Revision: 15829
http://sourceforge.net/p/edk2/code/15829
Author: ydong10
Date: 2014-08-19 07:20:19 +0000 (Tue, 19 Aug 2014)
Log Message:
-----------
Refine the code logic, use dynamic allocate buffer instead of static array to
fix potential buffer overflow.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Modified Paths:
--------------
trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatOverMngr.h
Modified:
trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
===================================================================
---
trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
2014-08-19 05:37:28 UTC (rev 15828)
+++
trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
2014-08-19 07:20:19 UTC (rev 15829)
@@ -70,16 +70,16 @@
EFI_HANDLE *mDriverImageHandleBuffer;
INTN mSelectedCtrIndex;
-EFI_STRING_ID mControllerToken[MAX_CHOICE_NUM];
+EFI_STRING_ID *mControllerToken;
UINTN mDriverImageHandleCount;
-EFI_STRING_ID mDriverImageToken[MAX_CHOICE_NUM];
-EFI_STRING_ID mDriverImageFilePathToken[MAX_CHOICE_NUM];
-EFI_LOADED_IMAGE_PROTOCOL *mDriverImageProtocol[MAX_CHOICE_NUM];
-EFI_DEVICE_PATH_PROTOCOL *mControllerDevicePathProtocol[MAX_CHOICE_NUM];
+EFI_STRING_ID *mDriverImageToken;
+EFI_DEVICE_PATH_PROTOCOL **mControllerDevicePathProtocol;
UINTN mSelectedDriverImageNum;
UINTN mLastSavedDriverImageNum;
UINT16 mCurrentPage;
EFI_CALLBACK_INFO *mCallbackInfo;
+BOOLEAN *mDriSelection;
+UINTN mMaxDeviceCount;
HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
{
@@ -425,6 +425,12 @@
return EFI_SUCCESS;
}
+ mMaxDeviceCount = DevicePathHandleCount;
+ mControllerDevicePathProtocol = AllocateZeroPool (DevicePathHandleCount *
sizeof (EFI_DEVICE_PATH_PROTOCOL *));
+ ASSERT (mControllerDevicePathProtocol != NULL);
+ mControllerToken = AllocateZeroPool (DevicePathHandleCount * sizeof
(EFI_STRING_ID));
+ ASSERT (mControllerToken != NULL);
+
for (Index = 0; Index < DevicePathHandleCount; Index++) {
if (FakeNvData->PciDeviceFilter == 0x01) {
//
@@ -630,6 +636,9 @@
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
+ EFI_LOADED_IMAGE_PROTOCOL **DriverImageProtocol;
+ EFI_STRING_ID *DriverImageFilePathToken;
+ UINT8 CheckFlags;
//
// If user select a controller item in the first page the following code
will be run.
@@ -698,6 +707,16 @@
return EFI_NOT_FOUND;
}
+ mDriverImageToken = AllocateZeroPool (DriverImageHandleCount * sizeof
(EFI_STRING_ID));
+ ASSERT (mDriverImageToken != NULL);
+ mDriSelection = AllocateZeroPool (DriverImageHandleCount * sizeof (BOOLEAN));
+ ASSERT (mDriSelection != NULL);
+
+ DriverImageProtocol = AllocateZeroPool (DriverImageHandleCount * sizeof
(EFI_LOADED_IMAGE_PROTOCOL *));
+ ASSERT (DriverImageProtocol != NULL);
+ DriverImageFilePathToken = AllocateZeroPool (DriverImageHandleCount * sizeof
(EFI_STRING_ID));
+ ASSERT (DriverImageFilePathToken != NULL);
+
mDriverImageHandleCount = DriverImageHandleCount;
for (Index = 0; Index < DriverImageHandleCount; Index++) {
//
@@ -718,16 +737,16 @@
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (EFI_ERROR (Status)) {
- FakeNvData->DriSelection[Index] = 0x00;
+ mDriSelection[Index] = FALSE;
continue;
}
- mDriverImageProtocol[Index] = LoadedImage;
+ DriverImageProtocol[Index] = LoadedImage;
//
// Find its related driver binding protocol
//
DriverBindingHandle = GetDriverBindingHandleFromImageHandle
(mDriverImageHandleBuffer[Index]);
if (DriverBindingHandle == NULL) {
- FakeNvData->DriSelection[Index] = 0x00;
+ mDriSelection[Index] = FALSE;
continue;
}
@@ -741,7 +760,7 @@
(VOID **) &LoadedImageDevicePath
);
if (LoadedImageDevicePath == NULL) {
- FakeNvData->DriSelection[Index] = 0x00;
+ mDriSelection[Index] = FALSE;
continue;
}
@@ -757,11 +776,11 @@
(VOID **) &BusSpecificDriverOverride
);
if (EFI_ERROR (Status) || BusSpecificDriverOverride == NULL) {
- FakeNvData->DriSelection[Index] = 0x00;
+ mDriSelection[Index] = FALSE;
continue;
}
} else {
- FakeNvData->DriSelection[Index] = 0x00;
+ mDriSelection[Index] = FALSE;
continue;
}
}
@@ -798,9 +817,9 @@
NewString = AllocateZeroPool (StrSize (DriverName));
ASSERT (NewString != NULL);
if (EFI_ERROR (CheckMapping
(mControllerDevicePathProtocol[mSelectedCtrIndex], LoadedImageDevicePath,
&mMappingDataBase, NULL, NULL))) {
- FakeNvData->DriSelection[Index] = 0x00;
+ mDriSelection[Index] = FALSE;
} else {
- FakeNvData->DriSelection[Index] = 0x01;
+ mDriSelection[Index] = TRUE;
mLastSavedDriverImageNum++;
}
StrCat (NewString, DriverName);
@@ -820,21 +839,26 @@
NewString = AllocateZeroPool (StrSize (DriverName));
ASSERT (NewString != NULL);
StrCat (NewString, DriverName);
- NewStringHelpToken = HiiSetString (Private->RegisteredHandle,
mDriverImageFilePathToken[Index], NewString, NULL);
+ NewStringHelpToken = HiiSetString (Private->RegisteredHandle,
DriverImageFilePathToken[Index], NewString, NULL);
ASSERT (NewStringHelpToken != 0);
- mDriverImageFilePathToken[Index] = NewStringHelpToken;
+ DriverImageFilePathToken[Index] = NewStringHelpToken;
FreePool (NewString);
FreePool (DriverName);
+ CheckFlags = 0;
+ if (mDriSelection[Index]) {
+ CheckFlags |= EFI_IFR_CHECKBOX_DEFAULT;
+ }
+
HiiCreateCheckBoxOpCode (
StartOpCodeHandle,
- (UINT16) (DRIVER_SELECTION_QUESTION_ID + Index),
- VARSTORE_ID_PLAT_OVER_MNGR,
- (UINT16) (DRIVER_SELECTION_VAR_OFFSET + Index),
+ (UINT16) (KEY_VALUE_DRIVER_OFFSET + Index),
+ 0,
+ 0,
NewStringToken,
NewStringHelpToken,
- 0,
- 0,
+ EFI_IFR_FLAG_CALLBACK,
+ CheckFlags,
NULL
);
}
@@ -852,6 +876,15 @@
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
+
+ if (DriverImageProtocol != NULL) {
+ FreePool (DriverImageProtocol);
+ }
+
+ if (DriverImageFilePathToken != NULL) {
+ FreePool (DriverImageFilePathToken);
+ }
+
return EFI_SUCCESS;
}
@@ -932,7 +965,7 @@
//
SelectedDriverImageNum = 0;
for (Index = 0; Index < mDriverImageHandleCount; Index++) {
- if (FakeNvData->DriSelection[Index] != 0) {
+ if (mDriSelection[Index]) {
SelectedDriverImageNum ++;
}
}
@@ -950,7 +983,7 @@
//
SelectedDriverImageNum = 0;
for (Index = 0; Index < mDriverImageHandleCount; Index++) {
- if (FakeNvData->DriSelection[Index] != 0) {
+ if (mDriSelection[Index]) {
//
// Use the NO. in driver binding buffer as value, will use it later
//
@@ -1068,7 +1101,7 @@
**/
EFI_STATUS
-CommintChanges (
+CommitChanges (
IN EFI_CALLBACK_INFO *Private,
IN UINT16 KeyValue,
IN PLAT_OVER_MNGR_DATA *FakeNvData
@@ -1263,21 +1296,10 @@
}
Status = EFI_SUCCESS;
- if (mCurrentPage == FORM_ID_DRIVER) {
- KeyValue = KEY_VALUE_DRIVER_GOTO_ORDER;
- UpdatePrioritySelectPage (Private, KeyValue, FakeNvData);
- KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
- Status = CommintChanges (Private, KeyValue, FakeNvData);
- //
- // Since UpdatePrioritySelectPage will change mCurrentPage,
- // should ensure the mCurrentPage still indicate the second page here
- //
- mCurrentPage = FORM_ID_DRIVER;
- }
if (mCurrentPage == FORM_ID_ORDER) {
KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
- Status = CommintChanges (Private, KeyValue, FakeNvData);
+ Status = CommitChanges (Private, KeyValue, FakeNvData);
}
return Status;
@@ -1350,7 +1372,7 @@
}
}
- if (((KeyValue >= KEY_VALUE_DEVICE_OFFSET) && (KeyValue <
KEY_VALUE_DEVICE_MAX)) || (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS)) {
+ if (((KeyValue >= KEY_VALUE_DEVICE_OFFSET) && (KeyValue <
KEY_VALUE_DEVICE_OFFSET + mMaxDeviceCount)) || (KeyValue ==
KEY_VALUE_ORDER_GOTO_PREVIOUS)) {
if (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS) {
KeyValue = (EFI_QUESTION_ID) (mSelectedCtrIndex +
KEY_VALUE_DEVICE_OFFSET);
}
@@ -1384,30 +1406,34 @@
UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
- switch (KeyValue) {
- case KEY_VALUE_DEVICE_REFRESH:
- case KEY_VALUE_DEVICE_FILTER:
- UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
- //
- // Update page title string
- //
- NewStringToken = STRING_TOKEN (STR_TITLE);
- if (HiiSetString (Private->RegisteredHandle, NewStringToken, L"First,
Select the controller by device path", NULL) == 0) {
- ASSERT (FALSE);
+ if ((KeyValue >= KEY_VALUE_DRIVER_OFFSET) && (KeyValue <
KEY_VALUE_DRIVER_OFFSET + mDriverImageHandleCount)) {
+ mDriSelection[KeyValue - KEY_VALUE_DRIVER_OFFSET] = Value->b;
+ } else {
+ switch (KeyValue) {
+ case KEY_VALUE_DEVICE_REFRESH:
+ case KEY_VALUE_DEVICE_FILTER:
+ UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
+ //
+ // Update page title string
+ //
+ NewStringToken = STRING_TOKEN (STR_TITLE);
+ if (HiiSetString (Private->RegisteredHandle, NewStringToken, L"First,
Select the controller by device path", NULL) == 0) {
+ ASSERT (FALSE);
+ }
+ break;
+
+ case KEY_VALUE_ORDER_SAVE_AND_EXIT:
+ Status = CommitChanges (Private, KeyValue, FakeNvData);
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"Single
Override Info too large, Saving Error!", NULL);
+ return EFI_DEVICE_ERROR;
+ }
+ break;
+
+ default:
+ break;
}
- break;
-
- case KEY_VALUE_ORDER_SAVE_AND_EXIT:
- Status = CommintChanges (Private, KeyValue, FakeNvData);
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
- if (EFI_ERROR (Status)) {
- CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"Single
Override Info too large, Saving Error!", NULL);
- return EFI_DEVICE_ERROR;
- }
- break;
-
- default:
- break;
}
}
@@ -1659,10 +1685,6 @@
//
mDriverImageHandleCount = 0;
mCurrentPage = 0;
- ZeroMem (mDriverImageToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
- ZeroMem (mDriverImageFilePathToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
- ZeroMem (mControllerToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
- ZeroMem (mDriverImageProtocol, MAX_CHOICE_NUM * sizeof
(EFI_LOADED_IMAGE_PROTOCOL *));
return EFI_SUCCESS;
@@ -1706,5 +1728,17 @@
FreePool (mCallbackInfo);
+ if (mControllerToken != NULL) {
+ FreePool (mControllerToken);
+ }
+
+ if (mControllerDevicePathProtocol != NULL) {
+ FreePool (mControllerDevicePathProtocol);
+ }
+
+ if (mDriverImageToken != NULL) {
+ FreePool (mDriverImageToken);
+ }
+
return EFI_SUCCESS;
}
Modified:
trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatOverMngr.h
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatOverMngr.h
2014-08-19 05:37:28 UTC (rev 15828)
+++ trunk/edk2/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatOverMngr.h
2014-08-19 07:20:19 UTC (rev 15829)
@@ -3,7 +3,7 @@
The defintions are required both by Source code and Vfr file.
The PLAT_OVER_MNGR_DATA structure, form guid and Ifr question ID are
defined.
-Copyright (c) 2007 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -22,7 +22,7 @@
//
// The max number of the supported driver list.
//
-#define MAX_CHOICE_NUM 0x00ff
+#define MAX_CHOICE_NUM 0x00FF
#define UPDATE_DATA_SIZE 0x1000
#define FORM_ID_DEVICE 0x1100
@@ -30,7 +30,7 @@
#define FORM_ID_ORDER 0x1500
#define KEY_VALUE_DEVICE_OFFSET 0x0100
-#define KEY_VALUE_DEVICE_MAX (KEY_VALUE_DEVICE_OFFSET +
MAX_CHOICE_NUM)
+#define KEY_VALUE_DRIVER_OFFSET 0x0300
#define KEY_VALUE_DEVICE_REFRESH 0x1234
#define KEY_VALUE_DEVICE_FILTER 0x1235
@@ -47,7 +47,6 @@
#define LABEL_END 0xffff
typedef struct {
- UINT8 DriSelection[MAX_CHOICE_NUM];
UINT8 DriOrder[MAX_CHOICE_NUM];
UINT8 PciDeviceFilter;
} PLAT_OVER_MNGR_DATA;
@@ -56,7 +55,6 @@
// Field offset of structure PLAT_OVER_MNGR_DATA
//
#define VAR_OFFSET(Field) ((UINTN) &(((PLAT_OVER_MNGR_DATA *)
0)->Field))
-#define DRIVER_SELECTION_VAR_OFFSET (VAR_OFFSET (DriSelection))
#define DRIVER_ORDER_VAR_OFFSET (VAR_OFFSET (DriOrder))
//
@@ -64,7 +62,6 @@
// In order to avoid to conflict them, the Driver Selection and Order
QuestionID offset is defined from 0x0500.
//
#define QUESTION_ID_OFFSET 0x0500
-#define DRIVER_SELECTION_QUESTION_ID (VAR_OFFSET (DriSelection) +
QUESTION_ID_OFFSET)
#define DRIVER_ORDER_QUESTION_ID (VAR_OFFSET (DriOrder) +
QUESTION_ID_OFFSET)
#endif
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
