Add comment for modules which have external input.

[mirror_edk2.git] / MdeModulePkg / Universal / CapsulePei / Common / CapsuleCoalesce.c

diff --git a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
index 32b7dccec80982e80e5c8c1cd049c3f495689f50..7ed15ef2afd9987ad44ec5663c2a662035639393 100644 (file)
--- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
+++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
@@ -1,6 +1,14 @@
 /** @file\r
   The logic to process capsule.\r
 \r
+  Caution: This module requires additional review when modified.\r
+  This driver will have external input - capsule image.\r
+  This external input must be validated carefully to avoid security issue like\r
+  buffer overflow, integer overflow.\r
+\r
+  CapsuleDataCoalesce() will do basic validation before coalesce capsule data\r
+  into memory.\r
+\r
 Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
@@ -792,6 +800,10 @@ BuildCapsuleDescriptors (
                    |    PrivateDataDesc 0      |\r
       MemBase ---->+---------------------------+<----- BlockList\r
 \r
+  Caution: This function may receive untrusted input.\r
+  The capsule data is external input, so this routine will do basic validation before\r
+  coalesce capsule data into memory.\r
+\r
   @param PeiServices        General purpose services available to every PEIM.\r
   @param BlockListBuffer    Point to the buffer of Capsule Descriptor Variables.\r
   @param MemoryBase         Pointer to the base of a block of memory that we can walk\r