efi_loader: don't load beyond VirtualSize

PE section table entries' SizeOfRawData must be a multiple of
FileAlignment, and thus may be rounded up and larger than their
VirtualSize.

We should not load beyond the VirtualSize, which is "the total size of
the section when loaded into memory" -- we may clobber real data at the
target in some other section, since we load sections in reverse order
and sections are usually laid out sequentially.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index d4dd9e943395002f19abe1503537bfe8bc9db576..f53ef367ec1d6fe805910a2b0cde2d8255f8ecf9 100644 (file)
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -843,7 +843,7 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
                       sec->Misc.VirtualSize);
                memcpy(efi_reloc + sec->VirtualAddress,
                       efi + sec->PointerToRawData,
-                      sec->SizeOfRawData);
+                      min(sec->Misc.VirtualSize, sec->SizeOfRawData));
        }
 
        /* Run through relocations */