The common variable operation routines shared by DXE_RUNTIME variable \r
module and DXE_SMM variable module.\r
\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable data. They may be input in SMM mode.\r
+ This external input must be validated carefully to avoid security issue like\r
+ buffer overflow, integer overflow.\r
+\r
+ VariableServiceGetNextVariableName () and VariableServiceQueryVariableInfo() are external API.\r
+ They need check input parameter.\r
+\r
+ VariableServiceGetVariable() and VariableServiceSetVariable() are external API\r
+ to receive datasize and data buffer. The size should be checked carefully.\r
+\r
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
\r
This code finds variable in storage blocks (Volatile or Non-Volatile).\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize is external input.\r
+ This function will do basic validation, before parse the data.\r
+\r
@param VariableName Name of Variable to be found.\r
@param VendorGuid Variable vendor GUID.\r
@param Attributes Attribute value of the variable found.\r
\r
This code Finds the Next available variable.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode. This function will do basic validation, before parse the data.\r
+\r
@param VariableNameSize Size of the variable name.\r
@param VariableName Pointer to variable name.\r
@param VendorGuid Variable Vendor Guid.\r
\r
This code sets variable in storage blocks (Volatile or Non-Volatile).\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+\r
@param VariableName Name of Variable to be found.\r
@param VendorGuid Variable vendor GUID.\r
@param Attributes Attribute value of the variable found\r
\r
This code returns information about the EFI variables.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode. This function will do basic validation, before parse the data.\r
+\r
@param Attributes Attributes bitmask to specify the type of variables\r
on which to return information.\r
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available\r
\r
This code returns information about the EFI variables.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode. This function will do basic validation, before parse the data.\r
+\r
@param Attributes Attributes bitmask to specify the type of variables\r
on which to return information.\r
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available\r
\r
/**\r
This function reclaims variable storage if free size is below the threshold.\r
- \r
+\r
+ Caution: This function may be invoked at SMM mode.\r
+ Care must be taken to make sure not security issue.\r
+\r
**/\r
VOID\r
ReclaimForOS(\r
and volatile storage space and install variable architecture protocol\r
based on SMM variable module.\r
\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable data.\r
+ This external input must be validated carefully to avoid security issue like\r
+ buffer overflow, integer overflow.\r
+\r
+ RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API\r
+ to receive data buffer. The size should be checked carefully.\r
+\r
+ InitCommunicateBuffer() is really function to check the variable data size.\r
+\r
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +\r
DataSize.\r
\r
+ Caution: This function may receive untrusted input.\r
+ The data size external input, so this function will validate it carefully to avoid buffer overflow.\r
+\r
@param[out] DataPtr Points to the data in the communicate buffer.\r
@param[in] DataSize The data size to send to SMM.\r
@param[in] Function The function number to initialize the communicate header.\r
/**\r
This code finds variable in storage blocks (Volatile or Non-Volatile).\r
\r
+ Caution: This function may receive untrusted input.\r
+ The data size is external input, so this function will validate it carefully to avoid buffer overflow.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[out] Attributes Attribute value of the variable found.\r
/**\r
This code sets variable in storage blocks (Volatile or Non-Volatile).\r
\r
+ Caution: This function may receive untrusted input.\r
+ The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Attributes Attribute value of the variable found\r