tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdePkg UefiDevicePathLib: Validate buffer length before use buffer. 

In IsDevicePathValid API, code should validate the device path
buffer not exceed the input MaxSize before reference the path
info.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
This commit is contained in:
Eric Dong 2016-10-12 20:32:16 +08:00 committed by Ruiyu Ni
parent 67e11e4d59
commit e9fb71b299
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
View File

@ -8,7 +8,7 @@
environment varibles. Multi-instance device paths should never be placed environment varibles. Multi-instance device paths should never be placed
on a Handle. on a Handle.
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -61,25 +61,35 @@ IsDevicePathValid (
ASSERT (DevicePath != NULL); ASSERT (DevicePath != NULL);
for (Count = 0, Size = 0; !IsDevicePathEnd (DevicePath); DevicePath = NextDevicePathNode (DevicePath)) { if (MaxSize == 0){
MaxSize = MAX_UINTN;
}
Size = 0;
Count = 0;
while (MaxSize >= sizeof (EFI_DEVICE_PATH_PROTOCOL) &&
(MaxSize - sizeof (EFI_DEVICE_PATH_PROTOCOL) >= Size) &&
!IsDevicePathEnd (DevicePath)) {
NodeLength = DevicePathNodeLength (DevicePath); NodeLength = DevicePathNodeLength (DevicePath);
if (NodeLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) { if (NodeLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
return FALSE; return FALSE;
} }
if (MaxSize > 0) { if (NodeLength > MAX_UINTN - Size) {
Size += NodeLength; return FALSE;
if (Size + END_DEVICE_PATH_LENGTH > MaxSize) {
return FALSE;
}
} }
Size += NodeLength;
if (PcdGet32 (PcdMaximumDevicePathNodeCount) > 0) { if (PcdGet32 (PcdMaximumDevicePathNodeCount) > 0) {
Count++; Count++;
if (Count >= PcdGet32 (PcdMaximumDevicePathNodeCount)) { if (Count >= PcdGet32 (PcdMaximumDevicePathNodeCount)) {
return FALSE; return FALSE;
} }
} }
DevicePath = NextDevicePathNode (DevicePath);
} }
// //
@ -88,6 +98,7 @@ IsDevicePathValid (
return (BOOLEAN) (DevicePathNodeLength (DevicePath) == END_DEVICE_PATH_LENGTH); return (BOOLEAN) (DevicePathNodeLength (DevicePath) == END_DEVICE_PATH_LENGTH);
} }
/** /**
Returns the Type field of a device path node. Returns the Type field of a device path node.