tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 23:54:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

EmbeddedPkg/Lan9118Dxe: Fix risk of buffer overflow.

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Ronald Cron <ronald.cron@arm.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17107 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Olivier Martin 2015-04-02 13:50:18 +00:00 committed by oliviermartin
parent ac8f1e103d
commit f22e965895
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c
View File

@ -1412,12 +1412,6 @@ SnpReceive (
PLength = GET_RXSTATUS_PACKET_LENGTH(RxFifoStatus); PLength = GET_RXSTATUS_PACKET_LENGTH(RxFifoStatus);
LanDriver->Stats.RxTotalBytes += (PLength - 4); LanDriver->Stats.RxTotalBytes += (PLength - 4);
// Check buffer size
if (*BuffSize < PLength) {
*BuffSize = PLength;
return EFI_BUFFER_TOO_SMALL;
}
// If padding is applied, read more DWORDs // If padding is applied, read more DWORDs
if (PLength % 4) { if (PLength % 4) {
Padding = 4 - (PLength % 4); Padding = 4 - (PLength % 4);
@ -1427,6 +1421,12 @@ SnpReceive (
Padding = 0; Padding = 0;
} }
// Check buffer size
if (*BuffSize < (PLength + Padding)) {
*BuffSize = PLength + Padding;
return EFI_BUFFER_TOO_SMALL;
}
// Set the amount of data to be transfered out of FIFO for THIS packet // Set the amount of data to be transfered out of FIFO for THIS packet
// This can be used to trigger an interrupt, and status can be checked // This can be used to trigger an interrupt, and status can be checked
RxCfgValue = MmioRead32 (LAN9118_RX_CFG); RxCfgValue = MmioRead32 (LAN9118_RX_CFG);