tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 07:34:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ring3: Added sanity checks.

Browse Source
This commit is contained in:
Mikhail Krichanov 2024-02-26 11:56:44 +03:00
parent d704a3c6e7
commit 28c1dbe5f2
2 changed files with 97 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MdeModulePkg/Core/Dxe/DxeRing3/DxeRing3.c
View File

@ -156,6 +156,7 @@ Ring3Call (
Status = Function5 (Data->Arguments[0], Data->Arguments[1], Data->Arguments[2], Data->Arguments[3], Data->Arguments[4]); Status = Function5 (Data->Arguments[0], Data->Arguments[1], Data->Arguments[2], Data->Arguments[3], Data->Arguments[4]);
break; break;
default: default:
Status = EFI_UNSUPPORTED;
break; break;
} }

147
MdeModulePkg/Core/Dxe/SysCall/SupportedProtocols.c
View File

@ -237,24 +237,32 @@ CoreFileRead (
UINTN *Ring3BufferSize; UINTN *Ring3BufferSize;
VOID *Ring3Buffer; VOID *Ring3Buffer;
File = (RING3_EFI_FILE_PROTOCOL *)This; File = (RING3_EFI_FILE_PROTOCOL *)This;
DEBUG ((DEBUG_INFO, "Ring3 Read: check 1\n")); Ring3Buffer = NULL;
Ring3BufferSize = NULL;
DisableSMAP (); DisableSMAP ();
Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (UINTN *), (VOID **)&Ring3BufferSize); if (BufferSize != NULL) {
if (EFI_ERROR (Status)) { Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (UINTN *), (VOID **)&Ring3BufferSize);
EnableSMAP (); if (EFI_ERROR (Status)) {
return Status; EnableSMAP ();
return Status;
}
*Ring3BufferSize = *BufferSize;
} }
Status = CoreAllocatePool (EfiRing3MemoryType, *BufferSize, (VOID **)&Ring3Buffer); if (Buffer != NULL) {
if (EFI_ERROR (Status)) { Status = CoreAllocatePool (EfiRing3MemoryType, *BufferSize, (VOID **)&Ring3Buffer);
FreePool (Ring3BufferSize); if (EFI_ERROR (Status)) {
EnableSMAP (); if (Ring3BufferSize != NULL) {
return Status; FreePool (Ring3BufferSize);
}
EnableSMAP ();
return Status;
}
} }
EnableSMAP (); EnableSMAP ();
DEBUG ((DEBUG_INFO, "Ring3 Read: check 2\n"));
Status = GoToRing3 ( Status = GoToRing3 (
3, 3,
@ -263,20 +271,22 @@ CoreFileRead (
Ring3BufferSize, Ring3BufferSize,
Ring3Buffer Ring3Buffer
); );
DEBUG ((DEBUG_INFO, "Ring3 Read: check 3\n"));
DisableSMAP (); DisableSMAP ();
if ((!EFI_ERROR (Status)) && (Ring3Buffer != NULL) && (Buffer != NULL)) { if ((Ring3Buffer != NULL) && (Buffer != NULL) && (*BufferSize >= *Ring3BufferSize)) {
CopyMem (Buffer, Ring3Buffer, *Ring3BufferSize); CopyMem (Buffer, Ring3Buffer, *Ring3BufferSize);
}
if (Ring3Buffer != NULL) {
FreePool (Ring3Buffer); FreePool (Ring3Buffer);
} }
*BufferSize = *Ring3BufferSize; if (Ring3BufferSize != NULL) {
*BufferSize = *Ring3BufferSize;
DEBUG ((DEBUG_INFO, "Ring3 Read: check 3.5\n")); FreePool (Ring3BufferSize);
FreePool (Ring3BufferSize); }
EnableSMAP (); EnableSMAP ();
DEBUG ((DEBUG_INFO, "Ring3 Read: check 4\n"));
return Status; return Status;
} }
@ -325,13 +335,19 @@ CoreFileGetPosition (
RING3_EFI_FILE_PROTOCOL *File; RING3_EFI_FILE_PROTOCOL *File;
UINT64 *Ring3Position; UINT64 *Ring3Position;
File = (RING3_EFI_FILE_PROTOCOL *)This; File = (RING3_EFI_FILE_PROTOCOL *)This;
Ring3Position = NULL;
DisableSMAP (); if (Position != NULL) {
Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (UINT64), (VOID **)&Ring3Position); DisableSMAP ();
EnableSMAP (); Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (UINT64), (VOID **)&Ring3Position);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; EnableSMAP ();
return Status;
}
*Ring3Position = *Position;
EnableSMAP ();
} }
Status = GoToRing3 ( Status = GoToRing3 (
@ -341,11 +357,13 @@ CoreFileGetPosition (
Ring3Position Ring3Position
); );
DisableSMAP (); if (Ring3Position != NULL) {
*Position = *Ring3Position; DisableSMAP ();
*Position = *Ring3Position;
FreePool (Ring3Position); FreePool (Ring3Position);
EnableSMAP (); EnableSMAP ();
}
return Status; return Status;
} }
@ -366,31 +384,48 @@ CoreFileGetInfo (
UINTN *Ring3BufferSize; UINTN *Ring3BufferSize;
VOID *Ring3Buffer; VOID *Ring3Buffer;
File = (RING3_EFI_FILE_PROTOCOL *)This; File = (RING3_EFI_FILE_PROTOCOL *)This;
Ring3Buffer = NULL;
Ring3BufferSize = NULL;
Ring3InformationType = NULL;
DisableSMAP (); DisableSMAP ();
Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (UINTN *), (VOID **)&Ring3BufferSize); if (BufferSize != NULL) {
if (EFI_ERROR (Status)) { Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (UINTN *), (VOID **)&Ring3BufferSize);
EnableSMAP (); if (EFI_ERROR (Status)) {
return Status; EnableSMAP ();
return Status;
}
*Ring3BufferSize = *BufferSize;
} }
Status = CoreAllocatePool (EfiRing3MemoryType, *BufferSize, (VOID **)&Ring3Buffer); if (Buffer != NULL) {
if (EFI_ERROR (Status)) { Status = CoreAllocatePool (EfiRing3MemoryType, *BufferSize, (VOID **)&Ring3Buffer);
FreePool (Ring3BufferSize); if (EFI_ERROR (Status)) {
EnableSMAP (); if (Ring3BufferSize != NULL) {
return Status; FreePool (Ring3BufferSize);
}
EnableSMAP ();
return Status;
}
} }
Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (EFI_GUID), (VOID **)&Ring3InformationType); if (InformationType != NULL) {
if (EFI_ERROR (Status)) { Status = CoreAllocatePool (EfiRing3MemoryType, sizeof (EFI_GUID), (VOID **)&Ring3InformationType);
FreePool (Ring3BufferSize); if (EFI_ERROR (Status)) {
FreePool (Ring3Buffer); if (Ring3BufferSize != NULL) {
EnableSMAP (); FreePool (Ring3BufferSize);
return Status; }
} if (Ring3Buffer != NULL) {
FreePool (Ring3Buffer);
}
EnableSMAP ();
return Status;
}
CopyGuid (Ring3InformationType, InformationType); CopyGuid (Ring3InformationType, InformationType);
}
EnableSMAP (); EnableSMAP ();
Status = GoToRing3 ( Status = GoToRing3 (
@ -403,13 +438,23 @@ CoreFileGetInfo (
); );
DisableSMAP (); DisableSMAP ();
*BufferSize = *Ring3BufferSize; if ((Ring3Buffer != NULL) && (Buffer != NULL) && (*BufferSize >= *Ring3BufferSize)) {
CopyMem (Buffer, Ring3Buffer, *Ring3BufferSize);
}
CopyMem (Buffer, Ring3Buffer, *Ring3BufferSize); if (Ring3BufferSize != NULL) {
*BufferSize = *Ring3BufferSize;
FreePool (Ring3BufferSize); FreePool (Ring3BufferSize);
FreePool (Ring3Buffer); }
FreePool (Ring3InformationType);
if (Ring3Buffer != NULL) {
FreePool (Ring3Buffer);
}
if (Ring3InformationType != NULL) {
FreePool (Ring3InformationType);
}
EnableSMAP (); EnableSMAP ();
return Status; return Status;