File tboot-Add-more-mbi-validation.patch of Package tboot.18210

From d5ed71429de8a3462fef9708a96e6feca1b04d63 Mon Sep 17 00:00:00 2001
From: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
Date: Mon, 7 Sep 2020 15:39:55 +0200
Subject: [PATCH] Add more mbi validation

Signed-off-by: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
---
 tboot/common/efi_memmap.c | 17 +++++++++++------
 tboot/common/loader.c     |  9 ++++++++-
 tboot/common/policy.c     |  5 +++++
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/tboot/common/efi_memmap.c b/tboot/common/efi_memmap.c
index 38c2293..2ebe444 100644
--- a/tboot/common/efi_memmap.c
+++ b/tboot/common/efi_memmap.c
@@ -65,12 +65,17 @@ bool efi_memmap_copy(loader_ctx *lctx)
         return false;
     }
 
-    efi_mmap->size = mmap_size;
-    efi_mmap->descr_size = descr_size;
-    memcpy(efi_mmap->descr, (void*)descr_addr, mmap_size);
-    efi_mmap_available = true;
+    if (mmap_size < TBOOT_EFI_MEMMAP_COPY_SIZE - offsetof(efi_memmap_t, descr)) {
+        efi_mmap->size = mmap_size;
+        efi_mmap->descr_size = descr_size;
+        memcpy(efi_mmap->descr, (void*)descr_addr, mmap_size);
+        efi_mmap_available = true;
+        return true;
+    } else {
+        printk(TBOOT_WARN"Too many entries in EFI memory map\n");
+        return false;
+    }
 
-    return true;
 }
 
 /**
@@ -304,7 +309,7 @@ bool efi_memmap_get_highest_sized_ram(uint64_t size, uint64_t limit,
     }
 
     printk("get_highest_sized_ram: size %llx -> base %llx, size %llx\n",
-           size, *ram_base, *ram_size);
+           size, last_fit_base, last_fit_size);
 
     if (last_fit_size == 0) {
         return false;
diff --git a/tboot/common/loader.c b/tboot/common/loader.c
index c96e098..4a302e8 100644
--- a/tboot/common/loader.c
+++ b/tboot/common/loader.c
@@ -289,8 +289,15 @@ bool verify_loader_context(loader_ctx *lctx)
     if (count < 1){
         printk(TBOOT_ERR"Error: no MB%d modules\n", lctx->type);
         return false;
-    } else
+    } else {
+        for (uint32_t i = 0; i < count; ++i) {
+            module_t *m = get_module(lctx, i);
+            if (m->mod_end < m->mod_start) {
+                return false;
+            }
+        }
         return true;
+    }
 }
 
 static bool remove_mb2_tag(loader_ctx *lctx, struct mb2_tag *cur)
diff --git a/tboot/common/policy.c b/tboot/common/policy.c
index b3adc04..bc7c695 100644
--- a/tboot/common/policy.c
+++ b/tboot/common/policy.c
@@ -819,6 +819,11 @@ static void verify_g_policy(void)
 
 void verify_all_modules(loader_ctx *lctx)
 {
+    if (!verify_loader_context(lctx)) {
+        printk(TBOOT_ERR"Error: Invalid loader context\n");
+        apply_policy(TB_ERR_FATAL);
+    }
+
     /* assumes mbi is valid */
     verify_g_policy();
 
-- 
2.26.2