]> git.proxmox.com Git - mirror_edk2.git/blobdiff - MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds check bypass
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / Variable.c
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index dc8622db8138f237d60e7908a8e674a1e5680dfd..a2d61c8cd618776a6f44c76f0fa12e9603555279 100644 (file)
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -3198,6 +3198,12 @@ VariableServiceSetVariable (
       ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r
       return EFI_SECURITY_VIOLATION;\r
     }\r
+    //\r
+    // The MemoryLoadFence() call here is to ensure the above sanity check\r
+    // for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed\r
+    // before the execution of subsequent codes.\r
+    //\r
+    MemoryLoadFence ();\r
     PayloadSize = DataSize - AUTHINFO2_SIZE (Data);\r
   } else {\r
     PayloadSize = DataSize;\r
EFI Development Kit II mirror for PVE