mirror of https://github.com/ipxe/ipxe.git
[efi] Mark PE .reloc and .debug sections as discardable
After a PE image is fully loaded and relocated, the loader code may opt to zero discardable sections for security reasons. This includes relocation and debug information, as both contain hints about specific locations within the binary. Mark both generated sections as discardable, which follows the PE specification. Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>pull/329/head
Marvin Häuser
Michael Brown
parent
f1e9e2b062
commit
94245624e4
|
|
@ -758,6 +758,7 @@ create_reloc_section ( struct pe_header *pe_header,
|
||||||
reloc->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
|
reloc->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
|
||||||
reloc->hdr.SizeOfRawData = section_filesz;
|
reloc->hdr.SizeOfRawData = section_filesz;
|
||||||
reloc->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
|
reloc->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
|
||||||
|
EFI_IMAGE_SCN_MEM_DISCARDABLE |
|
||||||
EFI_IMAGE_SCN_MEM_NOT_PAGED |
|
EFI_IMAGE_SCN_MEM_NOT_PAGED |
|
||||||
EFI_IMAGE_SCN_MEM_READ );
|
EFI_IMAGE_SCN_MEM_READ );
|
||||||
|
|
||||||
|
|
@ -822,6 +823,7 @@ create_debug_section ( struct pe_header *pe_header, const char *filename ) {
|
||||||
debug->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
|
debug->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
|
||||||
debug->hdr.SizeOfRawData = section_filesz;
|
debug->hdr.SizeOfRawData = section_filesz;
|
||||||
debug->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
|
debug->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
|
||||||
|
EFI_IMAGE_SCN_MEM_DISCARDABLE |
|
||||||
EFI_IMAGE_SCN_MEM_NOT_PAGED |
|
EFI_IMAGE_SCN_MEM_NOT_PAGED |
|
||||||
EFI_IMAGE_SCN_MEM_READ );
|
EFI_IMAGE_SCN_MEM_READ );
|
||||||
debug->fixup = fixup_debug_section;
|
debug->fixup = fixup_debug_section;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue