edk2[16430] Sync patch r16227 from main trunk.

vanjeff Mon, 24 Nov 2014 23:13:29 -0800

Revision: 16430
          http://sourceforge.net/p/edk2/code/16430
Author:   vanjeff
Date:     2014-11-25 07:11:54 +0000 (Tue, 25 Nov 2014)
Log Message:
-----------
Sync patch r16227 from main trunk.


Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory 
overflow issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <[email protected]>
Reviewed-by: Yao Jiewen <[email protected]>

(cherry picked from commit 396d9cb178f841ab3980f5f788ae26231e02fbc8)

Revision Links:
--------------
    http://sourceforge.net/p/edk2/code/16227

Modified Paths:
--------------
    
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
    
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
    
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
    
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf

Modified: 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
===================================================================
--- 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c 
    2014-11-25 07:11:03 UTC (rev 16429)
+++ 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c 
    2014-11-25 07:11:54 UTC (rev 16430)
@@ -7,6 +7,10 @@
   This external input must be validated carefully to avoid security issue like
   buffer overflow, integer overflow.
   Variable attribute should also be checked to avoid authentication bypass.
+     The whole SMM authentication variable design relies on the integrity of 
flash part and SMM.
+  which is assumed to be protected by platform.  All variable code and 
metadata in flash/SMM Memory
+  may not be modified without authorization. If platform fails to protect 
these resources, 
+  the authentication service provided in this driver will be broken, and the 
behavior is undefined.
 
   ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the 
function to do
   variable authentication.
@@ -251,6 +255,10 @@
     DataSize  = DataSizeOfVariable (Variable.CurrPtr);
     Data      = GetVariableDataPtr (Variable.CurrPtr);
     ASSERT ((DataSize != 0) && (Data != NULL));
+    //
+    // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always 
ensured not to exceed mPubKeyStore buffer size(See definition before) 
+    //  Therefore, there is no memory overflow in underlying CopyMem.
+    //
     CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
     mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
   }
@@ -564,6 +572,10 @@
       DataSize  = DataSizeOfVariable (Variable.CurrPtr);
       Data      = GetVariableDataPtr (Variable.CurrPtr);
       ASSERT ((DataSize != 0) && (Data != NULL));
+      //
+      // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is 
always ensured not to exceed mPubKeyStore buffer size(See definition before) 
+      //  Therefore, there is no memory overflow in underlying CopyMem.
+      //
       CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
       mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
 

Modified: 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
===================================================================
--- 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h 
    2014-11-25 07:11:03 UTC (rev 16429)
+++ 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h 
    2014-11-25 07:11:54 UTC (rev 16430)
@@ -2,6 +2,16 @@
   The internal header file includes the common header files, defines
   internal structure and functions used by AuthService module.
 
+  Caution: This module requires additional review when modified.
+  This driver will have external input - variable data. It may be input in SMM 
mode.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+  Variable attribute should also be checked to avoid authentication bypass.
+     The whole SMM authentication variable design relies on the integrity of 
flash part and SMM.
+  which is assumed to be protected by platform.  All variable code and 
metadata in flash/SMM Memory
+  may not be modified without authorization. If platform fails to protect 
these resources, 
+  the authentication service provided in this driver will be broken, and the 
behavior is undefined.
+
 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License

Modified: 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
===================================================================
--- 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
   2014-11-25 07:11:03 UTC (rev 16429)
+++ 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
   2014-11-25 07:11:54 UTC (rev 16430)
@@ -13,6 +13,10 @@
 #  This driver will have external input - variable data and communicate buffer 
in SMM mode.
 #  This external input must be validated carefully to avoid security issues 
such as 
 #  buffer overflow or integer overflow.
+#    The whole SMM authentication variable design relies on the integrity of 
flash part and SMM.
+#  which is assumed to be protected by platform.  All variable code and 
metadata in flash/SMM Memory
+#  may not be modified without authorization. If platform fails to protect 
these resources, 
+#  the authentication service provided in this driver will be broken, and the 
behavior is undefined.
 #
 # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials

Modified: 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
===================================================================
--- 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
 2014-11-25 07:11:03 UTC (rev 16429)
+++ 
branches/UDK2014.SP1/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
 2014-11-25 07:11:54 UTC (rev 16430)
@@ -8,6 +8,10 @@
 #  This driver will have external input - variable data.
 #  This external input must be validated carefully to avoid security issues 
such as 
 #  buffer overflow or integer overflow.
+#    The whole SMM authentication variable design relies on the integrity of 
flash part and SMM.
+#  which is assumed to be protected by platform.  All variable code and 
metadata in flash/SMM Memory
+#  may not be modified without authorization. If platform fails to protect 
these resources, 
+#  the authentication service provided in this driver will be broken, and the 
behavior is undefined.
 #
 # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

edk2[16430] Sync patch r16227 from main trunk.

Reply via email to