mirror of https://github.com/acidanthera/audk.git
Add check to make sure the data be valid.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gao, Liming <liming.gao@intel.com> Reviewed-by: Zeng, Star <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15393 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
f85acc224c
commit
9f25f7ddd0
|
@ -13,7 +13,7 @@
|
|||
4. It save all the mapping info in NV variables which will be consumed
|
||||
by platform override protocol driver to publish the platform override protocol.
|
||||
|
||||
Copyright (c) 2007 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -1240,6 +1240,7 @@ PlatOverMngrRouteConfig (
|
|||
EFI_CALLBACK_INFO *Private;
|
||||
UINT16 KeyValue;
|
||||
PLAT_OVER_MNGR_DATA *FakeNvData;
|
||||
EFI_STATUS Status;
|
||||
|
||||
if (Configuration == NULL || Progress == NULL) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
|
@ -1260,11 +1261,12 @@ PlatOverMngrRouteConfig (
|
|||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
if (mCurrentPage == FORM_ID_DRIVER) {
|
||||
KeyValue = KEY_VALUE_DRIVER_GOTO_ORDER;
|
||||
UpdatePrioritySelectPage (Private, KeyValue, FakeNvData);
|
||||
KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
|
||||
CommintChanges (Private, KeyValue, FakeNvData);
|
||||
Status = CommintChanges (Private, KeyValue, FakeNvData);
|
||||
//
|
||||
// Since UpdatePrioritySelectPage will change mCurrentPage,
|
||||
// should ensure the mCurrentPage still indicate the second page here
|
||||
|
@ -1274,10 +1276,10 @@ PlatOverMngrRouteConfig (
|
|||
|
||||
if (mCurrentPage == FORM_ID_ORDER) {
|
||||
KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
|
||||
CommintChanges (Private, KeyValue, FakeNvData);
|
||||
Status = CommintChanges (Private, KeyValue, FakeNvData);
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/** @file
|
||||
Implementation of the shared functions to do the platform driver vverride mapping.
|
||||
|
||||
Copyright (c) 2007 - 2009, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -691,12 +691,17 @@ InitOverridesMapping (
|
|||
//
|
||||
VariableNum = 1;
|
||||
Corrupted = FALSE;
|
||||
NotEnd = 0;
|
||||
do {
|
||||
VariableIndex = VariableBuffer;
|
||||
//
|
||||
// End flag
|
||||
//
|
||||
NotEnd = *(UINT32*) VariableIndex;
|
||||
if (VariableIndex + sizeof (UINT32) > (UINT8 *) VariableBuffer + BufferSize) {
|
||||
Corrupted = TRUE;
|
||||
} else {
|
||||
//
|
||||
// End flag
|
||||
//
|
||||
NotEnd = *(UINT32*) VariableIndex;
|
||||
}
|
||||
//
|
||||
// Traverse the entries containing the mapping that Controller Device Path
|
||||
// to a set of Driver Device Paths within this variable.
|
||||
|
@ -706,6 +711,10 @@ InitOverridesMapping (
|
|||
//
|
||||
// Check signature of this entry
|
||||
//
|
||||
if (VariableIndex + sizeof (UINT32) > (UINT8 *) VariableBuffer + BufferSize) {
|
||||
Corrupted = TRUE;
|
||||
break;
|
||||
}
|
||||
Signature = *(UINT32 *) VariableIndex;
|
||||
if (Signature != PLATFORM_OVERRIDE_ITEM_SIGNATURE) {
|
||||
Corrupted = TRUE;
|
||||
|
@ -722,6 +731,10 @@ InitOverridesMapping (
|
|||
//
|
||||
// Get DriverNum
|
||||
//
|
||||
if (VariableIndex + sizeof (UINT32) >= (UINT8 *) VariableBuffer + BufferSize) {
|
||||
Corrupted = TRUE;
|
||||
break;
|
||||
}
|
||||
DriverNumber = *(UINT32*) VariableIndex;
|
||||
OverrideItem->DriverInfoNum = DriverNumber;
|
||||
VariableIndex = VariableIndex + sizeof (UINT32);
|
||||
|
@ -735,6 +748,14 @@ InitOverridesMapping (
|
|||
// Align the VariableIndex since the controller device path may not be aligned, refer to the SaveOverridesMapping()
|
||||
//
|
||||
VariableIndex += ((sizeof(UINT32) - ((UINTN) (VariableIndex))) & (sizeof(UINT32) - 1));
|
||||
//
|
||||
// Check buffer overflow.
|
||||
//
|
||||
if ((OverrideItem->ControllerDevicePath == NULL) || (VariableIndex < (UINT8 *) ControllerDevicePath) ||
|
||||
(VariableIndex > (UINT8 *) VariableBuffer + BufferSize)) {
|
||||
Corrupted = TRUE;
|
||||
break;
|
||||
}
|
||||
|
||||
//
|
||||
// Get all DriverImageDevicePath[]
|
||||
|
@ -756,8 +777,20 @@ InitOverridesMapping (
|
|||
VariableIndex += ((sizeof(UINT32) - ((UINTN) (VariableIndex))) & (sizeof(UINT32) - 1));
|
||||
|
||||
InsertTailList (&OverrideItem->DriverInfoList, &DriverImageInfo->Link);
|
||||
|
||||
//
|
||||
// Check buffer overflow
|
||||
//
|
||||
if ((DriverImageInfo->DriverImagePath == NULL) || (VariableIndex < (UINT8 *) DriverDevicePath) ||
|
||||
(VariableIndex < (UINT8 *) VariableBuffer + BufferSize)) {
|
||||
Corrupted = TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
InsertTailList (MappingDataBase, &OverrideItem->Link);
|
||||
if (Corrupted) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
FreePool (VariableBuffer);
|
||||
|
@ -866,11 +899,11 @@ DeleteOverridesVariables (
|
|||
//
|
||||
// Check NotEnd to get all PlatDriOverX variable(s)
|
||||
//
|
||||
while ((*(UINT32*)VariableBuffer) != 0) {
|
||||
while ((VariableBuffer != NULL) && ((*(UINT32*)VariableBuffer) != 0)) {
|
||||
FreePool (VariableBuffer);
|
||||
UnicodeSPrint (OverrideVariableName, sizeof (OverrideVariableName), L"PlatDriOver%d", VariableNum);
|
||||
VariableBuffer = GetVariableAndSize (OverrideVariableName, &gEfiCallerIdGuid, &BufferSize);
|
||||
VariableNum++;
|
||||
ASSERT (VariableBuffer != NULL);
|
||||
}
|
||||
|
||||
//
|
||||
|
@ -1057,10 +1090,19 @@ SaveOverridesMapping (
|
|||
VariableNeededSize,
|
||||
VariableBuffer
|
||||
);
|
||||
ASSERT (!EFI_ERROR(Status));
|
||||
FreePool (VariableBuffer);
|
||||
|
||||
if (EFI_ERROR (Status)) {
|
||||
if (NumIndex > 0) {
|
||||
//
|
||||
// Delete all PlatDriOver variables when full mapping can't be set.
|
||||
//
|
||||
DeleteOverridesVariables ();
|
||||
}
|
||||
return Status;
|
||||
}
|
||||
|
||||
NumIndex ++;
|
||||
FreePool (VariableBuffer);
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
|
|
Loading…
Reference in New Issue