/** @file\r
Misc BDS library function\r
\r
-Copyright (c) 2004 - 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
if (OptionPtr == NULL) {\r
continue;\r
}\r
+\r
+ //\r
+ // Validate the variable.\r
+ //\r
+ if (!ValidateOption(OptionPtr, OptionSize)) {\r
+ continue;\r
+ }\r
+\r
TempPtr = OptionPtr;\r
TempPtr += sizeof (UINT32) + sizeof (UINT16);\r
Description = (CHAR16 *) TempPtr;\r
Size = 0;\r
while (!IsDevicePathEnd (DevicePath)) {\r
NodeSize = DevicePathNodeLength (DevicePath);\r
- if (NodeSize == 0) {\r
+ if (NodeSize < END_DEVICE_PATH_LENGTH) {\r
return 0;\r
}\r
Size += NodeSize;\r
return (Length + 1) * sizeof (*String);\r
}\r
\r
+/**\r
+ Validate the EFI Boot#### variable (VendorGuid/Name)\r
+\r
+ @param Variable Boot#### variable data.\r
+ @param VariableSize Returns the size of the EFI variable that was read\r
+\r
+ @retval TRUE The variable data is correct.\r
+ @retval FALSE The variable data is corrupted.\r
+\r
+**/\r
+BOOLEAN \r
+ValidateOption (\r
+ UINT8 *Variable,\r
+ UINTN VariableSize\r
+ )\r
+{\r
+ UINT16 FilePathSize;\r
+ UINT8 *TempPtr;\r
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
+ EFI_DEVICE_PATH_PROTOCOL *TempPath;\r
+ UINTN TempSize;\r
+\r
+ //\r
+ // Skip the option attribute\r
+ //\r
+ TempPtr = Variable;\r
+ TempPtr += sizeof (UINT32);\r
+\r
+ //\r
+ // Get the option's device path size\r
+ //\r
+ FilePathSize = *(UINT16 *) TempPtr;\r
+ TempPtr += sizeof (UINT16);\r
+\r
+ //\r
+ // Get the option's description string size\r
+ //\r
+ TempSize = StrSizeEx ((CHAR16 *) TempPtr, VariableSize);\r
+ TempPtr += TempSize;\r
+\r
+ //\r
+ // Get the option's device path\r
+ //\r
+ DevicePath = (EFI_DEVICE_PATH_PROTOCOL *) TempPtr;\r
+ TempPtr += FilePathSize;\r
+\r
+ //\r
+ // Validation boot option variable.\r
+ //\r
+ if ((FilePathSize == 0) || (TempSize == 0)) {\r
+ return FALSE;\r
+ }\r
+\r
+ if (TempSize + FilePathSize + sizeof (UINT16) + sizeof (UINT16) > VariableSize) {\r
+ return FALSE;\r
+ }\r
+\r
+ TempPath = DevicePath;\r
+ while (FilePathSize > 0) {\r
+ TempSize = GetDevicePathSizeEx (TempPath, FilePathSize);\r
+ if (TempSize == 0) {\r
+ return FALSE;\r
+ }\r
+ FilePathSize = (UINT16) (FilePathSize - TempSize);\r
+ TempPath += TempSize;\r
+ }\r
+\r
+ return TRUE;\r
+}\r
+\r
+/**\r
+ Convert a single character to number.\r
+ It assumes the input Char is in the scope of L'0' ~ L'9' and L'A' ~ L'F'\r
+ \r
+ @param Char The input char which need to change to a hex number.\r
+ \r
+**/\r
+UINTN\r
+CharToUint (\r
+ IN CHAR16 Char\r
+ )\r
+{\r
+ if ((Char >= L'0') && (Char <= L'9')) {\r
+ return (UINTN) (Char - L'0');\r
+ }\r
+\r
+ if ((Char >= L'A') && (Char <= L'F')) {\r
+ return (UINTN) (Char - L'A' + 0xA);\r
+ }\r
+\r
+ ASSERT (FALSE);\r
+ return 0;\r
+}\r
+\r
/**\r
Build the boot#### or driver#### option from the VariableName, the\r
build boot#### or driver#### will also be linked to BdsCommonOptionList.\r
if (Variable == NULL) {\r
return NULL;\r
}\r
+\r
+ //\r
+ // Validate Boot#### variable data.\r
+ //\r
+ if (!ValidateOption(Variable, VariableSize)) {\r
+ return NULL;\r
+ }\r
+\r
//\r
// Notes: careful defined the variable of Boot#### or\r
// Driver####, consider use some macro to abstract the code\r
// Unicode stream to ASCII without any loss in meaning.\r
//\r
if (*VariableName == 'B') {\r
- NumOff = (UINT8) (sizeof (L"Boot") / sizeof(CHAR16) - 1);\r
- Option->BootCurrent = (UINT16) ((VariableName[NumOff] -'0') * 0x1000);\r
- Option->BootCurrent = (UINT16) (Option->BootCurrent + ((VariableName[NumOff+1]-'0') * 0x100));\r
- Option->BootCurrent = (UINT16) (Option->BootCurrent + ((VariableName[NumOff+2]-'0') * 0x10));\r
- Option->BootCurrent = (UINT16) (Option->BootCurrent + ((VariableName[NumOff+3]-'0')));\r
+ NumOff = (UINT8) (sizeof (L"Boot") / sizeof (CHAR16) - 1);\r
+ Option->BootCurrent = (UINT16) (CharToUint (VariableName[NumOff+0]) * 0x1000) \r
+ + (UINT16) (CharToUint (VariableName[NumOff+1]) * 0x100)\r
+ + (UINT16) (CharToUint (VariableName[NumOff+2]) * 0x10)\r
+ + (UINT16) (CharToUint (VariableName[NumOff+3]) * 0x1);\r
}\r
//\r
// Insert active entry to BdsDeviceList\r