diff options
| author | Chris Coulson <chris.coulson@canonical.com> | 2022-05-03 15:41:00 +0200 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2022-05-24 16:28:35 -0400 |
| commit | e99bdbb827a50cde019393d3ca1e89397db221a7 (patch) | |
| tree | 2394f33a580cebc6f9e2093bb23fc46096b612f2 /Cryptlib/opensslconf-diff.patch | |
| parent | 77144e5a404df89b45941bfc54fd2f59e0ee607b (diff) | |
| download | efi-boot-shim-e99bdbb827a50cde019393d3ca1e89397db221a7.tar.gz efi-boot-shim-e99bdbb827a50cde019393d3ca1e89397db221a7.zip | |
pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
During image loading, the size of the destination buffer for the image
is determined by the SizeOfImage field in the optional header. The start
and end virtual addresses of each section, as determined by each section's
VirtualAddress and VirtualSize fields, are bounds checked against the
allocated buffer. However, the amount of data copied to the destination
buffer is determined by the section's SizeOfRawData filed. If this is
larger than the VirtualSize, then the copy can overflow the destination
buffer.
Fix this by limiting the amount of data to copy to the section's
VirtualSize. In the case where a section has SizeOfRawData > VirtualSize,
the excess data is discarded.
This fixes CVE-2022-28737
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Diffstat (limited to 'Cryptlib/opensslconf-diff.patch')
0 files changed, 0 insertions, 0 deletions