X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FVariableAuthenticated%2FRuntimeDxe%2FVariable.c;h=c84a2f62d3d70c6aa43f7df96c41fac631b59004;hp=e3fc48b497cfc64b470808d96fb78f168c3d477f;hb=6bc4e19fec00de37d760d3b79ee5341fdc989d16;hpb=d78fab6b4e9be83b781212f6a9f3fde0c092e81d

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index e3fc48b497..c84a2f62d3 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2,7 +2,7 @@
   The common variable operation routines shared by DXE_RINTIME variable
   module and DXE_SMM variable module.
 
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -2163,8 +2163,8 @@ VariableServiceSetVariable (
     // Sanity check for EFI_VARIABLE_AUTHENTICATION_2 descriptor.
     //
     if (DataSize < OFFSET_OF_AUTHINFO2_CERT_DATA ||
-    	DataSize < AUTHINFO2_SIZE (Data) ||
-    	((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+      ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength > DataSize - (OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) ||
+      ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
       return EFI_SECURITY_VIOLATION;
     }
     PayloadSize = DataSize - AUTHINFO2_SIZE (Data);