MdeModulePkg/RamDiskDxe: Restrict on RAM disk size (CVE-2018-12180)

[mirror_edk2.git] / MdeModulePkg / Universal / Disk / RamDiskDxe / RamDiskProtocol.c

diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c
index 6784e2b2f1e9c89a44ba6d71be9400e42897988a..e8250d5c1bcc6e68a30f6b5fba935cb03c11fef0 100644 (file)
--- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c
+++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c
@@ -1,7 +1,7 @@
 /** @file\r
   The realization of EFI_RAM_DISK_PROTOCOL.\r
 \r
-  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>\r
   (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
@@ -613,7 +613,8 @@ RamDiskRegister (
   //\r
   // Add check to prevent data read across the memory boundary\r
   //\r
-  if (RamDiskBase + RamDiskSize > ((UINTN) -1) - RAM_DISK_BLOCK_SIZE + 1) {\r
+  if ((RamDiskSize > MAX_UINTN) ||\r
+      (RamDiskBase > MAX_UINTN - RamDiskSize + 1)) {\r
     return EFI_INVALID_PARAMETER;\r
   }\r
 \r