx.de>; Tue,  9 Feb 2021 01:21:52 -0500 (EST)
Date: Tue, 9 Feb 2021 06:21:50 +0000
From: Asherah Connor <ashe@kivikakk.ee>
To: u-boot@lists.denx.de
Subject: [PATCH] efi_loader: don't load beyond VirtualSize
Message-ID: 
 <20210209062150.mmshhxissljf6fak@talia.n4wrvuuuhszuhem3na2pm5saea.px.internal.cloudapp.net>
MIME-Version: 1.0
Content-Disposition: inline
X-Mailman-Approved-At: Tue, 09 Feb 2021 13:11:16 +0100
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

PE section table entries' SizeOfRawData must be a multiple of
FileAlignment, and thus may be rounded up and larger than their
VirtualSize.

We should not load beyond the VirtualSize, which is "the total size of
the section when loaded into memory" -- we may clobber real data at the
target in some other section, since we load sections in reverse order
and sections are usually laid out sequentially.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_image_loader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index d4dd9e9433..f53ef367ec 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -843,7 +843,7 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
 		       sec->Misc.VirtualSize);
 		memcpy(efi_reloc + sec->VirtualAddress,
 		       efi + sec->PointerToRawData,
-		       sec->SizeOfRawData);
+		       min(sec->Misc.VirtualSize, sec->SizeOfRawData));
 	}
 
 	/* Run through relocations */