)\r
{\r
EFI_STATUS Status;\r
+ UINTN VariableNameSize;\r
UINTN PayloadSize;\r
SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ VariableNameSize = StrSize (VariableName);\r
+\r
+ //\r
+ // If VariableName exceeds SMM payload limit. Return failure\r
+ //\r
+ if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
AcquireLockOnlyAtBootTime(&mVariableServicesLock);\r
\r
//\r
// Init the communicate buffer. The buffer data size is:\r
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.\r
//\r
- PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + StrSize (VariableName);\r
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableNameSize;\r
Status = InitCommunicateBuffer ((VOID **) &VariableToLock, PayloadSize, SMM_VARIABLE_FUNCTION_LOCK_VARIABLE);\r
if (EFI_ERROR (Status)) {\r
goto Done;\r
ASSERT (VariableToLock != NULL);\r
\r
CopyGuid (&VariableToLock->Guid, VendorGuid);\r
- VariableToLock->NameSize = StrSize (VariableName);\r
+ VariableToLock->NameSize = VariableNameSize;\r
CopyMem (VariableToLock->Name, VariableName, VariableToLock->NameSize);\r
\r
//\r