tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refine the code logic, use dynamic allocate buffer instead of static array to fix potential buffer overflow. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15829 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Eric Dong 2014-08-19 07:20:19 +00:00 committed by ydong10
parent 69c0fbd2c5
commit 17e95ca9a7
2 changed files with 100 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideDxe.c
View File

@ -70,16 +70,16 @@ EFI_HANDLE *mDevicePathHandleBuffer;
EFI_HANDLE *mDriverImageHandleBuffer; EFI_HANDLE *mDriverImageHandleBuffer;
INTN mSelectedCtrIndex; INTN mSelectedCtrIndex;
EFI_STRING_ID mControllerToken[MAX_CHOICE_NUM]; EFI_STRING_ID *mControllerToken;
UINTN mDriverImageHandleCount; UINTN mDriverImageHandleCount;
EFI_STRING_ID mDriverImageToken[MAX_CHOICE_NUM]; EFI_STRING_ID *mDriverImageToken;
EFI_STRING_ID mDriverImageFilePathToken[MAX_CHOICE_NUM]; EFI_DEVICE_PATH_PROTOCOL **mControllerDevicePathProtocol;
EFI_LOADED_IMAGE_PROTOCOL *mDriverImageProtocol[MAX_CHOICE_NUM];
EFI_DEVICE_PATH_PROTOCOL *mControllerDevicePathProtocol[MAX_CHOICE_NUM];
UINTN mSelectedDriverImageNum; UINTN mSelectedDriverImageNum;
UINTN mLastSavedDriverImageNum; UINTN mLastSavedDriverImageNum;
UINT16 mCurrentPage; UINT16 mCurrentPage;
EFI_CALLBACK_INFO *mCallbackInfo; EFI_CALLBACK_INFO *mCallbackInfo;
BOOLEAN *mDriSelection;
UINTN mMaxDeviceCount;
HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = { HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
{ {
@ -425,6 +425,12 @@ UpdateDeviceSelectPage (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
mMaxDeviceCount = DevicePathHandleCount;
mControllerDevicePathProtocol = AllocateZeroPool (DevicePathHandleCount * sizeof (EFI_DEVICE_PATH_PROTOCOL *));
ASSERT (mControllerDevicePathProtocol != NULL);
mControllerToken = AllocateZeroPool (DevicePathHandleCount * sizeof (EFI_STRING_ID));
ASSERT (mControllerToken != NULL);
for (Index = 0; Index < DevicePathHandleCount; Index++) { for (Index = 0; Index < DevicePathHandleCount; Index++) {
if (FakeNvData->PciDeviceFilter == 0x01) { if (FakeNvData->PciDeviceFilter == 0x01) {
// //
@ -630,6 +636,9 @@ UpdateBindingDriverSelectPage (
VOID *EndOpCodeHandle; VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel; EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel; EFI_IFR_GUID_LABEL *EndLabel;
EFI_LOADED_IMAGE_PROTOCOL **DriverImageProtocol;
EFI_STRING_ID *DriverImageFilePathToken;
UINT8 CheckFlags;
// //
// If user select a controller item in the first page the following code will be run. // If user select a controller item in the first page the following code will be run.
@ -698,6 +707,16 @@ UpdateBindingDriverSelectPage (
return EFI_NOT_FOUND; return EFI_NOT_FOUND;
} }
mDriverImageToken = AllocateZeroPool (DriverImageHandleCount * sizeof (EFI_STRING_ID));
ASSERT (mDriverImageToken != NULL);
mDriSelection = AllocateZeroPool (DriverImageHandleCount * sizeof (BOOLEAN));
ASSERT (mDriSelection != NULL);
DriverImageProtocol = AllocateZeroPool (DriverImageHandleCount * sizeof (EFI_LOADED_IMAGE_PROTOCOL *));
ASSERT (DriverImageProtocol != NULL);
DriverImageFilePathToken = AllocateZeroPool (DriverImageHandleCount * sizeof (EFI_STRING_ID));
ASSERT (DriverImageFilePathToken != NULL);
mDriverImageHandleCount = DriverImageHandleCount; mDriverImageHandleCount = DriverImageHandleCount;
for (Index = 0; Index < DriverImageHandleCount; Index++) { for (Index = 0; Index < DriverImageHandleCount; Index++) {
// //
@ -718,16 +737,16 @@ UpdateBindingDriverSelectPage (
EFI_OPEN_PROTOCOL_GET_PROTOCOL EFI_OPEN_PROTOCOL_GET_PROTOCOL
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
FakeNvData->DriSelection[Index] = 0x00; mDriSelection[Index] = FALSE;
continue; continue;
} }
mDriverImageProtocol[Index] = LoadedImage; DriverImageProtocol[Index] = LoadedImage;
// //
// Find its related driver binding protocol // Find its related driver binding protocol
// //
DriverBindingHandle = GetDriverBindingHandleFromImageHandle (mDriverImageHandleBuffer[Index]); DriverBindingHandle = GetDriverBindingHandleFromImageHandle (mDriverImageHandleBuffer[Index]);
if (DriverBindingHandle == NULL) { if (DriverBindingHandle == NULL) {
FakeNvData->DriSelection[Index] = 0x00; mDriSelection[Index] = FALSE;
continue; continue;
} }
@ -741,7 +760,7 @@ UpdateBindingDriverSelectPage (
(VOID **) &LoadedImageDevicePath (VOID **) &LoadedImageDevicePath
); );
if (LoadedImageDevicePath == NULL) { if (LoadedImageDevicePath == NULL) {
FakeNvData->DriSelection[Index] = 0x00; mDriSelection[Index] = FALSE;
continue; continue;
} }
@ -757,11 +776,11 @@ UpdateBindingDriverSelectPage (
(VOID **) &BusSpecificDriverOverride (VOID **) &BusSpecificDriverOverride
); );
if (EFI_ERROR (Status) || BusSpecificDriverOverride == NULL) { if (EFI_ERROR (Status) || BusSpecificDriverOverride == NULL) {
FakeNvData->DriSelection[Index] = 0x00; mDriSelection[Index] = FALSE;
continue; continue;
} }
} else { } else {
FakeNvData->DriSelection[Index] = 0x00; mDriSelection[Index] = FALSE;
continue; continue;
} }
} }
@ -798,9 +817,9 @@ UpdateBindingDriverSelectPage (
NewString = AllocateZeroPool (StrSize (DriverName)); NewString = AllocateZeroPool (StrSize (DriverName));
ASSERT (NewString != NULL); ASSERT (NewString != NULL);
if (EFI_ERROR (CheckMapping (mControllerDevicePathProtocol[mSelectedCtrIndex], LoadedImageDevicePath, &mMappingDataBase, NULL, NULL))) { if (EFI_ERROR (CheckMapping (mControllerDevicePathProtocol[mSelectedCtrIndex], LoadedImageDevicePath, &mMappingDataBase, NULL, NULL))) {
FakeNvData->DriSelection[Index] = 0x00; mDriSelection[Index] = FALSE;
} else { } else {
FakeNvData->DriSelection[Index] = 0x01; mDriSelection[Index] = TRUE;
mLastSavedDriverImageNum++; mLastSavedDriverImageNum++;
} }
StrCat (NewString, DriverName); StrCat (NewString, DriverName);
@ -820,21 +839,26 @@ UpdateBindingDriverSelectPage (
NewString = AllocateZeroPool (StrSize (DriverName)); NewString = AllocateZeroPool (StrSize (DriverName));
ASSERT (NewString != NULL); ASSERT (NewString != NULL);
StrCat (NewString, DriverName); StrCat (NewString, DriverName);
NewStringHelpToken = HiiSetString (Private->RegisteredHandle, mDriverImageFilePathToken[Index], NewString, NULL); NewStringHelpToken = HiiSetString (Private->RegisteredHandle, DriverImageFilePathToken[Index], NewString, NULL);
ASSERT (NewStringHelpToken != 0); ASSERT (NewStringHelpToken != 0);
mDriverImageFilePathToken[Index] = NewStringHelpToken; DriverImageFilePathToken[Index] = NewStringHelpToken;
FreePool (NewString); FreePool (NewString);
FreePool (DriverName); FreePool (DriverName);
CheckFlags = 0;
if (mDriSelection[Index]) {
CheckFlags |= EFI_IFR_CHECKBOX_DEFAULT;
}
HiiCreateCheckBoxOpCode ( HiiCreateCheckBoxOpCode (
StartOpCodeHandle, StartOpCodeHandle,
(UINT16) (DRIVER_SELECTION_QUESTION_ID + Index), (UINT16) (KEY_VALUE_DRIVER_OFFSET + Index),
VARSTORE_ID_PLAT_OVER_MNGR, 0,
(UINT16) (DRIVER_SELECTION_VAR_OFFSET + Index), 0,
NewStringToken, NewStringToken,
NewStringHelpToken, NewStringHelpToken,
0, EFI_IFR_FLAG_CALLBACK,
0, CheckFlags,
NULL NULL
); );
} }
@ -852,6 +876,15 @@ UpdateBindingDriverSelectPage (
HiiFreeOpCodeHandle (StartOpCodeHandle); HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle); HiiFreeOpCodeHandle (EndOpCodeHandle);
if (DriverImageProtocol != NULL) {
FreePool (DriverImageProtocol);
}
if (DriverImageFilePathToken != NULL) {
FreePool (DriverImageFilePathToken);
}
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -932,7 +965,7 @@ UpdatePrioritySelectPage (
// //
SelectedDriverImageNum = 0; SelectedDriverImageNum = 0;
for (Index = 0; Index < mDriverImageHandleCount; Index++) { for (Index = 0; Index < mDriverImageHandleCount; Index++) {
if (FakeNvData->DriSelection[Index] != 0) { if (mDriSelection[Index]) {
SelectedDriverImageNum ++; SelectedDriverImageNum ++;
} }
} }
@ -950,7 +983,7 @@ UpdatePrioritySelectPage (
// //
SelectedDriverImageNum = 0; SelectedDriverImageNum = 0;
for (Index = 0; Index < mDriverImageHandleCount; Index++) { for (Index = 0; Index < mDriverImageHandleCount; Index++) {
if (FakeNvData->DriSelection[Index] != 0) { if (mDriSelection[Index]) {
// //
// Use the NO. in driver binding buffer as value, will use it later // Use the NO. in driver binding buffer as value, will use it later
// //
@ -1068,7 +1101,7 @@ UpdatePrioritySelectPage (
**/ **/
EFI_STATUS EFI_STATUS
CommintChanges ( CommitChanges (
IN EFI_CALLBACK_INFO *Private, IN EFI_CALLBACK_INFO *Private,
IN UINT16 KeyValue, IN UINT16 KeyValue,
IN PLAT_OVER_MNGR_DATA *FakeNvData IN PLAT_OVER_MNGR_DATA *FakeNvData
@ -1263,21 +1296,10 @@ PlatOverMngrRouteConfig (
} }
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
if (mCurrentPage == FORM_ID_DRIVER) {
KeyValue = KEY_VALUE_DRIVER_GOTO_ORDER;
UpdatePrioritySelectPage (Private, KeyValue, FakeNvData);
KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
Status = CommintChanges (Private, KeyValue, FakeNvData);
//
// Since UpdatePrioritySelectPage will change mCurrentPage,
// should ensure the mCurrentPage still indicate the second page here
//
mCurrentPage = FORM_ID_DRIVER;
}
if (mCurrentPage == FORM_ID_ORDER) { if (mCurrentPage == FORM_ID_ORDER) {
KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT; KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
Status = CommintChanges (Private, KeyValue, FakeNvData); Status = CommitChanges (Private, KeyValue, FakeNvData);
} }
return Status; return Status;
@ -1350,7 +1372,7 @@ PlatOverMngrCallback (
} }
} }
if (((KeyValue >= KEY_VALUE_DEVICE_OFFSET) && (KeyValue < KEY_VALUE_DEVICE_MAX)) || (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS)) { if (((KeyValue >= KEY_VALUE_DEVICE_OFFSET) && (KeyValue < KEY_VALUE_DEVICE_OFFSET + mMaxDeviceCount)) || (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS)) {
if (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS) { if (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS) {
KeyValue = (EFI_QUESTION_ID) (mSelectedCtrIndex + KEY_VALUE_DEVICE_OFFSET); KeyValue = (EFI_QUESTION_ID) (mSelectedCtrIndex + KEY_VALUE_DEVICE_OFFSET);
} }
@ -1384,30 +1406,34 @@ PlatOverMngrCallback (
UpdateDeviceSelectPage (Private, KeyValue, FakeNvData); UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
} }
} else if (Action == EFI_BROWSER_ACTION_CHANGED) { } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (KeyValue) { if ((KeyValue >= KEY_VALUE_DRIVER_OFFSET) && (KeyValue < KEY_VALUE_DRIVER_OFFSET + mDriverImageHandleCount)) {
case KEY_VALUE_DEVICE_REFRESH: mDriSelection[KeyValue - KEY_VALUE_DRIVER_OFFSET] = Value->b;
case KEY_VALUE_DEVICE_FILTER: } else {
UpdateDeviceSelectPage (Private, KeyValue, FakeNvData); switch (KeyValue) {
// case KEY_VALUE_DEVICE_REFRESH:
// Update page title string case KEY_VALUE_DEVICE_FILTER:
// UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
NewStringToken = STRING_TOKEN (STR_TITLE); //
if (HiiSetString (Private->RegisteredHandle, NewStringToken, L"First, Select the controller by device path", NULL) == 0) { // Update page title string
ASSERT (FALSE); //
} NewStringToken = STRING_TOKEN (STR_TITLE);
break; if (HiiSetString (Private->RegisteredHandle, NewStringToken, L"First, Select the controller by device path", NULL) == 0) {
ASSERT (FALSE);
case KEY_VALUE_ORDER_SAVE_AND_EXIT: }
Status = CommintChanges (Private, KeyValue, FakeNvData); break;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
if (EFI_ERROR (Status)) { case KEY_VALUE_ORDER_SAVE_AND_EXIT:
CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"Single Override Info too large, Saving Error!", NULL); Status = CommitChanges (Private, KeyValue, FakeNvData);
return EFI_DEVICE_ERROR; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
} if (EFI_ERROR (Status)) {
break; CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"Single Override Info too large, Saving Error!", NULL);
return EFI_DEVICE_ERROR;
}
break;
default: default:
break; break;
}
} }
} }
@ -1659,10 +1685,6 @@ PlatDriOverrideDxeInit (
// //
mDriverImageHandleCount = 0; mDriverImageHandleCount = 0;
mCurrentPage = 0; mCurrentPage = 0;
ZeroMem (mDriverImageToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
ZeroMem (mDriverImageFilePathToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
ZeroMem (mControllerToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
ZeroMem (mDriverImageProtocol, MAX_CHOICE_NUM * sizeof (EFI_LOADED_IMAGE_PROTOCOL *));
return EFI_SUCCESS; return EFI_SUCCESS;
@ -1706,5 +1728,17 @@ PlatDriOverrideDxeUnload (
FreePool (mCallbackInfo); FreePool (mCallbackInfo);
if (mControllerToken != NULL) {
FreePool (mControllerToken);
}
if (mControllerDevicePathProtocol != NULL) {
FreePool (mControllerDevicePathProtocol);
}
if (mDriverImageToken != NULL) {
FreePool (mDriverImageToken);
}
return EFI_SUCCESS; return EFI_SUCCESS;
} }

9
MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatOverMngr.h
View File

@ -3,7 +3,7 @@
The defintions are required both by Source code and Vfr file. The defintions are required both by Source code and Vfr file.
The PLAT_OVER_MNGR_DATA structure, form guid and Ifr question ID are defined. The PLAT_OVER_MNGR_DATA structure, form guid and Ifr question ID are defined.
Copyright (c) 2007 - 2011, Intel Corporation. All rights reserved.<BR> Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -22,7 +22,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
// //
// The max number of the supported driver list. // The max number of the supported driver list.
// //
#define MAX_CHOICE_NUM 0x00ff #define MAX_CHOICE_NUM 0x00FF
#define UPDATE_DATA_SIZE 0x1000 #define UPDATE_DATA_SIZE 0x1000
#define FORM_ID_DEVICE 0x1100 #define FORM_ID_DEVICE 0x1100
@ -30,7 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define FORM_ID_ORDER 0x1500 #define FORM_ID_ORDER 0x1500
#define KEY_VALUE_DEVICE_OFFSET 0x0100 #define KEY_VALUE_DEVICE_OFFSET 0x0100
#define KEY_VALUE_DEVICE_MAX (KEY_VALUE_DEVICE_OFFSET + MAX_CHOICE_NUM) #define KEY_VALUE_DRIVER_OFFSET 0x0300
#define KEY_VALUE_DEVICE_REFRESH 0x1234 #define KEY_VALUE_DEVICE_REFRESH 0x1234
#define KEY_VALUE_DEVICE_FILTER 0x1235 #define KEY_VALUE_DEVICE_FILTER 0x1235
@ -47,7 +47,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define LABEL_END 0xffff #define LABEL_END 0xffff
typedef struct { typedef struct {
UINT8 DriSelection[MAX_CHOICE_NUM];
UINT8 DriOrder[MAX_CHOICE_NUM]; UINT8 DriOrder[MAX_CHOICE_NUM];
UINT8 PciDeviceFilter; UINT8 PciDeviceFilter;
} PLAT_OVER_MNGR_DATA; } PLAT_OVER_MNGR_DATA;
@ -56,7 +55,6 @@ typedef struct {
// Field offset of structure PLAT_OVER_MNGR_DATA // Field offset of structure PLAT_OVER_MNGR_DATA
// //
#define VAR_OFFSET(Field) ((UINTN) &(((PLAT_OVER_MNGR_DATA *) 0)->Field)) #define VAR_OFFSET(Field) ((UINTN) &(((PLAT_OVER_MNGR_DATA *) 0)->Field))
#define DRIVER_SELECTION_VAR_OFFSET (VAR_OFFSET (DriSelection))
#define DRIVER_ORDER_VAR_OFFSET (VAR_OFFSET (DriOrder)) #define DRIVER_ORDER_VAR_OFFSET (VAR_OFFSET (DriOrder))
// //
@ -64,7 +62,6 @@ typedef struct {
// In order to avoid to conflict them, the Driver Selection and Order QuestionID offset is defined from 0x0500. // In order to avoid to conflict them, the Driver Selection and Order QuestionID offset is defined from 0x0500.
// //
#define QUESTION_ID_OFFSET 0x0500 #define QUESTION_ID_OFFSET 0x0500
#define DRIVER_SELECTION_QUESTION_ID (VAR_OFFSET (DriSelection) + QUESTION_ID_OFFSET)
#define DRIVER_ORDER_QUESTION_ID (VAR_OFFSET (DriOrder) + QUESTION_ID_OFFSET) #define DRIVER_ORDER_QUESTION_ID (VAR_OFFSET (DriOrder) + QUESTION_ID_OFFSET)
#endif #endif