sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg/RamDiskDxe: Restrict on RAM disk size (CVE-2018-12180)

Browse Source 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1134

Originally, the block size of created Ram disks is hard-coded to 512
bytes. However, if the total size of the Ram disk is not a multiple of 512
bytes, there will be potential memory access issues when dealing with the
last block of the Ram disk.

This commit will adjust the block size of the Ram disks to ensure that the
total size is a multiple of the block size.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
This commit is contained in:
Hao Wu
2018-02-07 12:49:50 +08:00
parent fccdb88022
commit 38c9fbdcaa
3 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c
View File

@@ -1,7 +1,7 @@
/** @file
Produce EFI_BLOCK_IO_PROTOCOL on a RAM disk device.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -54,6 +54,7 @@ RamDiskInitBlockIo (
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_BLOCK_IO2_PROTOCOL *BlockIo2;
EFI_BLOCK_IO_MEDIA *Media;
UINT32 Remainder;
BlockIo = &PrivateData->BlockIo;
BlockIo2 = &PrivateData->BlockIo2;
@@ -69,11 +70,18 @@ RamDiskInitBlockIo (
Media->LogicalPartition = FALSE;
Media->ReadOnly = FALSE;
Media->WriteCaching = FALSE;
Media->BlockSize = RAM_DISK_BLOCK_SIZE;
Media->LastBlock = DivU64x32 (
PrivateData->Size + RAM_DISK_BLOCK_SIZE - 1,
RAM_DISK_BLOCK_SIZE
) - 1;
for (Media->BlockSize = RAM_DISK_DEFAULT_BLOCK_SIZE;
Media->BlockSize >= 1;
Media->BlockSize = Media->BlockSize >> 1) {
Media->LastBlock = DivU64x32Remainder (PrivateData->Size, Media->BlockSize, &Remainder) - 1;
if (Remainder == 0) {
break;
}
}
ASSERT (Media->BlockSize != 0);
return;
}