[edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)
Laszlo Ersek
lersek at redhat.com
Thu Nov 19 10:53:38 UTC 2020
Repo: https://pagure.io/lersek/edk2.git
Branch: tianocore_1743_v2_resend
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
"RESEND" because I'm publicly posting the patches from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.
The Reviewed-by tags on the patches originate from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.
Retested with Liming's reproducer; see
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.
This series targets edk2-stable202011. I plan to merge it later this
week, based on Liming's R-b.
Liming, highlighting TianoCore#1743 in the "proposed features" list
could be useful.
Cc: Dandan Bi <dandan.bi at intel.com>
Cc: Hao A Wu <hao.a.wu at intel.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd at redhat.com>
Thanks!
Laszlo
Laszlo Ersek (2):
MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
FindChildNode()
MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
MdeModulePkg/MdeModulePkg.dec | 6 +++
MdeModulePkg/MdeModulePkg.uni | 6 +++
MdeModulePkg/Core/Dxe/DxeMain.inf | 1 +
MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 +++++++++++++++++---
4 files changed, 59 insertions(+), 6 deletions(-)
--
2.19.1.3.g30247aa5d201
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67707): https://edk2.groups.io/g/devel/message/67707
Mute This Topic: https://groups.io/mt/78362191/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list