tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

1. Enhance AuthVar driver to avoid process corrupted certificate input. 

Signed-off-by: hhuan13
Reviewed-by: ftian

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12398 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
hhuan13 2011-09-21 05:17:50 +00:00
parent 378175d258
commit 648f98d15b
3 changed files with 48 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -1051,14 +1051,32 @@ VerifyTimeBasedPayload (
// Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor. // Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor.
// AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header. // AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.
// //
SigData = (UINT8*) ((UINTN)Data + (UINTN)(((EFI_VARIABLE_AUTHENTICATION_2 *) 0)->AuthInfo.CertData)); SigData = (UINT8*) ((UINTN)Data + OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(UINTN)(((WIN_CERTIFICATE_UEFI_GUID *) 0)->CertData);
//
// Sanity check to avoid corrupted certificate input.
//
if (CertData->AuthInfo.Hdr.dwLength < (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData))) {
return EFI_SECURITY_VIOLATION;
}
SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
// //
// Find out the new data payload which follows Pkcs7 SignedData directly. // Find out the new data payload which follows Pkcs7 SignedData directly.
// //
PayLoadPtr = (UINT8*) ((UINTN) SigData + (UINTN) SigDataSize); PayLoadPtr = (UINT8*) ((UINTN) SigData + (UINTN) SigDataSize);
PayLoadSize = DataSize - (UINTN)(((EFI_VARIABLE_AUTHENTICATION_2 *) 0)->AuthInfo.CertData) - (UINTN) SigDataSize;
//
// Sanity check to avoid corrupted certificate input.
//
if (DataSize < (OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)+ (UINTN) SigDataSize)) {
return EFI_SECURITY_VIOLATION;
}
PayLoadSize = DataSize - OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData) - (UINTN) SigDataSize;
// //

8
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
View File

@ -199,7 +199,9 @@ UpdateVariableStore (
// Check if the Data is Volatile. // Check if the Data is Volatile.
// //
if (!Volatile) { if (!Volatile) {
ASSERT (Fvb != NULL); if (Fvb == NULL) {
return EFI_INVALID_PARAMETER;
}
Status = Fvb->GetPhysicalAddress(Fvb, &FvVolHdr); Status = Fvb->GetPhysicalAddress(Fvb, &FvVolHdr);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
@ -1048,7 +1050,9 @@ VariableGetBestLanguage (
CONST CHAR8 *Supported; CONST CHAR8 *Supported;
CHAR8 *Buffer; CHAR8 *Buffer;
ASSERT (SupportedLanguages != NULL); if (SupportedLanguages == NULL) {
return NULL;
}
VA_START (Args, Iso639Language); VA_START (Args, Iso639Language);
while ((Language = VA_ARG (Args, CHAR8 *)) != NULL) { while ((Language = VA_ARG (Args, CHAR8 *)) != NULL) {

12
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
View File

@ -252,6 +252,7 @@ GetFvbCountAndBuffer (
@retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
PcdVariableCollectStatistics should be set TRUE to support it. PcdVariableCollectStatistics should be set TRUE to support it.
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information. @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
@retval EFI_INVALID_PARAMETER Input parameter is invalid.
**/ **/
EFI_STATUS EFI_STATUS
@ -265,7 +266,10 @@ SmmVariableGetStatistics (
UINTN StatisticsInfoSize; UINTN StatisticsInfoSize;
CHAR16 *InfoName; CHAR16 *InfoName;
ASSERT (InfoEntry != NULL); if (InfoEntry == NULL) {
return EFI_INVALID_PARAMETER;
}
VariableInfo = gVariableInfo; VariableInfo = gVariableInfo;
if (VariableInfo == NULL) { if (VariableInfo == NULL) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
@ -348,6 +352,8 @@ SmmVariableGetStatistics (
@retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
be called. be called.
@retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced. @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
@retval EFI_INVALID_PARAMETER Input parameter is invalid.
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
@ -366,7 +372,9 @@ SmmVariableHandler (
VARIABLE_INFO_ENTRY *VariableInfo; VARIABLE_INFO_ENTRY *VariableInfo;
UINTN InfoSize; UINTN InfoSize;
ASSERT (CommBuffer != NULL); if (CommBuffer == NULL) {
return EFI_INVALID_PARAMETER;
}
SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer; SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer;
switch (SmmVariableFunctionHeader->Function) { switch (SmmVariableFunctionHeader->Function) {