5 files changed, 15 insertions, 10 deletions

diff --git a/fuzz-pe-relocate.c b/fuzz-pe-relocate.c
index 1f62234d..09d38331 100644
--- a/fuzz-pe-relocate.c
+++ b/fuzz-pe-relocate.c
@@ -28,7 +28,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	memcpy(data_copy, data, size);
 	data_copy[size] = 0;
 
-	status = read_header(data_copy, size, &context);
+	status = read_header(data_copy, size, &context, true);
 
 	free(data_copy);
 
diff --git a/include/pe.h b/include/pe.h
index 9ea9eb44..a1eb8853 100644
--- a/include/pe.h
+++ b/include/pe.h
@@ -12,7 +12,8 @@ ImageAddress (void *image, uint64_t size, uint64_t address);
 
 EFI_STATUS
 read_header(void *data, unsigned int datasize,
-	    PE_COFF_LOADER_IMAGE_CONTEXT *context);
+	    PE_COFF_LOADER_IMAGE_CONTEXT *context,
+	    bool check_secdir);
 
 EFI_STATUS verify_image(void *data, unsigned int datasize,
 			EFI_LOADED_IMAGE *li,
diff --git a/pe-relocate.c b/pe-relocate.c
index bde71729..b436d3ec 100644
--- a/pe-relocate.c
+++ b/pe-relocate.c
@@ -368,7 +368,8 @@ image_is_loadable(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr)
  */
 EFI_STATUS
 read_header(void *data, unsigned int datasize,
-	    PE_COFF_LOADER_IMAGE_CONTEXT *context)
+	    PE_COFF_LOADER_IMAGE_CONTEXT *context,
+	    bool check_secdir)
 {
 	EFI_IMAGE_DOS_HEADER *DosHdr = data;
 	EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data;
@@ -542,9 +543,12 @@ read_header(void *data, unsigned int datasize,
 		return EFI_UNSUPPORTED;
 	}
 
-	if (context->SecDir->VirtualAddress > datasize ||
-	    (context->SecDir->VirtualAddress == datasize &&
-	     context->SecDir->Size > 0)) {
+	if (check_secdir &&
+	    (context->SecDir->VirtualAddress > datasize ||
+	     (context->SecDir->VirtualAddress == datasize &&
+	      context->SecDir->Size > 0))) {
+		dprint(L"context->SecDir->VirtualAddress:0x%llx context->SecDir->Size:0x%llx datasize:0x%llx\n",
+		       context->SecDir->VirtualAddress, context->SecDir->Size, datasize);
 		perror(L"Malformed security header\n");
 		return EFI_INVALID_PARAMETER;
 	}
diff --git a/pe.c b/pe.c
index 40812bb7..d785c44e 100644
--- a/pe.c
+++ b/pe.c
@@ -406,7 +406,7 @@ EFI_STATUS verify_image(void *data, unsigned int datasize,
 	/*
 	 * The binary header contains relevant context and section pointers
 	 */
-	efi_status = read_header(data, datasize, context);
+	efi_status = read_header(data, datasize, context, true);
 	if (EFI_ERROR(efi_status)) {
 		perror(L"Failed to read header: %r\n", efi_status);
 		return efi_status;
@@ -482,7 +482,7 @@ handle_image (void *data, unsigned int datasize,
 	/*
 	 * The binary header contains relevant context and section pointers
 	 */
-	efi_status = read_header(data, datasize, &context);
+	efi_status = read_header(data, datasize, &context, true);
 	if (EFI_ERROR(efi_status)) {
 		perror(L"Failed to read header: %r\n", efi_status);
 		return efi_status;
diff --git a/shim.c b/shim.c
index 6afb35c5..9efbde11 100644
--- a/shim.c
+++ b/shim.c
@@ -961,7 +961,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
 
 	in_protocol = 1;
 
-	efi_status = read_header(buffer, size, &context);
+	efi_status = read_header(buffer, size, &context, true);
 	if (EFI_ERROR(efi_status))
 		goto done;
 
@@ -1016,7 +1016,7 @@ static EFI_STATUS shim_read_header(void *data, unsigned int datasize,
 	EFI_STATUS efi_status;
 
 	in_protocol = 1;
-	efi_status = read_header(data, datasize, context);
+	efi_status = read_header(data, datasize, context, true);
 	in_protocol = 0;
 
 	return efi_status;