[romprefix] Use correct size for PMM allocation of image source block
iPXE allocates its first PMM block using the image source length,
which is rounded up to the nearest 16-byte paragraph. It then copies
in data of a length calculated from the ROM size, which is
theoretically less than or equal to the image source length, but is
rounded up to the nearest 512-byte sector. This can result in copying
beyond the end of the allocated PMM block, which can corrupt the PMM
data structures (and other essentially arbitrary areas of memory).
Fix by rounding up the image source length to the nearest 512-byte
sector before using it as the PMM allocation length.
Reported-by: Alex Williamson <alex.williamson@redhat.com> Reported-by: Jarrod Johnson <jarrod.b.johnson@gmail.com> Reported-by: Itay Gazit <itayg@mellanox.co.il> Signed-off-by: Michael Brown <mcb30@ipxe.org>
projects / thirdparty / ipxe.git / commit
