mirror of https://github.com/acidanthera/audk.git
OvmfPkg: SataControllerDxe: SataControllerStop: fix use after free
It would be possible to remove the UAF without local variables, by calling
SataPrivateData->PciIo->Attributes() before releasing SataPrivateData.
However, by keeping the location of the call (for which temporary
variables are necessary), we continue to match the error path logic in
SataControllerStart(), which is always recommended.
Reported-by: wang xiaofeng <winggundum82@163.com>
Fixes: bcab714134
Cc: wang xiaofeng <winggundum82@163.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
This commit is contained in:
parent
81310a62be
commit
0b448dd8b2
|
@ -570,6 +570,8 @@ SataControllerStop (
|
|||
EFI_STATUS Status;
|
||||
EFI_IDE_CONTROLLER_INIT_PROTOCOL *IdeInit;
|
||||
EFI_SATA_CONTROLLER_PRIVATE_DATA *SataPrivateData;
|
||||
EFI_PCI_IO_PROTOCOL *PciIo;
|
||||
UINT64 OriginalPciAttributes;
|
||||
|
||||
//
|
||||
// Open the produced protocol
|
||||
|
@ -589,6 +591,9 @@ SataControllerStop (
|
|||
SataPrivateData = SATA_CONTROLLER_PRIVATE_DATA_FROM_THIS (IdeInit);
|
||||
ASSERT (SataPrivateData != NULL);
|
||||
|
||||
PciIo = SataPrivateData->PciIo;
|
||||
OriginalPciAttributes = SataPrivateData->OriginalPciAttributes;
|
||||
|
||||
//
|
||||
// Uninstall the IDE Controller Init Protocol from this instance
|
||||
//
|
||||
|
@ -616,12 +621,12 @@ SataControllerStop (
|
|||
//
|
||||
// Restore original PCI attributes
|
||||
//
|
||||
SataPrivateData->PciIo->Attributes (
|
||||
SataPrivateData->PciIo,
|
||||
EfiPciIoAttributeOperationSet,
|
||||
SataPrivateData->OriginalPciAttributes,
|
||||
NULL
|
||||
);
|
||||
PciIo->Attributes (
|
||||
PciIo,
|
||||
EfiPciIoAttributeOperationSet,
|
||||
OriginalPciAttributes,
|
||||
NULL
|
||||
);
|
||||
|
||||
//
|
||||
// Close protocols opened by Sata Controller driver
|
||||
|
|
Loading…
Reference in New Issue