Re: [edk2] [PATCH 1/3] MdeModulePkg/PeiCore: Ensure FfsFileHeader 8 bytes aligned [CVE-2018-3630]

[Wang, Jian J]

Reviewed-by: Jian J Wang 


> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jian J
> Wang
> Sent: Wednesday, February 27, 2019 12:04 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A ; Yao, Jiewen ;
> Gao, Liming ; Zeng, Star 
> Subject: [edk2] [PATCH 1/3] MdeModulePkg/PeiCore: Ensure FfsFileHeader 8
> bytes aligned [CVE-2018-3630]
> 
> From: Star Zeng 
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=864
> 
> To follow PI spec, ensure FfsFileHeader 8 bytes aligned.
> 
> Current code only handles (FwVolHeader->ExtHeaderOffset != 0) path,
> update code to also handle (FwVolHeader->ExtHeaderOffset == 0) path.
> 
> Cc: Jiewen Yao 
> Cc: Liming Gao 
> Cc: Jian J Wang 
> Cc: Hao Wu 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Star Zeng 
> ---
>  MdeModulePkg/Core/Pei/FwVol/FwVol.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.c
> b/MdeModulePkg/Core/Pei/FwVol/FwVol.c
> index 0a67b96bf1..56440eacf0 100644
> --- a/MdeModulePkg/Core/Pei/FwVol/FwVol.c
> +++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.c
> @@ -2,7 +2,7 @@
>Pei Core Firmware File System service routines.
> 
>  Copyright (c) 2015 HP Development Company, L.P.
> -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD
> License
>  which accompanies this distribution.  The full text of the license may be 
> found
> at
> @@ -316,10 +316,10 @@ FindFileEx (
>//
>FwVolExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINT8 *)
> FwVolHeader + FwVolHeader->ExtHeaderOffset);
>FfsFileHeader = (EFI_FFS_FILE_HEADER *) ((UINT8 *) FwVolExtHeader +
> FwVolExtHeader->ExtHeaderSize);
> -  FfsFileHeader = (EFI_FFS_FILE_HEADER *) ALIGN_POINTER (FfsFileHeader, 
> 8);
>  } else {
>FfsFileHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *) FwVolHeader +
> FwVolHeader->HeaderLength);
>  }
> +FfsFileHeader = (EFI_FFS_FILE_HEADER *) ALIGN_POINTER (FfsFileHeader, 8);
>} else {
>  if (IS_FFS_FILE2 (*FileHeader)) {
>if (!IsFfs3Fv) {
> --
> 2.17.1.windows.2
> 
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH 1/3] MdeModulePkg/PeiCore: Ensure FfsFileHeader 8 bytes aligned [CVE-2018-3630]

[Jian J Wang]

From: Star Zeng 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=864

To follow PI spec, ensure FfsFileHeader 8 bytes aligned.

Current code only handles (FwVolHeader->ExtHeaderOffset != 0) path,
update code to also handle (FwVolHeader->ExtHeaderOffset == 0) path.

Cc: Jiewen Yao 
Cc: Liming Gao 
Cc: Jian J Wang 
Cc: Hao Wu 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng 
---
 MdeModulePkg/Core/Pei/FwVol/FwVol.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.c 
b/MdeModulePkg/Core/Pei/FwVol/FwVol.c
index 0a67b96bf1..56440eacf0 100644
--- a/MdeModulePkg/Core/Pei/FwVol/FwVol.c
+++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.c
@@ -2,7 +2,7 @@
   Pei Core Firmware File System service routines.
 
 Copyright (c) 2015 HP Development Company, L.P.
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -316,10 +316,10 @@ FindFileEx (
   //
   FwVolExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINT8 *) 
FwVolHeader + FwVolHeader->ExtHeaderOffset);
   FfsFileHeader = (EFI_FFS_FILE_HEADER *) ((UINT8 *) FwVolExtHeader + 
FwVolExtHeader->ExtHeaderSize);
-  FfsFileHeader = (EFI_FFS_FILE_HEADER *) ALIGN_POINTER (FfsFileHeader, 8);
 } else {
   FfsFileHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *) FwVolHeader + 
FwVolHeader->HeaderLength);
 }
+FfsFileHeader = (EFI_FFS_FILE_HEADER *) ALIGN_POINTER (FfsFileHeader, 8);
   } else {
 if (IS_FFS_FILE2 (*FileHeader)) {
   if (!IsFfs3Fv) {
-- 
2.17.1.windows.2

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel