git.proxmox.com Git - mirror_edk2.git/commit - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c

]> git.proxmox.com Git - mirror_edk2.git/commit - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c

author	lzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524>
	Mon, 8 Apr 2013 06:56:08 +0000 (06:56 +0000)
committer	lzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524>
	Mon, 8 Apr 2013 06:56:08 +0000 (06:56 +0000)
commit	3588bb3529537b2f840f4aa5dd57d65fbfef455d
tree	41fdda41054b876a2d10b8cb596c156aebc9a9f7	tree
parent	7a4d52add105b1af8d414ed7db2fc6bd94d69dcd	commit \| diff

If DataSize or VariableNameSize is near MAX_ADDRESS, this can cause the computed PayLoadSize to overflow to a small value and pass the check in InitCommunicateBuffer(). To protect against this vulnerability, check DataSize and VariableNameSize to make sure PayloadSize doesn't overflow.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14252 6f19259b-4bc3-4df7-8a09-765794883524

EFI Development Kit II mirror for PVE

RSS Atom

MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c		diff \| blob \| blame \| history
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c		diff \| blob \| blame \| history
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c		diff \| blob \| blame \| history
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c		diff \| blob \| blame \| history