From 1fee5304db562db9f0757af077da100336566cd9 Mon Sep 17 00:00:00 2001 From: Eric Dong Date: Wed, 25 Jun 2014 06:00:49 +0000 Subject: [PATCH] Refine code to make it more safely. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong Reviewed-by: Guo Dong git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15590 6f19259b-4bc3-4df7-8a09-765794883524 --- .../DxeImageVerificationLib.c | 12 ++++++------ .../EsalVariableDxeSal/AuthService.c | 6 +++++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 9f2bd68299..0a48ce1628 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -770,22 +770,22 @@ AddImageExeInfo ( // // Update new item's information. // - WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action); - WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize); + WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action); + WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize); if (Name != NULL) { - CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name, NameStringLen); + CopyMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), Name, NameStringLen); } else { - ZeroMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), sizeof (CHAR16)); + ZeroMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), sizeof (CHAR16)); } CopyMem ( - (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen, + (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen, DevicePath, DevicePathSize ); if (Signature != NULL) { CopyMem ( - (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen + DevicePathSize, + (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen + DevicePathSize, Signature, SignatureSize ); diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c index 38f462628a..45d5cfe3c6 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c @@ -2,7 +2,7 @@ Implement authentication services for the authenticated variable service in UEFI2.2. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -48,6 +48,8 @@ AutenticatedVariableServiceInitialize ( VARIABLE_HEADER VariableHeader; BOOLEAN Valid; + ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER)); + mVariableModuleGlobal->AuthenticatedVariableGuid[Physical] = &gEfiAuthenticatedVariableGuid; mVariableModuleGlobal->CertRsa2048Sha256Guid[Physical] = &gEfiCertRsa2048Sha256Guid; mVariableModuleGlobal->ImageSecurityDatabaseGuid[Physical] = &gEfiImageSecurityDatabaseGuid; @@ -484,6 +486,7 @@ ProcessVarWithPk ( BOOLEAN Valid; OldPkList = NULL; + ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER)); if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) { // @@ -623,6 +626,7 @@ ProcessVarWithKek ( BOOLEAN Valid; KekList = NULL; + ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER)); if (mPlatformMode == USER_MODE) { if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) { -- 2.39.2