d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix alignment issue in uefisign

Browse Source 
The pe_certificate structure has to be aligned to 8 bytes. [1]
Since this is now checked in edk2, any binaries signed with
older version of this tool will fail verification.

References:
[1] https://docs.microsoft.com/en-us/windows/desktop/Debug/pe-format#the-attribute-certificate-table-image-only

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: trasz
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D18554
This commit is contained in:
Marcin Wojtas 2018-12-19 22:47:37 +00:00
parent 11721f6600
commit c97ed06a4b
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
usr.sbin/uefisign/pe.c
View File

@ -56,6 +56,8 @@ __FBSDID("$FreeBSD$");
#define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1] #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1]
#endif #endif
#define PE_ALIGMENT_SIZE 8
struct mz_header { struct mz_header {
uint8_t mz_signature[2]; uint8_t mz_signature[2];
uint8_t mz_dont_care[58]; uint8_t mz_dont_care[58];
@ -498,19 +500,17 @@ parse(struct executable *x)
} }
static off_t static off_t
append(struct executable *x, void *ptr, size_t len) append(struct executable *x, void *ptr, size_t len, size_t aligment)
{ {
off_t off; off_t off;
/*
* XXX: Alignment.
*/
off = x->x_len; off = x->x_len;
x->x_buf = realloc(x->x_buf, x->x_len + len); x->x_buf = realloc(x->x_buf, x->x_len + len + aligment);
if (x->x_buf == NULL) if (x->x_buf == NULL)
err(1, "realloc"); err(1, "realloc");
memcpy(x->x_buf + x->x_len, ptr, len); memcpy(x->x_buf + x->x_len, ptr, len);
x->x_len += len; memset(x->x_buf + x->x_len + len, 0, aligment);
x->x_len += len + aligment;
return (off); return (off);
} }
@ -522,6 +522,7 @@ update(struct executable *x)
struct pe_certificate *pc; struct pe_certificate *pc;
struct pe_directory_entry pde; struct pe_directory_entry pde;
size_t pc_len; size_t pc_len;
size_t pc_aligment;
off_t pc_off; off_t pc_off;
pc_len = sizeof(*pc) + x->x_signature_len; pc_len = sizeof(*pc) + x->x_signature_len;
@ -529,6 +530,11 @@ update(struct executable *x)
if (pc == NULL) if (pc == NULL)
err(1, "calloc"); err(1, "calloc");
if (pc_len % PE_ALIGMENT_SIZE > 0)
pc_aligment = PE_ALIGMENT_SIZE - (pc_len % PE_ALIGMENT_SIZE);
else
pc_aligment = 0;
#if 0 #if 0
/* /*
* Note that pc_len is the length of pc_certificate, * Note that pc_len is the length of pc_certificate,
@ -545,7 +551,7 @@ update(struct executable *x)
pc->pc_type = PE_CERTIFICATE_TYPE; pc->pc_type = PE_CERTIFICATE_TYPE;
memcpy(&pc->pc_signature, x->x_signature, x->x_signature_len); memcpy(&pc->pc_signature, x->x_signature, x->x_signature_len);
pc_off = append(x, pc, pc_len); pc_off = append(x, pc, pc_len, pc_aligment);
#if 0 #if 0
printf("added signature chunk at offset %zd, len %zd\n", printf("added signature chunk at offset %zd, len %zd\n",
pc_off, pc_len); pc_off, pc_len);
@ -554,7 +560,7 @@ update(struct executable *x)
free(pc); free(pc);
pde.pde_rva = pc_off; pde.pde_rva = pc_off;
pde.pde_size = pc_len; pde.pde_size = pc_len + pc_aligment;
memcpy(x->x_buf + x->x_certificate_entry_off, &pde, sizeof(pde)); memcpy(x->x_buf + x->x_certificate_entry_off, &pde, sizeof(pde));
checksum = compute_checksum(x); checksum = compute_checksum(x);