The implementation of EFI IPv6 Configuration Protocol.\r
\r
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) Microsoft Corporation.<BR>\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
);\r
if (EFI_ERROR (Status) || (UINT16) (~NetblockChecksum ((UINT8 *) Variable, (UINT32) VarSize)) != 0) {\r
//\r
- // GetVariable still error or the variable is corrupted.\r
- // Fall back to the default value.\r
+ // GetVariable error or the variable is corrupted.\r
//\r
- FreePool (Variable);\r
-\r
- //\r
- // Remove the problematic variable and return EFI_NOT_FOUND, a new\r
- // variable will be set again.\r
- //\r
- gRT->SetVariable (\r
- VarName,\r
- &gEfiIp6ConfigProtocolGuid,\r
- IP6_CONFIG_VARIABLE_ATTRIBUTE,\r
- 0,\r
- NULL\r
- );\r
-\r
- return EFI_NOT_FOUND;\r
+ goto Error;\r
}\r
\r
//\r
if (!DATA_ATTRIB_SET (DataItem->Attribute, DATA_ATTRIB_SIZE_FIXED)) {\r
//\r
// This data item has variable length data.\r
+ // Check that the length is contained within the variable before allocating.\r
//\r
+ if (DataRecord.DataSize > VarSize - DataRecord.Offset) {\r
+ goto Error;\r
+ }\r
+\r
DataItem->Data.Ptr = AllocatePool (DataRecord.DataSize);\r
if (DataItem->Data.Ptr == NULL) {\r
//\r
}\r
\r
return Status;\r
+\r
+Error:\r
+ //\r
+ // Fall back to the default value.\r
+ //\r
+ if (Variable != NULL) {\r
+ FreePool (Variable);\r
+ }\r
+\r
+ //\r
+ // Remove the problematic variable and return EFI_NOT_FOUND, a new\r
+ // variable will be set again.\r
+ //\r
+ gRT->SetVariable (\r
+ VarName,\r
+ &gEfiIp6ConfigProtocolGuid,\r
+ IP6_CONFIG_VARIABLE_ATTRIBUTE,\r
+ 0,\r
+ NULL\r
+ );\r
+\r
+ return EFI_NOT_FOUND;\r
}\r
\r
/**\r