if (OptionPtr == NULL) {\r
continue;\r
}\r
+\r
+ //\r
+ // Validate the variable.\r
+ //\r
+ if (!ValidateOption(OptionPtr, OptionSize)) {\r
+ continue;\r
+ }\r
+\r
TempPtr = OptionPtr;\r
TempPtr += sizeof (UINT32) + sizeof (UINT16);\r
Description = (CHAR16 *) TempPtr;\r
Size = 0;\r
while (!IsDevicePathEnd (DevicePath)) {\r
NodeSize = DevicePathNodeLength (DevicePath);\r
- if (NodeSize == 0) {\r
+ if (NodeSize < END_DEVICE_PATH_LENGTH) {\r
return 0;\r
}\r
Size += NodeSize;\r
bigger than MaxStringLen, return length 0 to indicate that this is an \r
invalidate string.\r
\r
- This function returns the number of Unicode characters in the Null-terminated\r
+ This function returns the byte length of Unicode characters in the Null-terminated\r
Unicode string specified by String. \r
\r
If String is NULL, then ASSERT().\r
ASSERT (String != NULL && MaxStringLen != 0);\r
ASSERT (((UINTN) String & BIT0) == 0);\r
\r
- for (Length = 0; *String != L'\0' && MaxStringLen != Length; String++, Length++);\r
+ for (Length = 0; *String != L'\0' && MaxStringLen != Length; String++, Length+=2);\r
\r
if (*String != L'\0' && MaxStringLen == Length) {\r
return 0;\r
}\r
\r
- return (Length + 1) * sizeof (*String);\r
+ return Length + 2;\r
+}\r
+\r
+/**\r
+ Validate the EFI Boot#### variable (VendorGuid/Name)\r
+\r
+ @param Variable Boot#### variable data.\r
+ @param VariableSize Returns the size of the EFI variable that was read\r
+\r
+ @retval TRUE The variable data is correct.\r
+ @retval FALSE The variable data is corrupted.\r
+\r
+**/\r
+BOOLEAN \r
+ValidateOption (\r
+ UINT8 *Variable,\r
+ UINTN VariableSize\r
+ )\r
+{\r
+ UINT16 FilePathSize;\r
+ UINT8 *TempPtr;\r
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
+ UINTN TempSize;\r
+\r
+ if (VariableSize <= sizeof (UINT16) + sizeof (UINT32)) {\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Skip the option attribute\r
+ //\r
+ TempPtr = Variable;\r
+ TempPtr += sizeof (UINT32);\r
+\r
+ //\r
+ // Get the option's device path size\r
+ //\r
+ FilePathSize = *(UINT16 *) TempPtr;\r
+ TempPtr += sizeof (UINT16);\r
+\r
+ //\r
+ // Get the option's description string size\r
+ //\r
+ TempSize = StrSizeEx ((CHAR16 *) TempPtr, VariableSize - sizeof (UINT16) - sizeof (UINT32));\r
+ TempPtr += TempSize;\r
+\r
+ //\r
+ // Get the option's device path\r
+ //\r
+ DevicePath = (EFI_DEVICE_PATH_PROTOCOL *) TempPtr;\r
+ TempPtr += FilePathSize;\r
+\r
+ //\r
+ // Validation boot option variable.\r
+ //\r
+ if ((FilePathSize == 0) || (TempSize == 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (TempSize + FilePathSize + sizeof (UINT16) + sizeof (UINT32) > VariableSize) {\r
+ return FALSE;\r
+ }\r
+\r
+ return (BOOLEAN) (GetDevicePathSizeEx (DevicePath, FilePathSize) != 0);\r
}\r
\r
/**\r
UINT8 *TempPtr;\r
UINTN VariableSize;\r
EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
- EFI_DEVICE_PATH_PROTOCOL *TempPath;\r
BDS_COMMON_OPTION *Option;\r
VOID *LoadOptions;\r
UINT32 LoadOptionsSize;\r
CHAR16 *Description;\r
UINT8 NumOff;\r
- UINTN TempSize;\r
+\r
//\r
// Read the variable. We will never free this data.\r
//\r
if (Variable == NULL) {\r
return NULL;\r
}\r
+\r
+ //\r
+ // Validate Boot#### variable data.\r
+ //\r
+ if (!ValidateOption(Variable, VariableSize)) {\r
+ return NULL;\r
+ }\r
+\r
//\r
// Notes: careful defined the variable of Boot#### or\r
// Driver####, consider use some macro to abstract the code\r
//\r
// Get the option's description string size\r
//\r
- TempSize = StrSizeEx ((CHAR16 *) TempPtr, VariableSize);\r
- if (TempSize == 0) {\r
- return NULL;\r
- }\r
- TempPtr += TempSize;\r
+ TempPtr += StrSize((CHAR16 *) TempPtr);\r
\r
//\r
// Get the option's device path\r
DevicePath = (EFI_DEVICE_PATH_PROTOCOL *) TempPtr;\r
TempPtr += FilePathSize;\r
\r
- //\r
- // Validation device path.\r
- //\r
- TempPath = DevicePath;\r
- while (FilePathSize > 0) {\r
- TempSize = GetDevicePathSizeEx (TempPath, FilePathSize);\r
- if (TempSize == 0) {\r
- return NULL;\r
- }\r
- FilePathSize = (UINT16) (FilePathSize - TempSize);\r
- TempPath += TempSize;\r
- }\r
-\r
//\r
// Get load opion data.\r
//\r
LoadOptions = TempPtr;\r
- if (VariableSize < (UINTN)(TempPtr - Variable)) {\r
- return NULL;\r
- }\r
LoadOptionsSize = (UINT32) (VariableSize - (UINTN) (TempPtr - Variable));\r
\r
//\r
+ (UINT16) (CharToUint (VariableName[NumOff+2]) * 0x10)\r
+ (UINT16) (CharToUint (VariableName[NumOff+3]) * 0x1);\r
}\r
- //\r
- // Insert active entry to BdsDeviceList\r
- //\r
- if ((Option->Attribute & LOAD_OPTION_ACTIVE) == LOAD_OPTION_ACTIVE) {\r
- InsertTailList (BdsCommonOptionList, &Option->Link);\r
- FreePool (Variable);\r
- return Option;\r
- }\r
-\r
+ InsertTailList (BdsCommonOptionList, &Option->Link);\r
FreePool (Variable);\r
- FreePool (Option);\r
- return NULL;\r
-\r
+ return Option;\r
}\r
\r
/**\r
//\r
Buffer = AllocateZeroPool (BufferSize);\r
if (Buffer == NULL) {\r
+ *VariableSize = 0;\r
return NULL;\r
}\r
//\r
//\r
Status = gRT->GetVariable (Name, VendorGuid, NULL, &BufferSize, Buffer);\r
if (EFI_ERROR (Status)) {\r
+ FreePool (Buffer);\r
BufferSize = 0;\r
+ Buffer = NULL;\r
}\r
}\r
\r
+ ASSERT (((Buffer == NULL) && (BufferSize == 0)) ||\r
+ ((Buffer != NULL) && (BufferSize != 0))\r
+ );\r
*VariableSize = BufferSize;\r
return Buffer;\r
}\r
ASSERT (StringBuffer1 != NULL);\r
StringBuffer2 = AllocateZeroPool (MAX_STRING_LEN * sizeof (CHAR16));\r
ASSERT (StringBuffer2 != NULL);\r
- StrCpy (StringBuffer1, L"Configuration changed. Reset to apply it Now ? ");\r
- StrCpy (StringBuffer2, L"Enter (YES) / Esc (NO)");\r
+ StrCpy (StringBuffer1, L"Configuration changed. Reset to apply it Now.");\r
+ StrCpy (StringBuffer2, L"Press ENTER to reset");\r
//\r
// Popup a menu to notice user\r
//\r
do {\r
CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, StringBuffer1, StringBuffer2, NULL);\r
- } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));\r
+ } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);\r
\r
FreePool (StringBuffer1);\r
FreePool (StringBuffer2);\r
- //\r
- // If the user hits the YES Response key, reset\r
- //\r
- if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {\r
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
- }\r
- gST->ConOut->ClearScreen (gST->ConOut);\r
+\r
+ gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);\r
}\r
}\r
}\r