Revision: 17107
http://sourceforge.net/p/edk2/code/17107
Author: oliviermartin
Date: 2015-04-02 13:50:18 +0000 (Thu, 02 Apr 2015)
Log Message:
-----------
EmbeddedPkg/Lan9118Dxe: Fix risk of buffer overflow.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <[email protected]>
Reviewed-by: Ronald Cron <[email protected]>
Modified Paths:
--------------
trunk/edk2/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c
Modified: trunk/edk2/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c
===================================================================
--- trunk/edk2/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c 2015-04-02
13:49:05 UTC (rev 17106)
+++ trunk/edk2/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c 2015-04-02
13:50:18 UTC (rev 17107)
@@ -1412,12 +1412,6 @@
PLength = GET_RXSTATUS_PACKET_LENGTH(RxFifoStatus);
LanDriver->Stats.RxTotalBytes += (PLength - 4);
- // Check buffer size
- if (*BuffSize < PLength) {
- *BuffSize = PLength;
- return EFI_BUFFER_TOO_SMALL;
- }
-
// If padding is applied, read more DWORDs
if (PLength % 4) {
Padding = 4 - (PLength % 4);
@@ -1427,6 +1421,12 @@
Padding = 0;
}
+ // Check buffer size
+ if (*BuffSize < (PLength + Padding)) {
+ *BuffSize = PLength + Padding;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
// Set the amount of data to be transfered out of FIFO for THIS packet
// This can be used to trigger an interrupt, and status can be checked
RxCfgValue = MmioRead32 (LAN9118_RX_CFG);
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
