tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,179 Commits 9 Branches 0 Tags 317 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
lzeng14 164a9b6752 Fix the TOCTOU issue of CommBufferSize itself for SMM communicate handler input. 
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14379 6f19259b-4bc3-4df7-8a09-765794883524
 2013-05-21 02:22:02 +00:00
lzeng14 5e5bb2a9ba 1. Fix TOCTOU issue in VariableSmm, FtwSmm, FpdtSmm, SmmCorePerformance SMM handler. For VariableSmm, pre-allocate a mVariableBufferPayload buffer with mVariableBufferPayloadSize(match with mVariableBufferPayloadSize in VariableSmmRuntimeDxe) to hold communicate buffer payload to avoid TOCTOU issue. 
2. Add check to ensure CommBufferPayloadSize not exceed mVariableBufferPayloadSize or is enough to hold function structure in VariableSmm and FtwSmm.
3. Align FtwGetLastWrite() in FaultTolerantWriteSmmDxe.c to FtwGetLastWrite() in FaultTolerantWrite.c.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14325 6f19259b-4bc3-4df7-8a09-765794883524
 2013-05-07 05:38:32 +00:00
lzeng14 9d00d20ed4 1. Use the check IsAddressValid() to prevent SMM communication buffer overflow in SmmVariable, FtwSmm, FpdtSmm, SmmCorePerformance and SmmBaseHelper, and add check to prevent InfoSize overflows in SmmVariableHandler. 
2. Refine the debug message.
3. Add check to make sure the input VariableName is A Null-terminated string.
4. Use local variable to hold StrSize (VariableName) to avoid duplicated StrSize calculation.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14317 6f19259b-4bc3-4df7-8a09-765794883524
 2013-04-25 10:49:45 +00:00
lzeng14 f07268bd0f Mallicious code may use SmmFaultTolerantWriteHandler() to update some flash area directly, like Variable region, so return EFI_ACCESS_DENIED after End Of Dxe in SmmFaultTolerantWriteHandler(). 
And add code to prevent InfoSize overflow.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14312 6f19259b-4bc3-4df7-8a09-765794883524
 2013-04-24 09:33:48 +00:00
lzeng14 7ea4cf3f59 Add more exact SMM check in SmmFaultTolerantWriteHandler. 
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Elvin Li <elvin.li@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13763 6f19259b-4bc3-4df7-8a09-765794883524
 2012-09-28 02:30:25 +00:00
lzeng14 d26c7e82f2 Fix the issue that FTW driver fail to reclaim WorkSpace. 
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Hengyan Tao <hengyan.tao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13732 6f19259b-4bc3-4df7-8a09-765794883524
 2012-09-14 06:54:35 +00:00
ydong10 c219324cc5 Add SMRAM range check to fault tolerant write SMM SMI handler. 
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13518 6f19259b-4bc3-4df7-8a09-765794883524
 2012-07-10 08:09:09 +00:00
gdong1 f3b80a8eab Add SMM FTW wrapper driver since non-SMM FTW protocol can be used by some consumers (Such as capsule update) when SMM FTW driver is applied. 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11246 6f19259b-4bc3-4df7-8a09-765794883524
 2011-01-12 09:05:27 +00:00
gdong1 8a2d49964e Add SMM Variable implementation. 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11151 6f19259b-4bc3-4df7-8a09-765794883524
 2010-12-10 09:27:54 +00:00