OcAppleKernelLib and OcDataHubLib: Security enhancements

2026-02-01 15:59:39 +00:00 · 2019-03-18 19:58:16 +01:00 · 2019-03-18 19:58:16 +01:00 · 6b2186abaf
commit 6b2186abaf
parent 94bcf6983f
2 changed files with 22 additions and 5 deletions
--- a/Library/OcAppleKernelLib/Prelinked.c
+++ b/Library/OcAppleKernelLib/Prelinked.c
@ -66,6 +66,9 @@ PrelinkedContextInit (
  if (Context->PrelinkedInfoSegment == NULL) {
    return EFI_NOT_FOUND;
  }
+  if (Context->PrelinkedInfoSegment->FileOffset > MAX_UINT32) {
+    return EFI_UNSUPPORTED;
+  }

  Context->PrelinkedInfoSection = MachoGetSectionByName64 (
    &Context->PrelinkedMachContext,
@ -75,6 +78,9 @@ PrelinkedContextInit (
  if (Context->PrelinkedInfoSection == NULL) {
    return EFI_NOT_FOUND;
  }
+  if (Context->PrelinkedInfoSection->Size > MAX_UINT32) {
+    return EFI_UNSUPPORTED;
+  }

  Context->PrelinkedTextSegment = MachoGetSegmentByName64 (
    &Context->PrelinkedMachContext,
@ -101,7 +107,7 @@ PrelinkedContextInit (
    return EFI_OUT_OF_RESOURCES;
  }

-  Context->PrelinkedInfoDocument = XmlDocumentParse (Context->PrelinkedInfo, Context->PrelinkedInfoSection->Size, TRUE);
+  Context->PrelinkedInfoDocument = XmlDocumentParse (Context->PrelinkedInfo, (UINT32)Context->PrelinkedInfoSection->Size, TRUE);
  if (Context->PrelinkedInfoDocument == NULL) {
    PrelinkedContextFree (Context);
    return EFI_INVALID_PARAMETER;
@ -206,7 +212,7 @@ PrelinkedInjectPrepare (
  SegmentEndOffset = Context->PrelinkedInfoSegment->FileOffset + Context->PrelinkedInfoSegment->FileSize;

  if (PRELINKED_ALIGN (SegmentEndOffset) == Context->PrelinkedSize) {
-    Context->PrelinkedSize = PRELINKED_ALIGN (Context->PrelinkedInfoSegment->FileOffset);
+    Context->PrelinkedSize = (UINT32)PRELINKED_ALIGN (Context->PrelinkedInfoSegment->FileOffset);
  }

  Context->PrelinkedInfoSegment->VirtualAddress = 0;
--- a/Library/OcDataHubLib/OcDataHubLib.c
+++ b/Library/OcDataHubLib/OcDataHubLib.c
@ -28,6 +28,7 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/OcMiscLib.h>
 #include <Library/OcDataHubLib.h>
+#include <Library/OcGuardLib.h>
 #include <Library/OcStringLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiLib.h>
@ -181,10 +182,20 @@ SetDataHubEntry (
  PLATFORM_DATA_HEADER  *Entry;
  UINT32                KeySize;
  UINT32                TotalSize;
+  BOOLEAN               Result;

-  KeySize   = (UINT32) StrSize (Key);
-  TotalSize = sizeof (*Entry) + KeySize + DataSize;
-  Entry     = AllocateZeroPool (TotalSize);
+  KeySize = (UINT32) StrSize (Key);
+  Result  = OcOverflowTriAddU32 (
+              sizeof (*Entry),
+              KeySize,
+              DataSize,
+              &TotalSize
+              );
+  if (Result) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Entry = AllocateZeroPool (TotalSize);

  if (Entry == NULL) {
    return EFI_OUT_OF_RESOURCES;