Add comment for modules which have external input.

signed-off-by: jiewen.yao@intel.com reviewed-by: guo.dong@intel.com reviewed-by: ting.ye@intel.com reviewed-by: liming.gao@intel.com reviewed-by: elvin.li@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-12 08:28:43 +00:00
parent 90eaa3c1e0
commit dc204d5a0f
30 changed files with 435 additions and 22 deletions
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -2,6 +2,19 @@
  Base PE/COFF loader supports loading any PE32/PE32+ or TE image, but
  only supports relocating IA32, x64, IPF, and EBC images.

+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  The basic guideline is that caller need provide ImageContext->ImageRead () with the
+  necessary data range check, to make sure when this library reads PE/COFF image, the
+  PE image buffer is always in valid range.
+  This library will also do some additional check for PE header fields.
+
+  PeCoffLoaderGetPeHeader() routine will do basic check for PE/COFF header.
+  PeCoffLoaderGetImageInfo() routine will do basic check for whole PE/COFF image.
+
  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
  Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
  This program and the accompanying materials
@@ -48,7 +61,10 @@ PeCoffLoaderGetPeHeaderMagicValue (

 /**
  Retrieves the PE or TE Header from a PE/COFF or TE image. 
-  Also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader, 
+
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this routine will 
+  also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader, 
  SizeOfHeader, Section Data Region and Security Data Region be in PE image range. 

  @param  ImageContext    The context of the image being loaded.
@@ -376,7 +392,9 @@ PeCoffLoaderGetPeHeader (
  The ImageRead and Handle fields of ImageContext structure must be valid prior 
  to invoking this service.

-  Also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader, 
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this routine will 
+  also done many checks in PE image to make sure PE image DosHeader, PeOptionHeader, 
  SizeOfHeader, Section Data Region and Security Data Region be in PE image range. 

  @param  ImageContext              The pointer to the image context structure that describes the PE/COFF
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
@@ -4,7 +4,12 @@
 #  The IA32 version library support loading IA32, X64 and EBC PE/COFF images.
 #  The X64 version library support loading IA32, X64 and EBC PE/COFF images.
 #
-#  Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - PE/COFF image.
+#  This external input must be validated carefully to avoid security issue like
+#  buffer overflow, integer overflow.
+#
+#  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
 #  Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
 #
 #  This program and the accompanying materials