boot: impose section limit when loading PE from memory too

pe_section_table_from_file already checks with SECTION_TABLE_BYTES_MAX,
do the same in pe_section_table_from_base() just in case.

Originally reported on yeswehack.com as:
YWH-PGM9780-117

Follow-up for f4e081051d950a09ce9331ba55eaf604dac72652

diff --git a/src/boot/pe.c b/src/boot/pe.c
index 4c5dfa0d7af47c2b6186c00d8094acf487c06d2b..5fbf5a42e5386cd5cbaaa1189e7727a1fdcfcca8 100644 (file)
--- a/src/boot/pe.c
+++ b/src/boot/pe.c
@@ -570,8 +570,14 @@ EFI_STATUS pe_section_table_from_base(
         if (!verify_pe(dos, pe, /* allow_compatibility= */ false))
                 return EFI_LOAD_ERROR;
 
+        assert_cc(sizeof(pe->FileHeader.NumberOfSections) == sizeof(uint16_t)); /* multiplication below cannot overflow */
+
+        size_t n_section_table = pe->FileHeader.NumberOfSections;
+        if (n_section_table * sizeof(PeSectionHeader) > SECTION_TABLE_BYTES_MAX)
+                return EFI_OUT_OF_RESOURCES;
+
         *ret_section_table = (const PeSectionHeader*) ((const uint8_t*) base + section_table_offset(dos, pe));
-        *ret_n_section_table = pe->FileHeader.NumberOfSections;
+        *ret_n_section_table = n_section_table;
 
         return EFI_SUCCESS;
 }