X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FVariableAuthenticated%2FEsalVariableDxeSal%2FVariable.c;fp=SecurityPkg%2FVariableAuthenticated%2FEsalVariableDxeSal%2FVariable.c;h=e098c81df31f80f49e549b04cb68ad0a9cbe8407;hp=d0269c9da744d9e8112c99d2f1ee131592bdbc3b;hb=56251c669f0f13d2ffc226cfd3a3d8c5f8269e7a;hpb=b6d1508f17777c96287a01db36bcde2d41a27323

diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c
index d0269c9da7..e098c81df3 100644
--- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c
@@ -1,7 +1,7 @@
 /** @file
   The implementation of Extended SAL variable services.
 
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -2591,6 +2591,14 @@ EsalSetVariable (
     PayloadSize = DataSize; 
   }
 
+  
+  if ((UINTN)(~0) - PayloadSize < StrSize(VariableName)){
+    //
+    // Prevent whole variable size overflow 
+    // 
+    return EFI_INVALID_PARAMETER;
+  }
+
   VariableGlobal = &Global->VariableGlobal[VirtualMode];
   Instance = Global->FvbInstance;
 
@@ -2599,8 +2607,7 @@ EsalSetVariable (
     // For variable for hardware error record, the size of the VariableName, including the Unicode Null
     // in bytes plus the DataSize is limited to maximum size of PcdGet32(PcdMaxHardwareErrorVariableSize) bytes.
     //
-    if ((PayloadSize > PcdGet32(PcdMaxHardwareErrorVariableSize)) ||                                                       
-        (sizeof (VARIABLE_HEADER) + StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxHardwareErrorVariableSize))) {
+    if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER)) {
       return EFI_INVALID_PARAMETER;
     }
     //
@@ -2616,8 +2623,7 @@ EsalSetVariable (
     // For variable not for hardware error record, the size of the VariableName, including the
     // Unicode Null in bytes plus the DataSize is limited to maximum size of PcdGet32(PcdMaxVariableSize) bytes.
     //
-    if ((PayloadSize > PcdGet32(PcdMaxVariableSize)) ||
-        (sizeof (VARIABLE_HEADER) + StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxVariableSize))) {
+    if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxVariableSize) - sizeof (VARIABLE_HEADER)) {
       return EFI_INVALID_PARAMETER;
     }  
   }