X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=MdeModulePkg%2FUniversal%2FVariable%2FRuntimeDxe%2FVariable.c;h=cd3f5ef475dd21022ca1b9b60961f3bf0337869f;hb=56251c669f0f13d2ffc226cfd3a3d8c5f8269e7a;hp=956c1f2ae1682dc531cdb910e6bc856cc6afb4f2;hpb=b6d1508f17777c96287a01db36bcde2d41a27323;p=mirror_edk2.git diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 956c1f2ae1..cd3f5ef475 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -2218,14 +2218,20 @@ VariableServiceSetVariable ( return EFI_INVALID_PARAMETER; } + if ((UINTN)(~0) - DataSize < StrSize(VariableName)){ + // + // Prevent whole variable size overflow + // + return EFI_INVALID_PARAMETER; + } + // // The size of the VariableName, including the Unicode Null in bytes plus // the DataSize is limited to maximum size of PcdGet32 (PcdMaxHardwareErrorVariableSize) // bytes for HwErrRec, and PcdGet32 (PcdMaxVariableSize) bytes for the others. // if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { - if ((DataSize > PcdGet32 (PcdMaxHardwareErrorVariableSize)) || - (sizeof (VARIABLE_HEADER) + StrSize (VariableName) + DataSize > PcdGet32 (PcdMaxHardwareErrorVariableSize))) { + if ( StrSize (VariableName) + DataSize > PcdGet32 (PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER)) { return EFI_INVALID_PARAMETER; } if (!IsHwErrRecVariable(VariableName, VendorGuid)) { @@ -2236,8 +2242,7 @@ VariableServiceSetVariable ( // The size of the VariableName, including the Unicode Null in bytes plus // the DataSize is limited to maximum size of PcdGet32 (PcdMaxVariableSize) bytes. // - if ((DataSize > PcdGet32 (PcdMaxVariableSize)) || - (sizeof (VARIABLE_HEADER) + StrSize (VariableName) + DataSize > PcdGet32 (PcdMaxVariableSize))) { + if (StrSize (VariableName) + DataSize > PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER)) { return EFI_INVALID_PARAMETER; } }