From: Ceping Sun <cepingx....@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4604
Fields of NumberOfPartitionEntries and SizeOfPartitionEntry in
PrimaryHeader are both UINT32. UINT32 * UINT32 produce UINT32
but it may overflow. So The result should be checked if it is
overflow.
Cc: Jiewen Yao <jiewen....@intel.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Signed-off-by: Ceping Sun <cepingx....@intel.com>
---
.../Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
index 36a256a7af50..1f891ae7f216 100644
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@@ -210,6 +210,11 @@ Tcg2MeasureGptTable (
return EFI_BAD_BUFFER_SIZE;
}
+ if (PrimaryHeader->NumberOfPartitionEntries > MAX_UINT32 /
PrimaryHeader->SizeOfPartitionEntry) {
+ DEBUG ((DEBUG_ERROR, "Overflow of
PrimaryHeader->NumberOfPartitionEntries(%d) *
PrimaryHeader->SizeOfPartitionEntry(%d)\n",
PrimaryHeader->NumberOfPartitionEntries, PrimaryHeader->SizeOfPartitionEntry));
+ return EFI_INVALID_PARAMETER;
+ }
+
//
// Read the partition entry.
//
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111710): https://edk2.groups.io/g/devel/message/111710
Mute This Topic: https://groups.io/mt/102820849/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
