MdeModulePkg: Replace BSD License with BSD+Patent License

[mirror_edk2.git] / MdeModulePkg / Bus / Ufs / UfsPassThruDxe / UfsPassThruHci.c

diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c
index 5756f637fd7e3068cc79f535d191f5e0faa7bd56..4b93821f38aa7abe54b73766ba6eceb5c4a62639 100644 (file)
--- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c
+++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThruHci.c
@@ -3,13 +3,7 @@
   for upper layer application to execute UFS-supported SCSI cmds.\r
 \r
   Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>\r
-  This program and the accompanying materials\r
-  are licensed and made available under the terms and conditions of the BSD License\r
-  which accompanies this distribution.  The full text of the license may be found at\r
-  http://opensource.org/licenses/bsd-license.php.\r
-\r
-  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
 \r
@@ -833,6 +827,7 @@ UfsStopExecCmd (
   @param[in] QueryResp  Pointer to the query response.\r
 \r
   @retval EFI_INVALID_PARAMETER Packet or QueryResp are empty or opcode is invalid.\r
+  @retval EFI_DEVICE_ERROR      Data returned from device is invalid.\r
   @retval EFI_SUCCESS           Data extracted.\r
 \r
 **/\r
@@ -853,6 +848,13 @@ UfsGetReturnDataFromQueryResponse (
     case UtpQueryFuncOpcodeRdDesc:\r
       ReturnDataSize = QueryResp->Tsf.Length;\r
       SwapLittleEndianToBigEndian ((UINT8*)&ReturnDataSize, sizeof (UINT16));\r
+      //\r
+      // Make sure the hardware device does not return more data than expected.\r
+      //\r
+      if (ReturnDataSize > Packet->TransferLength) {\r
+        return EFI_DEVICE_ERROR;\r
+      }\r
+\r
       CopyMem (Packet->DataBuffer, (QueryResp + 1), ReturnDataSize);\r
       Packet->TransferLength = ReturnDataSize;\r
       break;\r
@@ -1469,8 +1471,15 @@ UfsExecScsiCmds (
   SwapLittleEndianToBigEndian ((UINT8*)&SenseDataLen, sizeof (UINT16));\r
 \r
   if ((Packet->SenseDataLength != 0) && (Packet->SenseData != NULL)) {\r
-    CopyMem (Packet->SenseData, Response->SenseData, SenseDataLen);\r
-    Packet->SenseDataLength = (UINT8)SenseDataLen;\r
+    //\r
+    // Make sure the hardware device does not return more data than expected.\r
+    //\r
+    if (SenseDataLen <= Packet->SenseDataLength) {\r
+      CopyMem (Packet->SenseData, Response->SenseData, SenseDataLen);\r
+      Packet->SenseDataLength = (UINT8)SenseDataLen;\r
+    } else {\r
+      Packet->SenseDataLength = 0;\r
+    }\r
   }\r
 \r
   //\r
@@ -2226,8 +2235,15 @@ ProcessAsyncTaskList (
         SwapLittleEndianToBigEndian ((UINT8*)&SenseDataLen, sizeof (UINT16));\r
 \r
         if ((Packet->SenseDataLength != 0) && (Packet->SenseData != NULL)) {\r
-          CopyMem (Packet->SenseData, Response->SenseData, SenseDataLen);\r
-          Packet->SenseDataLength = (UINT8)SenseDataLen;\r
+          //\r
+          // Make sure the hardware device does not return more data than expected.\r
+          //\r
+          if (SenseDataLen <= Packet->SenseDataLength) {\r
+            CopyMem (Packet->SenseData, Response->SenseData, SenseDataLen);\r
+            Packet->SenseDataLength = (UINT8)SenseDataLen;\r
+          } else {\r
+            Packet->SenseDataLength = 0;\r
+          }\r
         }\r
 \r
         //\r