Revision: 14377
http://edk2.svn.sourceforge.net/edk2/?rev=14377&view=rev
Author: niruiyu
Date: 2013-05-20 07:04:56 +0000 (Mon, 20 May 2013)
Log Message:
-----------
Remove the complex buffer since the _LOCK_VARIABLE won't be allowed after
leaving DXE phase.
Add the variable name size check in the RequestToLock wrapper.
Signed-off-by: Ruiyu Ni <[email protected]>
Reviewed-by: Star Zeng <[email protected]>
Modified Paths:
--------------
trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
Modified: trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
2013-05-18 02:56:51 UTC (rev 14376)
+++ trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
2013-05-20 07:04:56 UTC (rev 14377)
@@ -22,7 +22,6 @@
EFI_EVENT mVirtualAddressChangeEvent = NULL;
EFI_EVENT mFtwRegistration = NULL;
extern BOOLEAN mEndOfDxe;
-extern BOOLEAN mEnableLocking;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = {
VariableLockRequestToLock };
/**
Modified: trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
2013-05-18 02:56:51 UTC (rev 14376)
+++ trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
2013-05-20 07:04:56 UTC (rev 14377)
@@ -717,48 +717,16 @@
break;
case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
- if (CommBufferPayloadSize <
OFFSET_OF(SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
- DEBUG ((EFI_D_ERROR, "RequestToLock: SMM communication buffer size
invalid!\n"));
- return EFI_SUCCESS;
- }
- //
- // Copy the input communicate buffer payload to pre-allocated SMM
variable buffer payload.
- //
- CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data,
CommBufferPayloadSize);
- VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *)
mVariableBufferPayload;
-
- if (VariableToLock->NameSize > MAX_ADDRESS - OFFSET_OF
(SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
- //
- // Prevent InfoSize overflow happen
- //
+ if (mEndOfDxe) {
Status = EFI_ACCESS_DENIED;
- goto EXIT;
+ } else {
+ VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *)
SmmVariableFunctionHeader->Data;
+ Status = VariableLockRequestToLock (
+ NULL,
+ VariableToLock->Name,
+ &VariableToLock->Guid
+ );
}
-
- if (VariableToLock->NameSize < sizeof (CHAR16) ||
VariableToLock->Name[VariableToLock->NameSize/sizeof (CHAR16) - 1] != L'\0') {
- //
- // Make sure VariableName is A Null-terminated string.
- //
- Status = EFI_ACCESS_DENIED;
- goto EXIT;
- }
-
- InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) +
VariableToLock->NameSize;
-
- //
- // SMRAM range check already covered before
- //
- if (InfoSize > CommBufferPayloadSize) {
- DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size
limit!\n"));
- Status = EFI_ACCESS_DENIED;
- goto EXIT;
- }
-
- Status = VariableLockRequestToLock (
- NULL,
- VariableToLock->Name,
- &VariableToLock->Guid
- );
break;
default:
Modified:
trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
===================================================================
---
trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
2013-05-18 02:56:51 UTC (rev 14376)
+++
trunk/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
2013-05-20 07:04:56 UTC (rev 14377)
@@ -186,6 +186,7 @@
)
{
EFI_STATUS Status;
+ UINTN VariableNameSize;
UINTN PayloadSize;
SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
@@ -193,13 +194,22 @@
return EFI_INVALID_PARAMETER;
}
+ VariableNameSize = StrSize (VariableName);
+
+ //
+ // If VariableName exceeds SMM payload limit. Return failure
+ //
+ if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF
(SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
AcquireLockOnlyAtBootTime(&mVariableServicesLock);
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
PayloadSize.
//
- PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) +
StrSize (VariableName);
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) +
VariableNameSize;
Status = InitCommunicateBuffer ((VOID **) &VariableToLock, PayloadSize,
SMM_VARIABLE_FUNCTION_LOCK_VARIABLE);
if (EFI_ERROR (Status)) {
goto Done;
@@ -207,7 +217,7 @@
ASSERT (VariableToLock != NULL);
CopyGuid (&VariableToLock->Guid, VendorGuid);
- VariableToLock->NameSize = StrSize (VariableName);
+ VariableToLock->NameSize = VariableNameSize;
CopyMem (VariableToLock->Name, VariableName, VariableToLock->NameSize);
//
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
