• Peter Jones's avatar
    Don't allow anything with a small alignment in our PE files. · 5c3bf329
    Peter Jones authored
    When I added 4990d3fb I inadvertantly made .data.ident and .rela.got
    sections appear in the top-level section headers at file offsets not
    aligned with PE->OptionalHeader.FileAlignment.  This results in a
    section table that looks like:
    
    Sections:
    Idx Name          Size      VMA               LMA               File off  Algn
      0 .eh_frame     00018648  0000000000005000  0000000000005000  00000400  2**3
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      1 .text         00093f45  000000000001e000  000000000001e000  00018c00  2**4
                      CONTENTS, ALLOC, LOAD, READONLY, CODE
      2 .reloc        0000000a  00000000000b2000  00000000000b2000  000acc00  2**0
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      3 .data.ident   000000e4  00000000000b3040  00000000000b3040  000ace40  2**5
                      CONTENTS, ALLOC, LOAD, DATA
      4 .data         000291e8  00000000000b4000  00000000000b4000  000ad200  2**5
                      CONTENTS, ALLOC, LOAD, DATA
      5 .vendor_cert  000003e2  00000000000de000  00000000000de000  000d6400  2**0
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      6 .dynamic      000000f0  00000000000df000  00000000000df000  000d6800  2**3
                      CONTENTS, ALLOC, LOAD, DATA
      7 .rela         0001aef8  00000000000e0000  00000000000e0000  000d6a00  2**3
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      8 .rela.got     00000060  00000000000faef8  00000000000faef8  000f1af8  2**3
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      9 .dynsym       0000ecd0  00000000000fb000  00000000000fb000  000f1e00  2**3
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
    
    rather than:
    
    Sections:
    Idx Name          Size      VMA               LMA               File off  Algn
      0 .eh_frame     00018118  0000000000005000  0000000000005000  00000400  2**3
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      1 .text         00091898  000000000001e000  000000000001e000  00018600  2**4
                      CONTENTS, ALLOC, LOAD, READONLY, CODE
      2 .reloc        0000000a  00000000000b0000  00000000000b0000  000aa000  2**0
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      3 .data         00028848  00000000000b1000  00000000000b1000  000aa200  2**5
                      CONTENTS, ALLOC, LOAD, DATA
      4 .vendor_cert  00000449  00000000000da000  00000000000da000  000d2c00  2**0
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      5 .dynamic      00000100  00000000000db000  00000000000db000  000d3200  2**3
                      CONTENTS, ALLOC, LOAD, DATA
      6 .rela         0001ae50  00000000000dc000  00000000000dc000  000d3400  2**3
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
      7 .dynsym       0000ea78  00000000000f7000  00000000000f7000  000ee400  2**3
                      CONTENTS, ALLOC, LOAD, READONLY, DATA
    
    (Note "File off" on sections #3 and #8 on the top one.)
    
    This seems to work fine with edk2's loader and shim's loader, as well as
    their Authenticode implementation, and pesign's as well.
    
    While PE loaders seem to be fine with sections with alignments smaller
    than PE->OptionalHeader.FileAlignment, MS's signtool.exe does ...
    something else with them.  I'm not sure what.  What it definitely does
    *not* do is extend the digest based on their file offset and size.
    
    So just don't allow anything that small, and don't allow anything
    smaller than SectionAlignment either, just to be on the safe side.
    Since most of our stuff gets stripped into the debuginfo anyway, and
    shim has relatively few sections, this should not be a very large
    burden.
    
    So just to be clear:
    
    If you have a binary with a section that's not aligned on
    PE->OptionalHeader.FileAlignment:
    
    - pesign hashes it to A
    - tiano hashes it to A
    - shim hashes it to A
    - signtool.exe hashes it to B
    
    Because that makes sense.
    
    This patch works around the bug in signtool.exe .
    Signed-off-by: 's avatarPeter Jones <pjones@redhat.com>
    5c3bf329