Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Chao, Zhang 2014-10-22 07:30:22 +00:00 committed by czhang46
parent 0414ec24ba
commit 36bdec3cd9
4 changed files with 30 additions and 0 deletions

View File

@ -7,6 +7,10 @@
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
Variable attribute should also be checked to avoid authentication bypass.
The whole SMM authentication variable design relies on the integrity of flash part and SMM.
which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
may not be modified without authorization. If platform fails to protect these resources,
the authentication service provided in this driver will be broken, and the behavior is undefined.
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
variable authentication.
@ -251,6 +255,10 @@ AutenticatedVariableServiceInitialize (
DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
//
// "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
// Therefore, there is no memory overflow in underlying CopyMem.
//
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
}
@ -564,6 +572,10 @@ AddPubKeyInStore (
DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
//
// "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
// Therefore, there is no memory overflow in underlying CopyMem.
//
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);

View File

@ -2,6 +2,16 @@
The internal header file includes the common header files, defines
internal structure and functions used by AuthService module.
Caution: This module requires additional review when modified.
This driver will have external input - variable data. It may be input in SMM mode.
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
Variable attribute should also be checked to avoid authentication bypass.
The whole SMM authentication variable design relies on the integrity of flash part and SMM.
which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
may not be modified without authorization. If platform fails to protect these resources,
the authentication service provided in this driver will be broken, and the behavior is undefined.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License

View File

@ -13,6 +13,10 @@
# This driver will have external input - variable data and communicate buffer in SMM mode.
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
# may not be modified without authorization. If platform fails to protect these resources,
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials

View File

@ -8,6 +8,10 @@
# This driver will have external input - variable data.
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
# may not be modified without authorization. If platform fails to protect these resources,
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials