git.proxmox.com Git - mirror_edk2.git/commit - UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h

author	Kun Qin <kuqin12@gmail.com>
	Tue, 6 Apr 2021 19:52:54 +0000 (12:52 -0700)
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
	Mon, 12 Apr 2021 17:23:54 +0000 (17:23 +0000)
commit	a7d8e28b29f2e7496357a161ba86219e4b4d815c
tree	acbfe13a5cd0367b8d27094ae843d4801442a33a	tree
parent	2072c22a0d63c780b0cc6377f6d4ffb116ad6144	commit \| diff

UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3283

Current SMM Save State routine does not check the number of bytes to be
read, when it comse to read IO_INFO, before casting the incoming buffer
to EFI_SMM_SAVE_STATE_IO_INFO. This could potentially cause memory
corruption due to extra bytes are written out of buffer boundary.

This change adds a width check before copying IoInfo into output buffer.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20210406195254.1018-2-kuqin12@gmail.com>

UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h		diff \| blob \| blame \| history
UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c		diff \| blob \| blame \| history