mirror of https://github.com/acidanthera/audk.git
MdeModulePkg/Variable: Check if there is a NV Variable Storage header prior to use its attributes
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at the base address. In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength' is a non valid value that can lead to a non valid physical address when accessing produces an access error. Signed-off-by: oliviermartin Reviewed-by: niruiyu git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12836 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
7f070be5c9
commit
d65502601e
|
@ -361,6 +361,15 @@ GetVariableStore (
|
|||
PcdGet64 (PcdFlashNvStorageVariableBase64) :
|
||||
PcdGet32 (PcdFlashNvStorageVariableBase)
|
||||
);
|
||||
|
||||
//
|
||||
// Check if the Firmware Volume is not corrupted
|
||||
//
|
||||
if ((FvHeader->Signature != EFI_FVH_SIGNATURE) || (!CompareGuid (&gEfiSystemNvDataFvGuid, &FvHeader->FileSystemGuid))) {
|
||||
DEBUG ((EFI_D_ERROR, "Firmware Volume for Variable Store is corrupted\n"));
|
||||
break;
|
||||
}
|
||||
|
||||
VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINT8 *) FvHeader + FvHeader->HeaderLength);
|
||||
|
||||
if (IndexTable != NULL) {
|
||||
|
|
|
@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
|
||||
#include <Guid/VariableFormat.h>
|
||||
#include <Guid/VariableIndexTable.h>
|
||||
#include <Guid/SystemNvDataGuid.h>
|
||||
|
||||
typedef enum {
|
||||
VariableStoreTypeHob,
|
||||
|
|
|
@ -48,6 +48,7 @@
|
|||
[Guids]
|
||||
gEfiVariableGuid
|
||||
gEfiVariableIndexTableGuid
|
||||
gEfiSystemNvDataFvGuid
|
||||
|
||||
[Ppis]
|
||||
gEfiPeiReadOnlyVariable2PpiGuid ## SOMETIMES_PRODUCES (Not for boot mode RECOVERY)
|
||||
|
|
|
@ -2463,6 +2463,17 @@ VariableCommonInitialize (
|
|||
if (TempVariableStoreHeader == 0) {
|
||||
TempVariableStoreHeader = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
|
||||
}
|
||||
|
||||
//
|
||||
// Check if the Firmware Volume is not corrupted
|
||||
//
|
||||
if ((((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)(TempVariableStoreHeader))->Signature != EFI_FVH_SIGNATURE) ||
|
||||
(!CompareGuid (&gEfiSystemNvDataFvGuid, &((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)(TempVariableStoreHeader))->FileSystemGuid))) {
|
||||
Status = EFI_VOLUME_CORRUPTED;
|
||||
DEBUG ((EFI_D_ERROR, "Firmware Volume for Variable Store is corrupted\n"));
|
||||
goto Done;
|
||||
}
|
||||
|
||||
VariableStoreBase = TempVariableStoreHeader + \
|
||||
(((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)(TempVariableStoreHeader)) -> HeaderLength);
|
||||
VariableStoreLength = (UINT64) PcdGet32 (PcdFlashNvStorageVariableSize) - \
|
||||
|
|
|
@ -37,6 +37,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
#include <Guid/GlobalVariable.h>
|
||||
#include <Guid/EventGroup.h>
|
||||
#include <Guid/VariableFormat.h>
|
||||
#include <Guid/SystemNvDataGuid.h>
|
||||
|
||||
#define VARIABLE_RECLAIM_THRESHOLD (1024)
|
||||
|
||||
|
|
|
@ -64,6 +64,7 @@
|
|||
gEfiVariableGuid ## PRODUCES ## Configuration Table Guid
|
||||
gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
|
||||
gEfiEventVirtualAddressChangeGuid ## PRODUCES ## Event
|
||||
gEfiSystemNvDataFvGuid ## CONSUMES
|
||||
|
||||
[Pcd]
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
|
||||
|
|
Loading…
Reference in New Issue