SF.net SVN: edk2:[14396] trunk/edk2/SecurityPkg/Tcg/TcgDxe/TpmComm.c

Wed, 05 Jun 2013 17:41:11 -0700 

Revision: 14396
          http://edk2.svn.sourceforge.net/edk2/?rev=14396&view=rev
Author:   czhang46
Date:     2013-06-06 00:39:41 +0000 (Thu, 06 Jun 2013)
Log Message:
-----------
Fix overflow issue in TcgProtocol

Signed-off-by: Chao Zhang <[email protected]>
Reviewed-by  : Yao Jiewen <[email protected]>
Reviewed-by  : Dong Guo   <[email protected]>

Modified Paths:
--------------
    trunk/edk2/SecurityPkg/Tcg/TcgDxe/TpmComm.c

Modified: trunk/edk2/SecurityPkg/Tcg/TcgDxe/TpmComm.c
===================================================================
--- trunk/edk2/SecurityPkg/Tcg/TcgDxe/TpmComm.c 2013-06-04 08:51:30 UTC (rev 
14395)
+++ trunk/edk2/SecurityPkg/Tcg/TcgDxe/TpmComm.c 2013-06-06 00:39:41 UTC (rev 
14396)
@@ -1,7 +1,7 @@
 /** @file  
   Utility functions used by TPM Dxe driver.
 
-Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD 
License 
 which accompanies this distribution.  The full text of the license may be 
found at 
@@ -144,10 +144,17 @@
   IN      UINT8                     *NewEventData
   )
 {
-  UINT32                            NewLogSize;
+  UINTN                            NewLogSize;
 
+  //
+  // Prevent Event Overflow
+  //
+  if (NewEventHdr->EventSize > (UINTN)(~0) - sizeof (*NewEventHdr)) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
   NewLogSize = sizeof (*NewEventHdr) + NewEventHdr->EventSize;
-  if (NewLogSize + *LogSize > MaxSize) {
+  if (NewLogSize > MaxSize - *LogSize) {
     return EFI_OUT_OF_RESOURCES;
   }
 

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to