diff options
| author | Heinrich Schuchardt <[email protected]> | 2026-06-01 15:20:53 +0200 |
|---|---|---|
| committer | Heinrich Schuchardt <[email protected]> | 2026-06-07 16:43:06 +0200 |
| commit | bc82aa5b4145eba47f57e6f7148e0fa45bc16f51 (patch) | |
| tree | 48d7d131fe831f3328e82603357a600564a3f14f /src/include/lwip/apps | |
| parent | badf7502827bc8f77cb4c572e5186584deea7a89 (diff) | |
efi_loader: validate PE-COFF relocation data
When applying base relocations from a PE-COFF binary all data must
be treated as untrusted. Add the following checks to
efi_loader_relocate():
* Reject relocation blocks that don't start on a 32-bit aligned
address.
* Reject relocation blocks whose SizeOfBlock is smaller than the
block header, which would cause an unsigned underflow when computing
the entry count.
* A block with SizeOfBlock == 0 is invalid and does not mark the end of
the relocation table.
* Reject relocation blocks that extend beyond the end of the
relocation section.
* Reject individual relocation entries whose target offset, together
with the access width, exceeds the mapped image size, preventing
out-of-bounds writes.
Pass virt_size to efi_loader_relocate() from efi_load_pe() to enable
the per-entry bounds check.
Reported-by: Anas Cherni <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Diffstat (limited to 'src/include/lwip/apps')
0 files changed, 0 insertions, 0 deletions