return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if (*DataSize >= mVariableBufferSize) {\r
+ //\r
+ // DataSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to\r
+ // overflow to a small value and pass the check in InitCommunicateBuffer().\r
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if DataSize is >= mVariableBufferSize.\r
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.\r
+ //\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
AcquireLockOnlyAtBootTime(&mVariableServicesLock);\r
\r
//\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if (*VariableNameSize >= mVariableBufferSize) {\r
+ //\r
+ // VariableNameSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to\r
+ // overflow to a small value and pass the check in InitCommunicateBuffer().\r
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if VariableNameSize is >= mVariableBufferSize.\r
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.\r
+ //\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
AcquireLockOnlyAtBootTime(&mVariableServicesLock);\r
\r
//\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if (DataSize >= mVariableBufferSize) {\r
+ //\r
+ // DataSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to\r
+ // overflow to a small value and pass the check in InitCommunicateBuffer().\r
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if DataSize is >= mVariableBufferSize.\r
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.\r
+ //\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
AcquireLockOnlyAtBootTime(&mVariableServicesLock);\r
\r
//\r