Discussion:
[edk2] [Patch] SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySize
Liming Gao
2015-06-19 02:45:29 UTC
Permalink
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment
Signature field. So, its structure doesn't include Signature field. But,
ImageExeInfoEntrySize uses its structure size minor Signature size. It
will be corrected in this change.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <***@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index d7e286b..ff2184b 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -767,11 +767,11 @@ AddImageExeInfo (
//
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
}

DevicePathSize = GetDevicePathSize (DevicePath);
- NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) - sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize + SignatureSize;
+ NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
return ;
}
--
1.9.5.msysgit.0


------------------------------------------------------------------------------
Zhang, Chao B
2015-06-23 07:27:17 UTC
Permalink
Hi Limingļ¼š
Please also remove UEFI spec version in license header. Others are good to me
Reviewed-by: Chao Zhang <***@intel.com>




Thanks & Best regards
Chao Zhang

-----Original Message-----
From: Liming Gao [mailto:***@intel.com]
Sent: Friday, June 19, 2015 10:45 AM
To: edk2-***@lists.sourceforge.net
Subject: [edk2] [Patch] SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySize

Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment Signature field. So, its structure doesn't include Signature field. But, ImageExeInfoEntrySize uses its structure size minor Signature size. It will be corrected in this change.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <***@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index d7e286b..ff2184b 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLi
+++ b.c
@@ -767,11 +767,11 @@ AddImageExeInfo (
//
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
}

DevicePathSize = GetDevicePathSize (DevicePath);
- NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) - sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize + SignatureSize;
+ NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) +
+ NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
return ;
}
--
1.9.5.msysgit.0


------------------------------------------------------------------------------
_______________________________________________
edk2-devel mailing list
edk2-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
Liming Gao
2015-06-23 10:02:37 UTC
Permalink
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment
Signature field. So, its structure doesn't include Signature field. But,
ImageExeInfoEntrySize uses its structure size minor Signature size. It
will be corrected in this change.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <***@intel.com>
Reviewed-by: Chao Zhang <***@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index d7e286b..3331b68 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1,7 +1,7 @@
/** @file
- Implement image verification services for secure boot service in UEFI2.3.1.
+ Implement image verification services for secure boot service

Caution: This file requires additional review when modified.
This library will have external input - PE/COFF image.
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
@@ -767,11 +767,11 @@ AddImageExeInfo (
//
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
}

DevicePathSize = GetDevicePathSize (DevicePath);
- NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) - sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize + SignatureSize;
+ NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
return ;
}
--
1.9.5.msysgit.0
Carsey, Jaben
2015-06-23 15:24:21 UTC
Permalink
Post by Zhang, Chao B
-----Original Message-----
Sent: Tuesday, June 23, 2015 3:03 AM
Subject: [edk2] [PATCH v2] SecurityPkg: Fix wrong calculation of
ImageExeInfoEntrySize
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to
comment
Signature field. So, its structure doesn't include Signature field. But,
ImageExeInfoEntrySize uses its structure size minor Signature size. It
I think you mean "minus" in this commit message, not "minor".
Post by Zhang, Chao B
will be corrected in this change.
Contributed-under: TianoCore Contribution Agreement 1.0
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index d7e286b..3331b68 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1,7 +1,7 @@
- Implement image verification services for secure boot service in UEFI2.3.1.
+ Implement image verification services for secure boot service
Caution: This file requires additional review when modified.
This library will have external input - PE/COFF image.
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
@@ -767,11 +767,11 @@ AddImageExeInfo (
//
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
}
DevicePathSize = GetDevicePathSize (DevicePath);
- NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) -
sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize +
SignatureSize;
+ NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) +
NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)
AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
return ;
}
--
1.9.5.msysgit.0
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-devel mailing list
https://lists.sourceforge.net/lists/listinfo/edk2-devel
Gao, Liming
2015-06-24 01:17:29 UTC
Permalink
Right. Good catch. I will correct it.

-----Original Message-----
From: Carsey, Jaben [mailto:***@intel.com]
Sent: Tuesday, June 23, 2015 11:24 PM
To: edk2-***@lists.sourceforge.net
Subject: Re: [edk2] [PATCH v2] SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySize
Post by Zhang, Chao B
-----Original Message-----
Sent: Tuesday, June 23, 2015 3:03 AM
Subject: [edk2] [PATCH v2] SecurityPkg: Fix wrong calculation of
ImageExeInfoEntrySize
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment
Signature field. So, its structure doesn't include Signature field.
But, ImageExeInfoEntrySize uses its structure size minor Signature
size. It
I think you mean "minus" in this commit message, not "minor".
Post by Zhang, Chao B
will be corrected in this change.
Contributed-under: TianoCore Contribution Agreement 1.0
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
| 4
++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index d7e286b..3331b68 100644
---
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1,7 +1,7 @@
- Implement image verification services for secure boot service in UEFI2.3.1.
+ Implement image verification services for secure boot service
Caution: This file requires additional review when modified.
This library will have external input - PE/COFF image.
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
@@ -767,11 +767,11 @@ AddImageExeInfo (
//
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
}
DevicePathSize = GetDevicePathSize (DevicePath);
- NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) -
sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize +
SignatureSize;
+ NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) +
NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)
AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
return ;
}
--
1.9.5.msysgit.0
-----------------------------------------------------------------------
------- Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download
now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-devel mailing list
https://lists.sourceforge.net/lists/listinfo/edk2-devel
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-devel mailing list
edk2-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Loading...