/** @file\r
System Management System Table Services SmmInstallConfigurationTable service\r
\r
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
- This program and the accompanying materials are licensed and made available \r
- under the terms and conditions of the BSD License which accompanies this \r
- distribution. The full text of the license may be found at \r
- http://opensource.org/licenses/bsd-license.php \r
+ Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials are licensed and made available\r
+ under the terms and conditions of the BSD License which accompanies this\r
+ distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php\r
\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
{\r
UINTN Index;\r
EFI_CONFIGURATION_TABLE *ConfigurationTable;\r
+ EFI_CONFIGURATION_TABLE *OldTable;\r
\r
//\r
// If Guid is NULL, then this operation cannot be performed\r
if (Table != NULL) {\r
//\r
// If Table is not NULL, then this is a modify operation.\r
- // Modify the table enty and return.\r
+ // Modify the table entry and return.\r
//\r
ConfigurationTable[Index].VendorTable = Table;\r
return EFI_SUCCESS;\r
);\r
\r
//\r
- // Free Old Table\r
+ // Record the old table pointer.\r
//\r
- FreePool (gSmmCoreSmst.SmmConfigurationTable);\r
- }\r
+ OldTable = gSmmCoreSmst.SmmConfigurationTable;\r
\r
- //\r
- // Update System Table\r
- //\r
- gSmmCoreSmst.SmmConfigurationTable = ConfigurationTable;\r
+ //\r
+ // As the SmmInstallConfigurationTable() may be re-entered by FreePool() in\r
+ // its calling stack, updating System table to the new table pointer must\r
+ // be done before calling FreePool() to free the old table.\r
+ // It can make sure the gSmmCoreSmst.SmmConfigurationTable point to the new\r
+ // table and avoid the errors of use-after-free to the old table by the\r
+ // reenter of SmmInstallConfigurationTable() in FreePool()'s calling stack.\r
+ //\r
+ gSmmCoreSmst.SmmConfigurationTable = ConfigurationTable;\r
+\r
+ //\r
+ // Free the old table after updating System Table to the new table pointer.\r
+ //\r
+ FreePool (OldTable);\r
+ } else {\r
+ //\r
+ // Update System Table\r
+ //\r
+ gSmmCoreSmst.SmmConfigurationTable = ConfigurationTable;\r
+ }\r
}\r
\r
//\r