Main Changes: 1.check offset inbetween VirtualAddress and VirtualAddress + Size. 2.Using SafeintLib to do offset addition with result check.
Code can also be found in github: https://github.com/leadsama/edk2.git branch: bug-2215-v1 Wenyi Xie (1): SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset(CVE-2019-14562) SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf | 1 + SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h | 1 + SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 21 +++++++++++++++----- 3 files changed, 18 insertions(+), 5 deletions(-) -- 2.20.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64059): https://edk2.groups.io/g/devel/message/64059 Mute This Topic: https://groups.io/mt/76143919/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
