VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,\r
integer overflow. It should also check attribute to avoid authentication bypass.\r
\r
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
\r
AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut;\r
\r
-/**\r
-\r
- SecureBoot Hook for auth variable update.\r
-\r
- @param[in] VariableName Name of Variable to be found.\r
- @param[in] VendorGuid Variable vendor GUID.\r
-**/\r
-VOID\r
-EFIAPI\r
-SecureBootHook (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
- );\r
-\r
/**\r
Routine used to track statistical information about variable usage.\r
The data is stored in the EFI system table so it can be accessed later.\r
//\r
// Update the data in NV cache.\r
//\r
- *VarErrFlag = Flag;\r
+ *VarErrFlag = TempFlag;\r
}\r
}\r
}\r
// Install the new variable if it is not NULL.\r
//\r
if (NewVariable != NULL) {\r
- if ((UINTN) (CurrPtr - ValidBuffer) + NewVariableSize > VariableStoreHeader->Size) {\r
+ if (((UINTN) CurrPtr - (UINTN) ValidBuffer) + NewVariableSize > VariableStoreHeader->Size) {\r
//\r
// No enough space to store the new variable.\r
//\r
// If volatile variable store, just copy valid buffer.\r
//\r
SetMem ((UINT8 *) (UINTN) VariableBase, VariableStoreHeader->Size, 0xff);\r
- CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) (CurrPtr - ValidBuffer));\r
- *LastVariableOffset = (UINTN) (CurrPtr - ValidBuffer);\r
+ CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) CurrPtr - (UINTN) ValidBuffer);\r
+ *LastVariableOffset = (UINTN) CurrPtr - (UINTN) ValidBuffer;\r
Status = EFI_SUCCESS;\r
} else {\r
//\r
(VARIABLE_STORE_HEADER *) ValidBuffer\r
);\r
if (!EFI_ERROR (Status)) {\r
- *LastVariableOffset = (UINTN) (CurrPtr - ValidBuffer);\r
+ *LastVariableOffset = (UINTN) CurrPtr - (UINTN) ValidBuffer;\r
mVariableModuleGlobal->HwErrVariableTotalSize = HwErrVariableTotalSize;\r
mVariableModuleGlobal->CommonVariableTotalSize = CommonVariableTotalSize;\r
mVariableModuleGlobal->CommonUserVariableTotalSize = CommonUserVariableTotalSize;\r
} else {\r
+ mVariableModuleGlobal->HwErrVariableTotalSize = 0;\r
+ mVariableModuleGlobal->CommonVariableTotalSize = 0;\r
+ mVariableModuleGlobal->CommonUserVariableTotalSize = 0;\r
Variable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase);\r
while (IsValidVariableHeader (Variable, GetEndPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase))) {\r
NextVariable = GetNextVariablePtr (Variable);\r
ASSERT_EFI_ERROR (Status);\r
\r
TotalNeededSize = 0;\r
- Args = Marker;\r
+ VA_COPY (Args, Marker);\r
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);\r
while (VariableEntry != NULL) {\r
//\r
TotalNeededSize += VariableEntry->VariableSize;\r
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);\r
}\r
+ VA_END (Args);\r
\r
if (RemainingVariableStorageSize >= TotalNeededSize) {\r
//\r
return FALSE;\r
}\r
\r
- Args = Marker;\r
+ VA_COPY (Args, Marker);\r
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);\r
while (VariableEntry != NULL) {\r
//\r
RemainingVariableStorageSize -= VariableEntry->VariableSize;\r
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);\r
}\r
+ VA_END (Args);\r
\r
return TRUE;\r
}\r
// go to delete this variable in variable HOB and\r
// try to flush other variables from HOB to flash.\r
//\r
+ UpdateVariableInfo (VariableName, VendorGuid, FALSE, FALSE, FALSE, TRUE, FALSE);\r
FlushHobVariableToFlash (VariableName, VendorGuid);\r
return EFI_SUCCESS;\r
}\r
// Both ADDED and IN_DELETED_TRANSITION variable are present,\r
// set IN_DELETED_TRANSITION one to DELETED state first.\r
//\r
+ ASSERT (CacheVariable->InDeletedTransitionPtr != NULL);\r
State = CacheVariable->InDeletedTransitionPtr->State;\r
State &= VAR_DELETED;\r
Status = UpdateVariableStore (\r
);\r
if (!EFI_ERROR (Status)) {\r
if (!Variable->Volatile) {\r
- ASSERT (CacheVariable->InDeletedTransitionPtr != NULL);\r
CacheVariable->InDeletedTransitionPtr->State = State;\r
}\r
} else {\r
// Both ADDED and IN_DELETED_TRANSITION old variable are present,\r
// set IN_DELETED_TRANSITION one to DELETED state first.\r
//\r
+ ASSERT (CacheVariable->InDeletedTransitionPtr != NULL);\r
State = CacheVariable->InDeletedTransitionPtr->State;\r
State &= VAR_DELETED;\r
Status = UpdateVariableStore (\r
);\r
if (!EFI_ERROR (Status)) {\r
if (!Variable->Volatile) {\r
- ASSERT (CacheVariable->InDeletedTransitionPtr != NULL);\r
CacheVariable->InDeletedTransitionPtr->State = State;\r
}\r
} else {\r
@param Attributes Attribute value of the variable found.\r
@param DataSize Size of Data found. If size is less than the\r
data, this value contains the required size.\r
- @param Data Data pointer.\r
+ @param Data The buffer to return the contents of the variable. May be NULL\r
+ with a zero DataSize in order to determine the size buffer needed.\r
\r
@return EFI_INVALID_PARAMETER Invalid parameter.\r
@return EFI_SUCCESS Find the specified variable.\r
IN EFI_GUID *VendorGuid,\r
OUT UINT32 *Attributes OPTIONAL,\r
IN OUT UINTN *DataSize,\r
- OUT VOID *Data\r
+ OUT VOID *Data OPTIONAL\r
)\r
{\r
EFI_STATUS Status;\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if (VariableName[0] == 0) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);\r
\r
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r
@param[in] VendorGuid Variable Vendor Guid.\r
@param[out] VariablePtr Pointer to variable header address.\r
\r
- @return EFI_SUCCESS Find the specified variable.\r
- @return EFI_NOT_FOUND Not found.\r
+ @retval EFI_SUCCESS The function completed successfully.\r
+ @retval EFI_NOT_FOUND The next variable was not found.\r
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while VendorGuid is NULL.\r
+ @retval EFI_INVALID_PARAMETER The input values of VariableName and VendorGuid are not a name and\r
+ GUID of an existing variable.\r
\r
**/\r
EFI_STATUS\r
\r
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r
if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {\r
+ //\r
+ // For VariableName is an empty string, FindVariable() will try to find and return\r
+ // the first qualified variable, and if FindVariable() returns error (EFI_NOT_FOUND)\r
+ // as no any variable is found, still go to return the error (EFI_NOT_FOUND).\r
+ //\r
+ if (VariableName[0] != 0) {\r
+ //\r
+ // For VariableName is not an empty string, and FindVariable() returns error as\r
+ // VariableName and VendorGuid are not a name and GUID of an existing variable,\r
+ // there is no way to get next variable, follow spec to return EFI_INVALID_PARAMETER.\r
+ //\r
+ Status = EFI_INVALID_PARAMETER;\r
+ }\r
goto Done;\r
}\r
\r
Caution: This function may receive untrusted input.\r
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.\r
\r
- @param VariableNameSize Size of the variable name.\r
+ @param VariableNameSize The size of the VariableName buffer. The size must be large\r
+ enough to fit input string supplied in VariableName buffer.\r
@param VariableName Pointer to variable name.\r
@param VendorGuid Variable Vendor Guid.\r
\r
- @return EFI_INVALID_PARAMETER Invalid parameter.\r
- @return EFI_SUCCESS Find the specified variable.\r
- @return EFI_NOT_FOUND Not found.\r
- @return EFI_BUFFER_TO_SMALL DataSize is too small for the result.\r
+ @retval EFI_SUCCESS The function completed successfully.\r
+ @retval EFI_NOT_FOUND The next variable was not found.\r
+ @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for the result.\r
+ VariableNameSize has been updated with the size needed to complete the request.\r
+ @retval EFI_INVALID_PARAMETER VariableNameSize is NULL.\r
+ @retval EFI_INVALID_PARAMETER VariableName is NULL.\r
+ @retval EFI_INVALID_PARAMETER VendorGuid is NULL.\r
+ @retval EFI_INVALID_PARAMETER The input values of VariableName and VendorGuid are not a name and\r
+ GUID of an existing variable.\r
+ @retval EFI_INVALID_PARAMETER Null-terminator is not found in the first VariableNameSize bytes of\r
+ the input VariableName buffer.\r
\r
**/\r
EFI_STATUS\r
)\r
{\r
EFI_STATUS Status;\r
+ UINTN MaxLen;\r
UINTN VarNameSize;\r
VARIABLE_HEADER *VariablePtr;\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ //\r
+ // Calculate the possible maximum length of name string, including the Null terminator.\r
+ //\r
+ MaxLen = *VariableNameSize / sizeof (CHAR16);\r
+ if ((MaxLen == 0) || (StrnLenS (VariableName, MaxLen) == MaxLen)) {\r
+ //\r
+ // Null-terminator is not found in the first VariableNameSize bytes of the input VariableName buffer,\r
+ // follow spec to return EFI_INVALID_PARAMETER.\r
+ //\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);\r
\r
Status = VariableServiceGetNextVariableInternal (VariableName, VendorGuid, &VariablePtr);\r
\r
//\r
// Check for reserverd bit in variable attribute.\r
+ // EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated but we still allow\r
+ // the delete operation of common authenticated variable at user physical presence.\r
+ // So leave EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute check to AuthVariableLib\r
//\r
- if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) != 0) {\r
+ if ((Attributes & (~(EFI_VARIABLE_ATTRIBUTES_MASK | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS))) != 0) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
}\r
}\r
\r
+ //\r
+ // Special Handling for MOR Lock variable.\r
+ //\r
+ Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));\r
+ if (Status == EFI_ALREADY_STARTED) {\r
+ //\r
+ // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor().\r
+ // Variable driver can just return SUCCESS.\r
+ //\r
+ return EFI_SUCCESS;\r
+ }\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
UINT32 HwErrStorageSize;\r
UINT32 MaxUserNvVariableSpaceSize;\r
UINT32 BoottimeReservedNvVariableSpaceSize;\r
+ EFI_STATUS Status;\r
+ VOID *FtwProtocol;\r
\r
mVariableModuleGlobal->FvbInstance = NULL;\r
\r
//\r
CopyMem (NvStorageData, (UINT8 *) (UINTN) NvStorageBase, NvStorageSize);\r
\r
+ Status = GetFtwProtocol ((VOID **)&FtwProtocol);\r
//\r
- // Check the FTW last write data hob.\r
+ // If FTW protocol has been installed, no need to check FTW last write data hob.\r
//\r
- GuidHob = GetFirstGuidHob (&gEdkiiFaultTolerantWriteGuid);\r
- if (GuidHob != NULL) {\r
- FtwLastWriteData = (FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *) GET_GUID_HOB_DATA (GuidHob);\r
- if (FtwLastWriteData->TargetAddress == NvStorageBase) {\r
- DEBUG ((EFI_D_INFO, "Variable: NV storage is backed up in spare block: 0x%x\n", (UINTN) FtwLastWriteData->SpareAddress));\r
- //\r
- // Copy the backed up NV storage data to the memory buffer from spare block.\r
- //\r
- CopyMem (NvStorageData, (UINT8 *) (UINTN) (FtwLastWriteData->SpareAddress), NvStorageSize);\r
- } else if ((FtwLastWriteData->TargetAddress > NvStorageBase) &&\r
- (FtwLastWriteData->TargetAddress < (NvStorageBase + NvStorageSize))) {\r
- //\r
- // Flash NV storage from the Offset is backed up in spare block.\r
- //\r
- BackUpOffset = (UINT32) (FtwLastWriteData->TargetAddress - NvStorageBase);\r
- BackUpSize = NvStorageSize - BackUpOffset;\r
- DEBUG ((EFI_D_INFO, "Variable: High partial NV storage from offset: %x is backed up in spare block: 0x%x\n", BackUpOffset, (UINTN) FtwLastWriteData->SpareAddress));\r
- //\r
- // Copy the partial backed up NV storage data to the memory buffer from spare block.\r
- //\r
- CopyMem (NvStorageData + BackUpOffset, (UINT8 *) (UINTN) FtwLastWriteData->SpareAddress, BackUpSize);\r
+ if (EFI_ERROR (Status)) {\r
+ //\r
+ // Check the FTW last write data hob.\r
+ //\r
+ GuidHob = GetFirstGuidHob (&gEdkiiFaultTolerantWriteGuid);\r
+ if (GuidHob != NULL) {\r
+ FtwLastWriteData = (FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *) GET_GUID_HOB_DATA (GuidHob);\r
+ if (FtwLastWriteData->TargetAddress == NvStorageBase) {\r
+ DEBUG ((EFI_D_INFO, "Variable: NV storage is backed up in spare block: 0x%x\n", (UINTN) FtwLastWriteData->SpareAddress));\r
+ //\r
+ // Copy the backed up NV storage data to the memory buffer from spare block.\r
+ //\r
+ CopyMem (NvStorageData, (UINT8 *) (UINTN) (FtwLastWriteData->SpareAddress), NvStorageSize);\r
+ } else if ((FtwLastWriteData->TargetAddress > NvStorageBase) &&\r
+ (FtwLastWriteData->TargetAddress < (NvStorageBase + NvStorageSize))) {\r
+ //\r
+ // Flash NV storage from the Offset is backed up in spare block.\r
+ //\r
+ BackUpOffset = (UINT32) (FtwLastWriteData->TargetAddress - NvStorageBase);\r
+ BackUpSize = NvStorageSize - BackUpOffset;\r
+ DEBUG ((EFI_D_INFO, "Variable: High partial NV storage from offset: %x is backed up in spare block: 0x%x\n", BackUpOffset, (UINTN) FtwLastWriteData->SpareAddress));\r
+ //\r
+ // Copy the partial backed up NV storage data to the memory buffer from spare block.\r
+ //\r
+ CopyMem (NvStorageData + BackUpOffset, (UINT8 *) (UINTN) FtwLastWriteData->SpareAddress, BackUpSize);\r
+ }\r
}\r
}\r
\r
return EFI_VOLUME_CORRUPTED;\r
}\r
\r
- VariableStoreBase = (EFI_PHYSICAL_ADDRESS) ((UINTN) FvHeader + FvHeader->HeaderLength);\r
- VariableStoreLength = (UINT64) (NvStorageSize - FvHeader->HeaderLength);\r
+ VariableStoreBase = (UINTN) FvHeader + FvHeader->HeaderLength;\r
+ VariableStoreLength = NvStorageSize - FvHeader->HeaderLength;\r
\r
mNvFvHeaderCache = FvHeader;\r
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase = VariableStoreBase;\r
}\r
\r
if (!EFI_ERROR (Status)) {\r
- for (Index = 0; Index < sizeof (mVariableEntryProperty) / sizeof (mVariableEntryProperty[0]); Index++) {\r
+ for (Index = 0; Index < ARRAY_SIZE (mVariableEntryProperty); Index++) {\r
VariableEntry = &mVariableEntryProperty[Index];\r
Status = VarCheckLibVariablePropertySet (VariableEntry->Name, VariableEntry->Guid, &VariableEntry->VariableProperty);\r
ASSERT_EFI_ERROR (Status);\r
}\r
\r
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);\r
+\r
+ //\r
+ // Initialize MOR Lock variable.\r
+ //\r
+ MorLockInit ();\r
+\r
return Status;\r
}\r
\r
GuidHob = GetFirstGuidHob (VariableGuid);\r
if (GuidHob != NULL) {\r
VariableStoreHeader = GET_GUID_HOB_DATA (GuidHob);\r
- VariableStoreLength = (UINT64) (GuidHob->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE));\r
+ VariableStoreLength = GuidHob->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE);\r
if (GetVariableStoreStatus (VariableStoreHeader) == EfiValid) {\r
mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) AllocateRuntimeCopyPool ((UINTN) VariableStoreLength, (VOID *) VariableStoreHeader);\r
if (mVariableModuleGlobal->VariableGlobal.HobVariableBase == 0) {\r