MdePkg UefiDevicePathLib: Validate before touch input buffer.

[mirror_edk2.git] / MdePkg / Library / UefiDevicePathLib / DevicePathUtilities.c

diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
index 82419a4e1b2ae618aa061b5462e08a8e0b6d2030..bb4a56398e3c92c6b249d765d90b3144f72f492c 100644 (file)
--- a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
+++ b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
@@ -61,16 +61,18 @@ IsDevicePathValid (
 \r
   ASSERT (DevicePath != NULL);\r
 \r
-  if (MaxSize == 0){\r
+  if (MaxSize == 0) {\r
     MaxSize = MAX_UINTN;\r
   }\r
 \r
-  Size = 0;\r
-  Count = 0;\r
+  //\r
+  // Validate the input size big enough to touch the first node.\r
+  //\r
+  if (MaxSize < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {\r
+    return FALSE;\r
+  }\r
 \r
-  while (MaxSize >= sizeof (EFI_DEVICE_PATH_PROTOCOL) &&\r
-        (MaxSize - sizeof (EFI_DEVICE_PATH_PROTOCOL) >= Size) &&\r
-        !IsDevicePathEnd (DevicePath)) {\r
+  for (Count = 0, Size = 0; !IsDevicePathEnd (DevicePath); DevicePath = NextDevicePathNode (DevicePath)) {\r
     NodeLength = DevicePathNodeLength (DevicePath);\r
     if (NodeLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {\r
       return FALSE;\r
@@ -79,17 +81,21 @@ IsDevicePathValid (
     if (NodeLength > MAX_UINTN - Size) {\r
       return FALSE;\r
     }\r
-\r
     Size += NodeLength;\r
 \r
+    //\r
+    // Validate next node before touch it.\r
+    //\r
+    if (Size > MaxSize - END_DEVICE_PATH_LENGTH ) {\r
+      return FALSE;\r
+    }\r
+\r
     if (PcdGet32 (PcdMaximumDevicePathNodeCount) > 0) {\r
       Count++;\r
       if (Count >= PcdGet32 (PcdMaximumDevicePathNodeCount)) {\r
         return FALSE;\r
       }\r
     }\r
-\r
-    DevicePath = NextDevicePathNode (DevicePath);\r
   }\r
 \r
   //\r