Re: [edk2] [PATCH v2] SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySize

Tue, 23 Jun 2015 08:27:45 -0700 

>-----Original Message-----
>From: Liming Gao [mailto:liming....@intel.com]
>Sent: Tuesday, June 23, 2015 3:03 AM
>To: edk2-devel@lists.sourceforge.net
>Subject: [edk2] [PATCH v2] SecurityPkg: Fix wrong calculation of
>ImageExeInfoEntrySize
>
>Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to
>comment
>Signature field. So, its structure doesn't include Signature field. But,
>ImageExeInfoEntrySize uses its structure size minor Signature size. It

I think you mean "minus" in this commit message, not "minor".

Reviewed-by: Jaben Carsey <jaben.car...@intel.com>

>will be corrected in this change.
>
>Contributed-under: TianoCore Contribution Agreement 1.0
>Signed-off-by: Liming Gao <liming....@intel.com>
>Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
>---
> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 4
>++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git
>a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
>b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
>index d7e286b..3331b68 100644
>--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
>+++
>b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
>@@ -1,7 +1,7 @@
> /** @file
>-  Implement image verification services for secure boot service in UEFI2.3.1.
>+  Implement image verification services for secure boot service
>
>   Caution: This file requires additional review when modified.
>   This library will have external input - PE/COFF image.
>   This external input must be validated carefully to avoid security issue like
>   buffer overflow, integer overflow.
>@@ -767,11 +767,11 @@ AddImageExeInfo (
>     //
>     ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
>   }
>
>   DevicePathSize            = GetDevicePathSize (DevicePath);
>-  NewImageExeInfoEntrySize  = sizeof (EFI_IMAGE_EXECUTION_INFO) -
>sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize +
>SignatureSize;
>+  NewImageExeInfoEntrySize  = sizeof (EFI_IMAGE_EXECUTION_INFO) +
>NameStringLen + DevicePathSize + SignatureSize;
>   NewImageExeInfoTable      = (EFI_IMAGE_EXECUTION_INFO_TABLE *)
>AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
>   if (NewImageExeInfoTable == NULL) {
>     return ;
>   }
>
>--
>1.9.5.msysgit.0
>
>
>------------------------------------------------------------------------------
>Monitor 25 network devices or servers for free with OpManager!
>OpManager is web-based network management software that monitors
>network devices and physical & virtual servers, alerts via email & sms
>for fault. Monitor 25 devices for free with no restriction. Download now
>http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/edk2-devel

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to