/** @file\r
Implementation of the shared functions to do the platform driver vverride mapping.\r
\r
- Copyright (c) 2007 - 2009, Intel Corporation\r
- All rights reserved. This program and the accompanying materials\r
+ Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
According to a file GUID, check a Fv file device path is valid. If it is invalid,\r
try to return the valid device path.\r
- FV address maybe changes for memory layout adjust from time to time, use this funciton\r
+ FV address maybe changes for memory layout adjust from time to time, use this function\r
could promise the Fv file device path is right.\r
\r
@param DevicePath On input, the FV file device path to check\r
//\r
VariableNum = 1;\r
Corrupted = FALSE;\r
+ NotEnd = 0;\r
do {\r
VariableIndex = VariableBuffer;\r
- //\r
- // End flag\r
- //\r
- NotEnd = *(UINT32*) VariableIndex;\r
+ if (VariableIndex + sizeof (UINT32) > (UINT8 *) VariableBuffer + BufferSize) {\r
+ Corrupted = TRUE;\r
+ } else {\r
+ //\r
+ // End flag\r
+ //\r
+ NotEnd = *(UINT32*) VariableIndex;\r
+ }\r
//\r
// Traverse the entries containing the mapping that Controller Device Path\r
// to a set of Driver Device Paths within this variable.\r
//\r
// Check signature of this entry\r
//\r
+ if (VariableIndex + sizeof (UINT32) > (UINT8 *) VariableBuffer + BufferSize) {\r
+ Corrupted = TRUE;\r
+ break;\r
+ }\r
Signature = *(UINT32 *) VariableIndex;\r
if (Signature != PLATFORM_OVERRIDE_ITEM_SIGNATURE) {\r
Corrupted = TRUE;\r
//\r
// Get DriverNum\r
//\r
+ if (VariableIndex + sizeof (UINT32) >= (UINT8 *) VariableBuffer + BufferSize) {\r
+ Corrupted = TRUE;\r
+ break;\r
+ }\r
DriverNumber = *(UINT32*) VariableIndex;\r
OverrideItem->DriverInfoNum = DriverNumber;\r
VariableIndex = VariableIndex + sizeof (UINT32);\r
// Align the VariableIndex since the controller device path may not be aligned, refer to the SaveOverridesMapping()\r
//\r
VariableIndex += ((sizeof(UINT32) - ((UINTN) (VariableIndex))) & (sizeof(UINT32) - 1));\r
+ //\r
+ // Check buffer overflow.\r
+ //\r
+ if ((OverrideItem->ControllerDevicePath == NULL) || (VariableIndex < (UINT8 *) ControllerDevicePath) || \r
+ (VariableIndex > (UINT8 *) VariableBuffer + BufferSize)) {\r
+ Corrupted = TRUE;\r
+ break;\r
+ }\r
\r
//\r
// Get all DriverImageDevicePath[]\r
VariableIndex += ((sizeof(UINT32) - ((UINTN) (VariableIndex))) & (sizeof(UINT32) - 1));\r
\r
InsertTailList (&OverrideItem->DriverInfoList, &DriverImageInfo->Link);\r
+\r
+ //\r
+ // Check buffer overflow\r
+ //\r
+ if ((DriverImageInfo->DriverImagePath == NULL) || (VariableIndex < (UINT8 *) DriverDevicePath) || \r
+ (VariableIndex < (UINT8 *) VariableBuffer + BufferSize)) {\r
+ Corrupted = TRUE;\r
+ break;\r
+ }\r
}\r
InsertTailList (MappingDataBase, &OverrideItem->Link);\r
+ if (Corrupted) {\r
+ break;\r
+ }\r
}\r
\r
FreePool (VariableBuffer);\r
//\r
// Check NotEnd to get all PlatDriOverX variable(s)\r
//\r
- while ((*(UINT32*)VariableBuffer) != 0) {\r
+ while ((VariableBuffer != NULL) && ((*(UINT32*)VariableBuffer) != 0)) {\r
+ FreePool (VariableBuffer);\r
UnicodeSPrint (OverrideVariableName, sizeof (OverrideVariableName), L"PlatDriOver%d", VariableNum);\r
VariableBuffer = GetVariableAndSize (OverrideVariableName, &gEfiCallerIdGuid, &BufferSize);\r
VariableNum++;\r
- ASSERT (VariableBuffer != NULL);\r
}\r
\r
//\r
Status = gRT->SetVariable (\r
L"PlatDriOver",\r
&gEfiCallerIdGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
0,\r
NULL\r
);\r
Status = gRT->SetVariable (\r
OverrideVariableName,\r
&gEfiCallerIdGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
0,\r
NULL\r
);\r
// Get the the maximum size of an individual EFI variable in current system\r
//\r
gRT->QueryVariableInfo (\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
&MaximumVariableStorageSize,\r
&RemainingVariableStorageSize,\r
&MaximumVariableSize\r
//\r
if ((VariableNeededSize +\r
OneItemNeededSize +\r
- sizeof (VARIABLE_HEADER) +\r
StrSize (L"PlatDriOver ")\r
) >= MaximumVariableSize\r
) {\r
Status = gRT->SetVariable (\r
OverrideVariableName,\r
&gEfiCallerIdGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
VariableNeededSize,\r
VariableBuffer\r
);\r
- ASSERT (!EFI_ERROR(Status));\r
+ FreePool (VariableBuffer);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ if (NumIndex > 0) {\r
+ //\r
+ // Delete all PlatDriOver variables when full mapping can't be set. \r
+ //\r
+ DeleteOverridesVariables ();\r
+ }\r
+ return Status;\r
+ }\r
\r
NumIndex ++;\r
- FreePool (VariableBuffer);\r
}\r
\r
return EFI_SUCCESS;\r
If Binding protocol is not found, it is set to NULL. \r
\r
@return Pointer into the Binding Protocol interface\r
- @retval NULL The paramter is not valid or the binding protocol is not found.\r
+ @retval NULL The parameter is not valid or the binding protocol is not found.\r
\r
**/\r
EFI_DRIVER_BINDING_PROTOCOL *\r
//\r
if (CheckExistInStack (OverrideItem->ControllerDevicePath)) {\r
//\r
- // There is a dependecy dead loop if the ControllerDevicePath appear in stack twice\r
+ // There is a dependency dead loop if the ControllerDevicePath appear in stack twice\r
//\r
return EFI_UNSUPPORTED;\r
}\r
// If the image device path contains an FV node, check the FV file device path is valid.\r
// If it is invalid, try to return the valid device path.\r
// FV address maybe changes for memory layout adjust from time to time,\r
- // use this funciton could promise the FV file device path is right.\r
+ // use this function could promise the FV file device path is right.\r
//\r
Status = UpdateFvFileDevicePath (&TempDriverImagePath, NULL, CallerImageHandle);\r
if (!EFI_ERROR (Status)) {\r
projects / mirror_edk2.git / blobdiff