tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

1. Enhance AuthVar driver to avoid process corrupted certificate input. 

Signed-off-by: hhuan13
Reviewed-by: ftian

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12398 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
hhuan13 2011-09-21 05:17:50 +00:00
parent 378175d258
commit 648f98d15b
3 changed files with 48 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -1046,19 +1046,37 @@ VerifyTimeBasedPayload (
//
return EFI_SECURITY_VIOLATION;
}
//
// Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor.
// AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.
//
SigData = (UINT8*) ((UINTN)Data + (UINTN)(((EFI_VARIABLE_AUTHENTICATION_2 *) 0)->AuthInfo.CertData));
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(UINTN)(((WIN_CERTIFICATE_UEFI_GUID *) 0)->CertData);
SigData = (UINT8*) ((UINTN)Data + OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
//
// Sanity check to avoid corrupted certificate input.
//
if (CertData->AuthInfo.Hdr.dwLength < (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData))) {
return EFI_SECURITY_VIOLATION;
}
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
//
// Find out the new data payload which follows Pkcs7 SignedData directly.
//
PayLoadPtr = (UINT8*) ((UINTN) SigData + (UINTN) SigDataSize);
PayLoadSize = DataSize - (UINTN)(((EFI_VARIABLE_AUTHENTICATION_2 *) 0)->AuthInfo.CertData) - (UINTN) SigDataSize;
//
// Sanity check to avoid corrupted certificate input.
//
if (DataSize < (OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)+ (UINTN) SigDataSize)) {
return EFI_SECURITY_VIOLATION;
}
PayLoadSize = DataSize - OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) - (UINTN) SigDataSize;
//

8
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
View File

@ -199,7 +199,9 @@ UpdateVariableStore (
// Check if the Data is Volatile.
//
if (!Volatile) {
ASSERT (Fvb != NULL);
if (Fvb == NULL) {
return EFI_INVALID_PARAMETER;
}
Status = Fvb->GetPhysicalAddress(Fvb, &FvVolHdr);
ASSERT_EFI_ERROR (Status);
@ -1048,7 +1050,9 @@ VariableGetBestLanguage (
CONST CHAR8 *Supported;
CHAR8 *Buffer;
ASSERT (SupportedLanguages != NULL);
if (SupportedLanguages == NULL) {
return NULL;
}
VA_START (Args, Iso639Language);
while ((Language = VA_ARG (Args, CHAR8 *)) != NULL) {

32
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
View File

@ -241,17 +241,18 @@ GetFvbCountAndBuffer (
/**
Get the variable statistics information from the information buffer pointed by gVariableInfo.
@param[in, out] InfoEntry A pointer to the buffer of variable information entry.
On input, point to the variable information returned last time. if
InfoEntry->VendorGuid is zero, return the first information.
On output, point to the next variable information.
@param[in, out] InfoSize On input, the size of the variable information buffer.
On output, the returned variable information size.
@param[in, out] InfoEntry A pointer to the buffer of variable information entry.
On input, point to the variable information returned last time. if
InfoEntry->VendorGuid is zero, return the first information.
On output, point to the next variable information.
@param[in, out] InfoSize On input, the size of the variable information buffer.
On output, the returned variable information size.
@retval EFI_SUCCESS The variable information is found and returned successfully.
@retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
PcdVariableCollectStatistics should be set TRUE to support it.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
@retval EFI_SUCCESS The variable information is found and returned successfully.
@retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
PcdVariableCollectStatistics should be set TRUE to support it.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
@retval EFI_INVALID_PARAMETER Input parameter is invalid.
**/
EFI_STATUS
@ -265,7 +266,10 @@ SmmVariableGetStatistics (
UINTN StatisticsInfoSize;
CHAR16 *InfoName;
ASSERT (InfoEntry != NULL);
if (InfoEntry == NULL) {
return EFI_INVALID_PARAMETER;
}
VariableInfo = gVariableInfo;
if (VariableInfo == NULL) {
return EFI_UNSUPPORTED;
@ -348,6 +352,8 @@ SmmVariableGetStatistics (
@retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
be called.
@retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
@retval EFI_INVALID_PARAMETER Input parameter is invalid.
**/
EFI_STATUS
EFIAPI
@ -366,7 +372,9 @@ SmmVariableHandler (
VARIABLE_INFO_ENTRY *VariableInfo;
UINTN InfoSize;
ASSERT (CommBuffer != NULL);
if (CommBuffer == NULL) {
return EFI_INVALID_PARAMETER;
}
SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
switch (SmmVariableFunctionHeader->Function) {