tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-25 22:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change BufferSize from UINTN * to UINTN to eliminate pointer to pointer in SmmCore for security consideration.

Browse Source 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10299 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
jyao1 2010-03-21 04:17:16 +00:00
parent 59a4bd4037
commit ab780ebf90
3 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
View File

@ -276,19 +276,19 @@ SmmEntryPoint (
// Synchronous SMI for SMM Core or request from Communicate protocol // Synchronous SMI for SMM Core or request from Communicate protocol
// //
CommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)gSmmCorePrivate->CommunicationBuffer; CommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)gSmmCorePrivate->CommunicationBuffer;
*gSmmCorePrivate->BufferSize -= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); gSmmCorePrivate->BufferSize -= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data);
Status = SmiManage ( Status = SmiManage (
&CommunicateHeader->HeaderGuid, &CommunicateHeader->HeaderGuid,
NULL, NULL,
CommunicateHeader->Data, CommunicateHeader->Data,
gSmmCorePrivate->BufferSize &gSmmCorePrivate->BufferSize
); );
// //
// Update CommunicationBuffer, BufferSize and ReturnStatus // Update CommunicationBuffer, BufferSize and ReturnStatus
// Communicate service finished, reset the pointer to CommBuffer to NULL // Communicate service finished, reset the pointer to CommBuffer to NULL
// //
*gSmmCorePrivate->BufferSize += OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data); gSmmCorePrivate->BufferSize += OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data);
gSmmCorePrivate->CommunicationBuffer = NULL; gSmmCorePrivate->CommunicationBuffer = NULL;
gSmmCorePrivate->ReturnStatus = (Status == EFI_WARN_INTERRUPT_SOURCE_QUIESCED) ? EFI_SUCCESS : EFI_NOT_FOUND; gSmmCorePrivate->ReturnStatus = (Status == EFI_WARN_INTERRUPT_SOURCE_QUIESCED) ? EFI_SUCCESS : EFI_NOT_FOUND;
} else { } else {

2
MdeModulePkg/Core/PiSmmCore/PiSmmCorePrivateData.h
View File

@ -93,7 +93,7 @@ typedef struct {
/// in bytes, into a software SMI handler and for the software SMI handler to pass the /// in bytes, into a software SMI handler and for the software SMI handler to pass the
/// size, in bytes, of a buffer back to the caller of the SMM Communication Protocol. /// size, in bytes, of a buffer back to the caller of the SMM Communication Protocol.
/// ///
UINTN *BufferSize; UINTN BufferSize;
/// ///
/// This field is used by the SMM Communication Protocol to pass the return status from /// This field is used by the SMM Communication Protocol to pass the return status from

12
MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
View File

@ -210,8 +210,8 @@ SMM_CORE_PRIVATE_DATA mSmmCorePrivateData = {
FALSE, // SmmEntryPointRegistered FALSE, // SmmEntryPointRegistered
FALSE, // InSmm FALSE, // InSmm
NULL, // Smst NULL, // Smst
0, // BufferSize
NULL, // CommunicationBuffer NULL, // CommunicationBuffer
0, // BufferSize
EFI_SUCCESS // ReturnStatus EFI_SUCCESS // ReturnStatus
}; };
@ -410,6 +410,13 @@ SmmCommunicationCommunicate (
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
//
// CommSize must hold HeaderGuid and MessageLength
//
if (*CommSize < OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)) {
return EFI_INVALID_PARAMETER;
}
// //
// If not already in SMM, then generate a Software SMI // If not already in SMM, then generate a Software SMI
// //
@ -418,7 +425,7 @@ SmmCommunicationCommunicate (
// Put arguments for Software SMI in gSmmCorePrivate // Put arguments for Software SMI in gSmmCorePrivate
// //
gSmmCorePrivate->CommunicationBuffer = CommBuffer; gSmmCorePrivate->CommunicationBuffer = CommBuffer;
gSmmCorePrivate->BufferSize = CommSize; gSmmCorePrivate->BufferSize = *CommSize;
// //
// Generate Software SMI // Generate Software SMI
@ -431,6 +438,7 @@ SmmCommunicationCommunicate (
// //
// Return status from software SMI // Return status from software SMI
// //
*CommSize = gSmmCorePrivate->BufferSize;
return gSmmCorePrivate->ReturnStatus; return gSmmCorePrivate->ReturnStatus;
} }