SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;\r
UINTN SmmCommBufPayloadSize;\r
UINTN TempDataSize;\r
+ UINTN VariableNameSize;\r
\r
if (VariableName == NULL || VendorGuid == NULL || DataSize == NULL) {\r
return EFI_INVALID_PARAMETER;\r
//\r
SmmCommBufPayloadSize = mVariableBufferSize - (SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE);\r
TempDataSize = *DataSize;\r
+ VariableNameSize = StrSize (VariableName);\r
\r
//\r
// If VariableName exceeds SMM payload limit. Return failure\r
//\r
- if (StrSize (VariableName) > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
+ if (VariableNameSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// Init the communicate buffer. The buffer data size is:\r
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.\r
//\r
- if (TempDataSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - StrSize (VariableName)) {\r
+ if (TempDataSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize) {\r
//\r
// If output data buffer exceed SMM payload limit. Trim output buffer to SMM payload size\r
//\r
- TempDataSize = SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - StrSize (VariableName);\r
+ TempDataSize = SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize;\r
}\r
- PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + StrSize (VariableName) + TempDataSize;\r
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + VariableNameSize + TempDataSize;\r
\r
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize, SMM_VARIABLE_FUNCTION_GET_VARIABLE);\r
if (EFI_ERROR (Status)) {\r
\r
CopyGuid (&SmmVariableHeader->Guid, VendorGuid);\r
SmmVariableHeader->DataSize = TempDataSize;\r
- SmmVariableHeader->NameSize = StrSize (VariableName);\r
+ SmmVariableHeader->NameSize = VariableNameSize;\r
if (Attributes == NULL) {\r
SmmVariableHeader->Attributes = 0;\r
} else {\r
UINTN PayloadSize;\r
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *SmmGetNextVariableName;\r
UINTN SmmCommBufPayloadSize;\r
+ UINTN OutVariableNameSize;\r
+ UINTN InVariableNameSize;\r
\r
if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {\r
return EFI_INVALID_PARAMETER;\r
// SMM Communication Buffer max payload size\r
//\r
SmmCommBufPayloadSize = mVariableBufferSize - (SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE);\r
+ OutVariableNameSize = *VariableNameSize;\r
+ InVariableNameSize = StrSize (VariableName);\r
\r
//\r
// If input string exceeds SMM payload limit. Return failure\r
//\r
- if (StrSize (VariableName) > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
+ if (InVariableNameSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// Init the communicate buffer. The buffer data size is:\r
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.\r
//\r
- if (*VariableNameSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
+ if (OutVariableNameSize > SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {\r
//\r
// If output buffer exceed SMM payload limit. Trim output buffer to SMM payload size\r
//\r
- *VariableNameSize = SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);\r
+ OutVariableNameSize = SmmCommBufPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);\r
}\r
//\r
// Payload should be Guid + NameSize + MAX of Input & Output buffer\r
//\r
- PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + MAX (*VariableNameSize, StrSize (VariableName));\r
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + MAX (OutVariableNameSize, InVariableNameSize);\r
\r
Status = InitCommunicateBuffer ((VOID **)&SmmGetNextVariableName, PayloadSize, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME);\r
if (EFI_ERROR (Status)) {\r
//\r
// SMM comm buffer->NameSize is buffer size for return string\r
//\r
- SmmGetNextVariableName->NameSize = *VariableNameSize;\r
+ SmmGetNextVariableName->NameSize = OutVariableNameSize;\r
\r
CopyGuid (&SmmGetNextVariableName->Guid, VendorGuid);\r
//\r
// Copy whole string\r
//\r
- CopyMem (SmmGetNextVariableName->Name, VariableName, StrSize (VariableName));\r
+ CopyMem (SmmGetNextVariableName->Name, VariableName, InVariableNameSize);\r
+ if (OutVariableNameSize > InVariableNameSize) {\r
+ ZeroMem ((UINT8 *) SmmGetNextVariableName->Name + InVariableNameSize, OutVariableNameSize - InVariableNameSize);\r
+ }\r
\r
//\r
// Send data to SMM\r
//\r
// Get data from SMM.\r
//\r
- *VariableNameSize = SmmGetNextVariableName->NameSize; \r
+ if (Status == EFI_SUCCESS || Status == EFI_BUFFER_TOO_SMALL) {\r
+ //\r
+ // SMM CommBuffer NameSize can be a trimed value\r
+ // Only update VariableNameSize when needed\r
+ //\r
+ *VariableNameSize = SmmGetNextVariableName->NameSize;\r
+ }\r
if (EFI_ERROR (Status)) {\r
goto Done;\r
}\r
EFI_STATUS Status;\r
UINTN PayloadSize; \r
SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;\r
+ UINTN VariableNameSize;\r
\r
//\r
// Check input parameters.\r
//\r
return EFI_INVALID_PARAMETER;\r
}\r
+ VariableNameSize = StrSize (VariableName);\r
\r
- if ((UINTN)(~0) - StrSize (VariableName) < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + DataSize) {\r
+ if ((UINTN)(~0) - VariableNameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + DataSize) {\r
//\r
// Prevent PayloadSize overflow\r
//\r
// Init the communicate buffer. The buffer data size is:\r
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.\r
//\r
- PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + StrSize (VariableName) + DataSize;\r
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + VariableNameSize + DataSize;\r
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize, SMM_VARIABLE_FUNCTION_SET_VARIABLE);\r
if (EFI_ERROR (Status)) {\r
goto Done;\r
\r
CopyGuid ((EFI_GUID *) &SmmVariableHeader->Guid, VendorGuid);\r
SmmVariableHeader->DataSize = DataSize;\r
- SmmVariableHeader->NameSize = StrSize (VariableName);\r
+ SmmVariableHeader->NameSize = VariableNameSize;\r
SmmVariableHeader->Attributes = Attributes;\r
CopyMem (SmmVariableHeader->Name, VariableName, SmmVariableHeader->NameSize);\r
CopyMem ((UINT8 *) SmmVariableHeader->Name + SmmVariableHeader->NameSize, Data, DataSize);\r