Fix overflow issue in TcgProtocol

Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14396 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/Tcg/TcgDxe/TpmComm.c b/SecurityPkg/Tcg/TcgDxe/TpmComm.c
index c47794b4f6ba9555f4eabb5c898a193294d66c54..96732fad5d895ef1fd4b25345d7e91238d0062a3 100644 (file)
--- a/SecurityPkg/Tcg/TcgDxe/TpmComm.c
+++ b/SecurityPkg/Tcg/TcgDxe/TpmComm.c
@@ -1,7 +1,7 @@
 /** @file  \r
   Utility functions used by TPM Dxe driver.\r
 \r
-Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
@@ -144,10 +144,17 @@ TpmCommLogEvent (
   IN      UINT8                     *NewEventData\r
   )\r
 {\r
-  UINT32                            NewLogSize;\r
+  UINTN                            NewLogSize;\r
+\r
+  //\r
+  // Prevent Event Overflow\r
+  //\r
+  if (NewEventHdr->EventSize > (UINTN)(~0) - sizeof (*NewEventHdr)) {\r
+    return EFI_OUT_OF_RESOURCES;\r
+  }\r
 \r
   NewLogSize = sizeof (*NewEventHdr) + NewEventHdr->EventSize;\r
-  if (NewLogSize + *LogSize > MaxSize) {\r
+  if (NewLogSize > MaxSize - *LogSize) {\r
     return EFI_OUT_OF_RESOURCES;\r
   }\r
 \r