From 1ea133acd64eb0099865b0649b1d039ef63787ee Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Sun, 29 Aug 2021 11:52:44 +0200
Subject: [PATCH] efi_loader: sections with zero VirtualSize

In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.

Fixes: 9d30a941cce5 ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
---
 lib/efi_loader/efi_image_loader.c | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index a0eb63fceb..838e3a7f02 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -800,6 +800,23 @@ efi_status_t efi_check_pe(void *buffer, size_t size, void **nt_header)
 	return EFI_SUCCESS;
 }
 
+/**
+ * section_size() - determine size of section
+ *
+ * The size of a section in memory if normally given by VirtualSize.
+ * If VirtualSize is not provided, use SizeOfRawData.
+ *
+ * @sec:	section header
+ * Return:	size of section in memory
+ */
+static u32 section_size(IMAGE_SECTION_HEADER *sec)
+{
+	if (sec->Misc.VirtualSize)
+		return sec->Misc.VirtualSize;
+	else
+		return sec->SizeOfRawData;
+}
+
 /**
  * efi_load_pe() - relocate EFI binary
  *
@@ -869,8 +886,9 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
 	/* Calculate upper virtual address boundary */
 	for (i = num_sections - 1; i >= 0; i--) {
 		IMAGE_SECTION_HEADER *sec = &sections[i];
+
 		virt_size = max_t(unsigned long, virt_size,
-				  sec->VirtualAddress + sec->Misc.VirtualSize);
+				  sec->VirtualAddress + section_size(sec));
 	}
 
 	/* Read 32/64bit specific header bits */
@@ -931,11 +949,16 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
 	/* Load sections into RAM */
 	for (i = num_sections - 1; i >= 0; i--) {
 		IMAGE_SECTION_HEADER *sec = &sections[i];
-		memset(efi_reloc + sec->VirtualAddress, 0,
-		       sec->Misc.VirtualSize);
+		u32 copy_size = section_size(sec);
+
+		if (copy_size > sec->SizeOfRawData) {
+			copy_size = sec->SizeOfRawData;
+			memset(efi_reloc + sec->VirtualAddress, 0,
+			       sec->Misc.VirtualSize);
+		}
 		memcpy(efi_reloc + sec->VirtualAddress,
 		       efi + sec->PointerToRawData,
-		       min(sec->Misc.VirtualSize, sec->SizeOfRawData));
+		       copy_size);
 	}
 
 	/* Run through relocations */
-- 
2.39.5