audk/Variable at 3588bb3529537b2f840f4aa5dd57d65fbfef455d - audk

mirror of https://github.com/acidanthera/audk.git synced 2025-12-16 01:55:29 +01:00

History

lzeng14 3588bb3529 If DataSize or VariableNameSize is near MAX_ADDRESS, this can cause the computed PayLoadSize to overflow to a small value and pass the check in InitCommunicateBuffer(). To protect against this vulnerability, check DataSize and VariableNameSize to make sure PayloadSize doesn't overflow.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14252 6f19259b-4bc3-4df7-8a09-765794883524

2013-04-08 06:56:08 +00:00

EmuRuntimeDxe

MdeModulePkg: eliminate all implicit library dependencies for all modules in MdeModulePkg on PcdLib

2012-11-01 06:59:25 +00:00

Pei

Variables with state VAR_ADDED&VAR_IN_DELETED_TRANSITION should be considered as valid variables if there is no duplicated ones with VAR_ADDED state.

2013-01-25 06:17:43 +00:00

RuntimeDxe

If DataSize or VariableNameSize is near MAX_ADDRESS, this can cause the computed PayLoadSize to overflow to a small value and pass the check in InitCommunicateBuffer(). To protect against this vulnerability, check DataSize and VariableNameSize to make sure PayloadSize doesn't overflow.

2013-04-08 06:56:08 +00:00