Improve PE image bounds checking.

Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2013-10-03 17:04:45 -0400
committer: Peter Jones <pjones@redhat.com> 2013-10-03 17:04:45 -0400
commit: a3beb2a6f7b9ba6af08318355f66f3438770f15d (patch)
tree: b1106ef6fd46c7236dd6cb3345efb41737e63f03
parent: 0fb089ee14e92bd1f6909deaf4d32a926053edcd (diff)
download: efi-boot-shim-a3beb2a6f7b9ba6af08318355f66f3438770f15d.tar.gz
efi-boot-shim-a3beb2a6f7b9ba6af08318355f66f3438770f15d.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index 873fd2ed..ebd7f0dd 100644
--- a/shim.c
+++ b/shim.c
@@ -144,10 +144,18 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
 
 	Adjust = (UINT64)data - context->ImageAddress;
 
+	if (Adjust == 0)
+		return EFI_SUCCESS;
+
 	while (RelocBase < RelocBaseEnd) {
 		Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));
-		RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
 
+		if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {
+			Print(L"Reloc block size is invalid\n");
+			return EFI_UNSUPPORTED;
+		}
+
+		RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
 		if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) {
 			Print(L"Reloc entry overflows binary\n");
 			return EFI_UNSUPPORTED;
author	Peter Jones <pjones@redhat.com>	2013-10-03 17:04:45 -0400
committer	Peter Jones <pjones@redhat.com>	2013-10-03 17:04:45 -0400
commit	a3beb2a6f7b9ba6af08318355f66f3438770f15d (patch)
tree	b1106ef6fd46c7236dd6cb3345efb41737e63f03
parent	0fb089ee14e92bd1f6909deaf4d32a926053edcd (diff)
download	efi-boot-shim-a3beb2a6f7b9ba6af08318355f66f3438770f15d.tar.gz efi-boot-shim-a3beb2a6f7b9ba6af08318355f66f3438770f15d.zip