mirror of https://github.com/acidanthera/audk.git
MdeModulePkg Variable: Add missing warning annotation.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16401 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
285a175441
commit
18a7dbbc02
|
@ -3,6 +3,17 @@
|
||||||
The common variable operation routines shared by DXE_RUNTIME variable
|
The common variable operation routines shared by DXE_RUNTIME variable
|
||||||
module and DXE_SMM variable module.
|
module and DXE_SMM variable module.
|
||||||
|
|
||||||
|
Caution: This module requires additional review when modified.
|
||||||
|
This driver will have external input - variable data. They may be input in SMM mode.
|
||||||
|
This external input must be validated carefully to avoid security issue like
|
||||||
|
buffer overflow, integer overflow.
|
||||||
|
|
||||||
|
VariableServiceGetNextVariableName () and VariableServiceQueryVariableInfo() are external API.
|
||||||
|
They need check input parameter.
|
||||||
|
|
||||||
|
VariableServiceGetVariable() and VariableServiceSetVariable() are external API
|
||||||
|
to receive datasize and data buffer. The size should be checked carefully.
|
||||||
|
|
||||||
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
@ -2276,6 +2287,10 @@ VariableLockRequestToLock (
|
||||||
|
|
||||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
This function may be invoked in SMM mode, and datasize is external input.
|
||||||
|
This function will do basic validation, before parse the data.
|
||||||
|
|
||||||
@param VariableName Name of Variable to be found.
|
@param VariableName Name of Variable to be found.
|
||||||
@param VendorGuid Variable vendor GUID.
|
@param VendorGuid Variable vendor GUID.
|
||||||
@param Attributes Attribute value of the variable found.
|
@param Attributes Attribute value of the variable found.
|
||||||
|
@ -2353,6 +2368,9 @@ Done:
|
||||||
|
|
||||||
This code Finds the Next available variable.
|
This code Finds the Next available variable.
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||||
|
|
||||||
@param VariableNameSize Size of the variable name.
|
@param VariableNameSize Size of the variable name.
|
||||||
@param VariableName Pointer to variable name.
|
@param VariableName Pointer to variable name.
|
||||||
@param VendorGuid Variable Vendor Guid.
|
@param VendorGuid Variable Vendor Guid.
|
||||||
|
@ -2515,6 +2533,10 @@ Done:
|
||||||
|
|
||||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||||
|
This function will do basic validation, before parse the data.
|
||||||
|
|
||||||
@param VariableName Name of Variable to be found.
|
@param VariableName Name of Variable to be found.
|
||||||
@param VendorGuid Variable vendor GUID.
|
@param VendorGuid Variable vendor GUID.
|
||||||
@param Attributes Attribute value of the variable found
|
@param Attributes Attribute value of the variable found
|
||||||
|
@ -2686,6 +2708,9 @@ Done:
|
||||||
|
|
||||||
This code returns information about the EFI variables.
|
This code returns information about the EFI variables.
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||||
|
|
||||||
@param Attributes Attributes bitmask to specify the type of variables
|
@param Attributes Attributes bitmask to specify the type of variables
|
||||||
on which to return information.
|
on which to return information.
|
||||||
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
||||||
|
@ -2839,6 +2864,9 @@ VariableServiceQueryVariableInfoInternal (
|
||||||
|
|
||||||
This code returns information about the EFI variables.
|
This code returns information about the EFI variables.
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||||
|
|
||||||
@param Attributes Attributes bitmask to specify the type of variables
|
@param Attributes Attributes bitmask to specify the type of variables
|
||||||
on which to return information.
|
on which to return information.
|
||||||
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
||||||
|
@ -2910,7 +2938,10 @@ VariableServiceQueryVariableInfo (
|
||||||
|
|
||||||
/**
|
/**
|
||||||
This function reclaims variable storage if free size is below the threshold.
|
This function reclaims variable storage if free size is below the threshold.
|
||||||
|
|
||||||
|
Caution: This function may be invoked at SMM mode.
|
||||||
|
Care must be taken to make sure not security issue.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID
|
VOID
|
||||||
ReclaimForOS(
|
ReclaimForOS(
|
||||||
|
|
|
@ -3,6 +3,11 @@
|
||||||
#
|
#
|
||||||
# It provides four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo.
|
# It provides four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo.
|
||||||
#
|
#
|
||||||
|
# Caution: This module requires additional review when modified.
|
||||||
|
# This driver will have external input - variable data.
|
||||||
|
# This external input must be validated carefully to avoid security issues such as
|
||||||
|
# buffer overflow or integer overflow.
|
||||||
|
#
|
||||||
# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
#
|
#
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
|
|
Binary file not shown.
|
@ -4,6 +4,16 @@
|
||||||
and volatile storage space and install variable architecture protocol
|
and volatile storage space and install variable architecture protocol
|
||||||
based on SMM variable module.
|
based on SMM variable module.
|
||||||
|
|
||||||
|
Caution: This module requires additional review when modified.
|
||||||
|
This driver will have external input - variable data.
|
||||||
|
This external input must be validated carefully to avoid security issue like
|
||||||
|
buffer overflow, integer overflow.
|
||||||
|
|
||||||
|
RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
|
||||||
|
to receive data buffer. The size should be checked carefully.
|
||||||
|
|
||||||
|
InitCommunicateBuffer() is really function to check the variable data size.
|
||||||
|
|
||||||
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
@ -97,6 +107,9 @@ ReleaseLockOnlyAtBootTime (
|
||||||
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
|
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
|
||||||
DataSize.
|
DataSize.
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
The data size external input, so this function will validate it carefully to avoid buffer overflow.
|
||||||
|
|
||||||
@param[out] DataPtr Points to the data in the communicate buffer.
|
@param[out] DataPtr Points to the data in the communicate buffer.
|
||||||
@param[in] DataSize The data size to send to SMM.
|
@param[in] DataSize The data size to send to SMM.
|
||||||
@param[in] Function The function number to initialize the communicate header.
|
@param[in] Function The function number to initialize the communicate header.
|
||||||
|
@ -234,6 +247,9 @@ Done:
|
||||||
/**
|
/**
|
||||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
The data size is external input, so this function will validate it carefully to avoid buffer overflow.
|
||||||
|
|
||||||
@param[in] VariableName Name of Variable to be found.
|
@param[in] VariableName Name of Variable to be found.
|
||||||
@param[in] VendorGuid Variable vendor GUID.
|
@param[in] VendorGuid Variable vendor GUID.
|
||||||
@param[out] Attributes Attribute value of the variable found.
|
@param[out] Attributes Attribute value of the variable found.
|
||||||
|
@ -453,6 +469,9 @@ Done:
|
||||||
/**
|
/**
|
||||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||||
|
|
||||||
|
Caution: This function may receive untrusted input.
|
||||||
|
The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
|
||||||
|
|
||||||
@param[in] VariableName Name of Variable to be found.
|
@param[in] VariableName Name of Variable to be found.
|
||||||
@param[in] VendorGuid Variable vendor GUID.
|
@param[in] VendorGuid Variable vendor GUID.
|
||||||
@param[in] Attributes Attribute value of the variable found
|
@param[in] Attributes Attribute value of the variable found
|
||||||
|
|
|
@ -5,6 +5,11 @@
|
||||||
# four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo
|
# four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo
|
||||||
# and works with SMM variable module together.
|
# and works with SMM variable module together.
|
||||||
#
|
#
|
||||||
|
# Caution: This module requires additional review when modified.
|
||||||
|
# This driver will have external input - variable data.
|
||||||
|
# This external input must be validated carefully to avoid security issues such as
|
||||||
|
# buffer overflow or integer overflow.
|
||||||
|
#
|
||||||
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
#
|
#
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue