[edk2-devel] [PATCH EDK2 v1 0/1] Enhanced verification of Offset(CVE-2019-14562)
wenyi,xie via groups.io
xiewenyi2=huawei.com at groups.io
Wed Aug 12 07:04:45 UTC 2020
Main Changes:
1.check offset inbetween VirtualAddress and VirtualAddress + Size.
2.Using SafeintLib to do offset addition with result check.
Code can also be found in github:
https://github.com/leadsama/edk2.git
branch: bug-2215-v1
Wenyi Xie (1):
SecurityPkg/DxeImageVerificationLib:Enhanced verification of
Offset(CVE-2019-14562)
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf | 1 +
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h | 1 +
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 21 +++++++++++++++-----
3 files changed, 18 insertions(+), 5 deletions(-)
--
2.20.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#64059): https://edk2.groups.io/g/devel/message/64059
Mute This Topic: https://groups.io/mt/76143919/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list