On 2026-05-27T06:29:36, Heinrich Schuchardt <[email protected]> wrote: > efi_loader: validate PE-COFF relocation data > > When applying base relocations from a PE-COFF binary all data must > be treated as untrusted. Add the following checks to > efi_loader_relocate(): > > * Reject relocation blocks that don't start on a 32-bit aligned > address. > * Reject relocation blocks whose SizeOfBlock is smaller than the > block header, which would cause an unsigned underflow when computing > the entry count. > * A block with SizeOfBlock == 0 is invalid and does not mark the end of > the relocation table. > * Reject relocation blocks that extend beyond the end of the > relocation section. > * Reject individual relocation entries whose target offset, together > with the access width, exceeds the mapped image size, preventing > out-of-bounds writes. > > Pass virt_size to efi_loader_relocate() from efi_load_pe() to enable > [...] > > lib/efi_loader/efi_image_loader.c | 85 ++++++++++++++++++++++++++++++++++----- > 1 file changed, 74 insertions(+), 11 deletions(-)
Reviewed-by: Simon Glass <[email protected]>
