VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,\r
integer overflow. It should also check attribute to avoid authentication bypass.\r
\r
-Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>\r
-(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
@param Buffer Pointer to the buffer from which data is written.\r
\r
@retval EFI_INVALID_PARAMETER Parameters not valid.\r
+ @retval EFI_UNSUPPORTED Fvb is a NULL for Non-Volatile variable update.\r
+ @retval EFI_OUT_OF_RESOURCES The remaining size is not enough.\r
@retval EFI_SUCCESS Variable store successfully updated.\r
\r
**/\r
//\r
if (!Volatile) {\r
if (Fvb == NULL) {\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_UNSUPPORTED;\r
}\r
Status = Fvb->GetPhysicalAddress(Fvb, &FvVolHdr);\r
ASSERT_EFI_ERROR (Status);\r
DataPtr += mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase;\r
}\r
\r
- if ((DataPtr + DataSize) >= ((EFI_PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) FwVolHeader + FwVolHeader->FvLength))) {\r
- return EFI_INVALID_PARAMETER;\r
+ if ((DataPtr + DataSize) > ((EFI_PHYSICAL_ADDRESS) (UINTN) ((UINT8 *) FwVolHeader + FwVolHeader->FvLength))) {\r
+ return EFI_OUT_OF_RESOURCES;\r
}\r
} else {\r
//\r
DataPtr += mVariableModuleGlobal->VariableGlobal.VolatileVariableBase;\r
}\r
\r
- if ((DataPtr + DataSize) >= ((UINTN) ((UINT8 *) VolatileBase + VolatileBase->Size))) {\r
- return EFI_INVALID_PARAMETER;\r
+ if ((DataPtr + DataSize) > ((UINTN) ((UINT8 *) VolatileBase + VolatileBase->Size))) {\r
+ return EFI_OUT_OF_RESOURCES;\r
}\r
\r
//\r
@param[in] SupportedLanguages A pointer to a Null-terminated ASCII string that\r
contains a set of language codes in the format\r
specified by Iso639Language.\r
- @param[in] Iso639Language If TRUE, then all language codes are assumed to be\r
- in ISO 639-2 format. If FALSE, then all language\r
+ @param[in] Iso639Language If not zero, then all language codes are assumed to be\r
+ in ISO 639-2 format. If zero, then all language\r
codes are assumed to be in RFC 4646 language format\r
@param[in] ... A variable argument list that contains pointers to\r
Null-terminated ASCII strings that contain one or more\r
EFIAPI\r
VariableGetBestLanguage (\r
IN CONST CHAR8 *SupportedLanguages,\r
- IN BOOLEAN Iso639Language,\r
+ IN UINTN Iso639Language,\r
...\r
)\r
{\r
//\r
// If in RFC 4646 mode, then determine the length of the first RFC 4646 language code in Language\r
//\r
- if (!Iso639Language) {\r
+ if (Iso639Language == 0) {\r
for (LanguageLength = 0; Language[LanguageLength] != 0 && Language[LanguageLength] != ';'; LanguageLength++);\r
}\r
\r
//\r
// In RFC 4646 mode, then Loop through all language codes in SupportedLanguages\r
//\r
- if (!Iso639Language) {\r
+ if (Iso639Language == 0) {\r
//\r
// Skip ';' characters in Supported\r
//\r
if (AsciiStrnCmp (Supported, Language, LanguageLength) == 0) {\r
VA_END (Args);\r
\r
- Buffer = Iso639Language ? mVariableModuleGlobal->Lang : mVariableModuleGlobal->PlatformLang;\r
+ Buffer = (Iso639Language != 0) ? mVariableModuleGlobal->Lang : mVariableModuleGlobal->PlatformLang;\r
Buffer[CompareLength] = '\0';\r
return CopyMem (Buffer, Supported, CompareLength);\r
}\r
}\r
\r
- if (Iso639Language) {\r
+ if (Iso639Language != 0) {\r
//\r
// If ISO 639 mode, then each language can only be tested once\r
//\r
CopyMem (BufferForMerge, (UINT8 *) ((UINTN) CacheVariable->CurrPtr + DataOffset), DataSizeOfVariable (CacheVariable->CurrPtr));\r
\r
//\r
- // Set Max Common/Auth Variable Data Size as default MaxDataSize.\r
+ // Set Max Auth/Non-Volatile/Volatile Variable Data Size as default MaxDataSize.\r
//\r
if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
MaxDataSize = mVariableModuleGlobal->MaxAuthVariableSize - DataOffset;\r
- } else {\r
+ } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {\r
MaxDataSize = mVariableModuleGlobal->MaxVariableSize - DataOffset;\r
+ } else {\r
+ MaxDataSize = mVariableModuleGlobal->MaxVolatileVariableSize - DataOffset;\r
}\r
\r
//\r
// Make sure if runtime bit is set, boot service bit is set also.\r
//\r
if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {\r
- return EFI_INVALID_PARAMETER;\r
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+ return EFI_UNSUPPORTED;\r
+ } else {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
} else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {\r
//\r
//\r
if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
&& ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_UNSUPPORTED;\r
}\r
\r
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {\r
- if (DataSize < AUTHINFO_SIZE) {\r
- //\r
- // Try to write Authenticated Variable without AuthInfo.\r
- //\r
- return EFI_SECURITY_VIOLATION;\r
+ //\r
+ // If DataSize == AUTHINFO_SIZE and then PayloadSize is 0.\r
+ // Maybe it's the delete operation of common authenticated variable at user physical presence.\r
+ //\r
+ if (DataSize != AUTHINFO_SIZE) {\r
+ return EFI_UNSUPPORTED;\r
}\r
PayloadSize = DataSize - AUTHINFO_SIZE;\r
} else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {\r
} else {\r
//\r
// The size of the VariableName, including the Unicode Null in bytes plus\r
- // the DataSize is limited to maximum size of Max(Auth)VariableSize bytes.\r
+ // the DataSize is limited to maximum size of Max(Auth|Volatile)VariableSize bytes.\r
//\r
if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ()) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- } else {\r
+ } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {\r
if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize ()) {\r
return EFI_INVALID_PARAMETER;\r
}\r
+ } else {\r
+ if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxVolatileVariableSize - GetVariableHeaderSize ()) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
}\r
}\r
\r
}\r
\r
//\r
- // Let *MaximumVariableSize be Max(Auth)VariableSize with the exception of the variable header size.\r
+ // Let *MaximumVariableSize be Max(Auth|Volatile)VariableSize with the exception of the variable header size.\r
//\r
if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
*MaximumVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ();\r
- } else {\r
+ } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {\r
*MaximumVariableSize = mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize ();\r
+ } else {\r
+ *MaximumVariableSize = mVariableModuleGlobal->MaxVolatileVariableSize - GetVariableHeaderSize ();\r
}\r
}\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+ //\r
+ // Deprecated attribute, make this check as highest priority.\r
+ //\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {\r
//\r
// Make sure the Attributes combination is supported by the platform.\r
}\r
}\r
\r
+/**\r
+ Get maximum variable size, covering both non-volatile and volatile variables.\r
+\r
+ @return Maximum variable size.\r
+\r
+**/\r
+UINTN\r
+GetMaxVariableSize (\r
+ VOID\r
+ )\r
+{\r
+ UINTN MaxVariableSize;\r
+\r
+ MaxVariableSize = GetNonVolatileMaxVariableSize();\r
+ //\r
+ // The condition below fails implicitly if PcdMaxVolatileVariableSize equals\r
+ // the default zero value.\r
+ //\r
+ if (MaxVariableSize < PcdGet32 (PcdMaxVolatileVariableSize)) {\r
+ MaxVariableSize = PcdGet32 (PcdMaxVolatileVariableSize);\r
+ }\r
+ return MaxVariableSize;\r
+}\r
+\r
/**\r
Init non-volatile variable store.\r
\r
return Status;\r
}\r
\r
+/**\r
+ Convert normal variable storage to the allocated auth variable storage.\r
+\r
+ @param[in] NormalVarStorage Pointer to the normal variable storage header\r
+\r
+ @retval the allocated auth variable storage\r
+**/\r
+VOID *\r
+ConvertNormalVarStorageToAuthVarStorage (\r
+ VARIABLE_STORE_HEADER *NormalVarStorage\r
+ )\r
+{\r
+ VARIABLE_HEADER *StartPtr;\r
+ UINT8 *NextPtr;\r
+ VARIABLE_HEADER *EndPtr;\r
+ UINTN AuthVarStroageSize;\r
+ AUTHENTICATED_VARIABLE_HEADER *AuthStartPtr;\r
+ VARIABLE_STORE_HEADER *AuthVarStorage;\r
+\r
+ AuthVarStroageSize = sizeof (VARIABLE_STORE_HEADER);\r
+ //\r
+ // Set AuthFormat as FALSE for normal variable storage\r
+ //\r
+ mVariableModuleGlobal->VariableGlobal.AuthFormat = FALSE;\r
+\r
+ //\r
+ // Calculate Auth Variable Storage Size\r
+ //\r
+ StartPtr = GetStartPointer (NormalVarStorage);\r
+ EndPtr = GetEndPointer (NormalVarStorage);\r
+ while (StartPtr < EndPtr) {\r
+ if (StartPtr->State == VAR_ADDED) {\r
+ AuthVarStroageSize = HEADER_ALIGN (AuthVarStroageSize);\r
+ AuthVarStroageSize += sizeof (AUTHENTICATED_VARIABLE_HEADER);\r
+ AuthVarStroageSize += StartPtr->NameSize + GET_PAD_SIZE (StartPtr->NameSize);\r
+ AuthVarStroageSize += StartPtr->DataSize + GET_PAD_SIZE (StartPtr->DataSize);\r
+ }\r
+ StartPtr = GetNextVariablePtr (StartPtr);\r
+ }\r
+\r
+ //\r
+ // Allocate Runtime memory for Auth Variable Storage\r
+ //\r
+ AuthVarStorage = AllocateRuntimeZeroPool (AuthVarStroageSize);\r
+ ASSERT (AuthVarStorage != NULL);\r
+ if (AuthVarStorage == NULL) {\r
+ return NULL;\r
+ }\r
+\r
+ //\r
+ // Copy Variable from Normal storage to Auth storage\r
+ //\r
+ StartPtr = GetStartPointer (NormalVarStorage);\r
+ EndPtr = GetEndPointer (NormalVarStorage);\r
+ AuthStartPtr = (AUTHENTICATED_VARIABLE_HEADER *) GetStartPointer (AuthVarStorage);\r
+ while (StartPtr < EndPtr) {\r
+ if (StartPtr->State == VAR_ADDED) {\r
+ AuthStartPtr = (AUTHENTICATED_VARIABLE_HEADER *) HEADER_ALIGN (AuthStartPtr);\r
+ //\r
+ // Copy Variable Header\r
+ //\r
+ AuthStartPtr->StartId = StartPtr->StartId;\r
+ AuthStartPtr->State = StartPtr->State;\r
+ AuthStartPtr->Attributes = StartPtr->Attributes;\r
+ AuthStartPtr->NameSize = StartPtr->NameSize;\r
+ AuthStartPtr->DataSize = StartPtr->DataSize;\r
+ CopyGuid (&AuthStartPtr->VendorGuid, &StartPtr->VendorGuid);\r
+ //\r
+ // Copy Variable Name\r
+ //\r
+ NextPtr = (UINT8 *) (AuthStartPtr + 1);\r
+ CopyMem (NextPtr, GetVariableNamePtr (StartPtr), AuthStartPtr->NameSize);\r
+ //\r
+ // Copy Variable Data\r
+ //\r
+ NextPtr = NextPtr + AuthStartPtr->NameSize + GET_PAD_SIZE (AuthStartPtr->NameSize);\r
+ CopyMem (NextPtr, GetVariableDataPtr (StartPtr), AuthStartPtr->DataSize);\r
+ //\r
+ // Go to next variable\r
+ //\r
+ AuthStartPtr = (AUTHENTICATED_VARIABLE_HEADER *) (NextPtr + AuthStartPtr->DataSize + GET_PAD_SIZE (AuthStartPtr->DataSize));\r
+ }\r
+ StartPtr = GetNextVariablePtr (StartPtr);\r
+ }\r
+ //\r
+ // Update Auth Storage Header\r
+ //\r
+ AuthVarStorage->Format = NormalVarStorage->Format;\r
+ AuthVarStorage->State = NormalVarStorage->State;\r
+ AuthVarStorage->Size = (UINT32)((UINTN)AuthStartPtr - (UINTN)AuthVarStorage);\r
+ CopyGuid (&AuthVarStorage->Signature, &gEfiAuthenticatedVariableGuid);\r
+ ASSERT (AuthVarStorage->Size <= AuthVarStroageSize);\r
+\r
+ //\r
+ // Restore AuthFormat\r
+ //\r
+ mVariableModuleGlobal->VariableGlobal.AuthFormat = TRUE;\r
+ return AuthVarStorage;\r
+}\r
+\r
+/**\r
+ Get HOB variable store.\r
+\r
+ @param[out] VariableGuid NV variable store signature.\r
+\r
+ @retval EFI_SUCCESS Function successfully executed.\r
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.\r
+\r
+**/\r
+EFI_STATUS\r
+GetHobVariableStore (\r
+ IN EFI_GUID *VariableGuid\r
+ )\r
+{\r
+ VARIABLE_STORE_HEADER *VariableStoreHeader;\r
+ UINT64 VariableStoreLength;\r
+ EFI_HOB_GUID_TYPE *GuidHob;\r
+ BOOLEAN NeedConvertNormalToAuth;\r
+\r
+ //\r
+ // Combinations supported:\r
+ // 1. Normal NV variable store +\r
+ // Normal HOB variable store\r
+ // 2. Auth NV variable store +\r
+ // Auth HOB variable store\r
+ // 3. Auth NV variable store +\r
+ // Normal HOB variable store (code will convert it to Auth Format)\r
+ //\r
+ NeedConvertNormalToAuth = FALSE;\r
+ GuidHob = GetFirstGuidHob (VariableGuid);\r
+ if (GuidHob == NULL && VariableGuid == &gEfiAuthenticatedVariableGuid) {\r
+ //\r
+ // Try getting it from normal variable HOB\r
+ //\r
+ GuidHob = GetFirstGuidHob (&gEfiVariableGuid);\r
+ NeedConvertNormalToAuth = TRUE;\r
+ }\r
+ if (GuidHob != NULL) {\r
+ VariableStoreHeader = GET_GUID_HOB_DATA (GuidHob);\r
+ VariableStoreLength = GuidHob->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE);\r
+ if (GetVariableStoreStatus (VariableStoreHeader) == EfiValid) {\r
+ if (!NeedConvertNormalToAuth) {\r
+ mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) AllocateRuntimeCopyPool ((UINTN) VariableStoreLength, (VOID *) VariableStoreHeader);\r
+ } else {\r
+ mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) ConvertNormalVarStorageToAuthVarStorage ((VOID *) VariableStoreHeader);\r
+ }\r
+ if (mVariableModuleGlobal->VariableGlobal.HobVariableBase == 0) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ } else {\r
+ DEBUG ((EFI_D_ERROR, "HOB Variable Store header is corrupted!\n"));\r
+ }\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
\r
/**\r
Initializes variable store area for non-volatile and volatile variable.\r
{\r
EFI_STATUS Status;\r
VARIABLE_STORE_HEADER *VolatileVariableStore;\r
- VARIABLE_STORE_HEADER *VariableStoreHeader;\r
- UINT64 VariableStoreLength;\r
UINTN ScratchSize;\r
- EFI_HOB_GUID_TYPE *GuidHob;\r
EFI_GUID *VariableGuid;\r
EFI_FIRMWARE_VOLUME_HEADER *NvFvHeader;\r
\r
//\r
// Get HOB variable store.\r
//\r
- GuidHob = GetFirstGuidHob (VariableGuid);\r
- if (GuidHob != NULL) {\r
- VariableStoreHeader = GET_GUID_HOB_DATA (GuidHob);\r
- VariableStoreLength = GuidHob->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE);\r
- if (GetVariableStoreStatus (VariableStoreHeader) == EfiValid) {\r
- mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) AllocateRuntimeCopyPool ((UINTN) VariableStoreLength, (VOID *) VariableStoreHeader);\r
- if (mVariableModuleGlobal->VariableGlobal.HobVariableBase == 0) {\r
- FreePool (NvFvHeader);\r
- FreePool (mVariableModuleGlobal);\r
- return EFI_OUT_OF_RESOURCES;\r
- }\r
- } else {\r
- DEBUG ((EFI_D_ERROR, "HOB Variable Store header is corrupted!\n"));\r
- }\r
+ Status = GetHobVariableStore (VariableGuid);\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (NvFvHeader);\r
+ FreePool (mVariableModuleGlobal);\r
+ return Status;\r
}\r
\r
+ mVariableModuleGlobal->MaxVolatileVariableSize = ((PcdGet32 (PcdMaxVolatileVariableSize) != 0) ?\r
+ PcdGet32 (PcdMaxVolatileVariableSize) :\r
+ mVariableModuleGlobal->MaxVariableSize\r
+ );\r
//\r
// Allocate memory for volatile variable store, note that there is a scratch space to store scratch data.\r
//\r
- ScratchSize = GetNonVolatileMaxVariableSize ();\r
+ ScratchSize = GetMaxVariableSize ();\r
mVariableModuleGlobal->ScratchBufferSize = ScratchSize;\r
VolatileVariableStore = AllocateRuntimePool (PcdGet32 (PcdVariableStoreSize) + ScratchSize);\r
if (VolatileVariableStore == NULL) {\r
projects / mirror_edk2.git / blobdiff