Add error handling code to prevent variable store corruption in release build.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14139 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 8552d31b252f9f30b8d6000740425753912f0d3f..6f8808a756f67d8c036db67e436465f2a1b80221 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -445,6 +445,10 @@ AddPubKeyInStore (
              FALSE\r
              );\r
   ASSERT_EFI_ERROR (Status);\r
+  if (EFI_ERROR (Status)) {\r
+    return 0;\r
+  }\r
+\r
   //\r
   // Check whether the public key entry does exist.\r
   //\r
@@ -492,6 +496,9 @@ AddPubKeyInStore (
                  FALSE\r
                  );\r
       ASSERT_EFI_ERROR (Status);\r
+      if (EFI_ERROR (Status)) {\r
+        return 0;\r
+      }\r
 \r
       DataSize  = DataSizeOfVariable (Variable.CurrPtr);\r
       Data      = GetVariableDataPtr (Variable.CurrPtr);\r

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index ce4f6e813ef833b800ac3223b8f6459cd6746bd0..10915e45b0f55151f6fc275ff028115ec314a3a8 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -651,27 +651,28 @@ PubKeyStoreFilter (
   If ReclaimPubKeyStore is TRUE, reclaim invalid key in public key database and update the PubKeyIndex\r
   for all the count-based authenticate variable in NV storage.\r
 \r
-  @param[in]   VariableBase            Base address of variable store.\r
-  @param[out]  LastVariableOffset      Offset of last variable.\r
-  @param[in]   IsVolatile              The variable store is volatile or not;\r
-                                       if it is non-volatile, need FTW.\r
-  @param[in, out] UpdatingPtrTrack     Pointer to updating variable pointer track structure.\r
-  @param[in]   ReclaimPubKeyStore      Reclaim for public key database or not.\r
-  @param[in]   ReclaimAnyway           If TRUE, do reclaim anyway.\r
+  @param[in]      VariableBase            Base address of variable store.\r
+  @param[out]     LastVariableOffset      Offset of last variable.\r
+  @param[in]      IsVolatile              The variable store is volatile or not;\r
+                                          if it is non-volatile, need FTW.\r
+  @param[in, out] UpdatingPtrTrack        Pointer to updating variable pointer track structure.\r
+  @param[in]      ReclaimPubKeyStore      Reclaim for public key database or not.\r
+  @param[in]      ReclaimAnyway           If TRUE, do reclaim anyway.\r
   \r
-  @return EFI_OUT_OF_RESOURCES         No enough memory resources.\r
   @return EFI_SUCCESS                  Reclaim operation has finished successfully.\r
+  @return EFI_OUT_OF_RESOURCES         No enough memory resources.\r
+  @return EFI_DEVICE_ERROR             The public key database doesn't exist.\r
   @return Others                       Unexpect error happened during reclaim operation.\r
 \r
 **/\r
 EFI_STATUS\r
 Reclaim (\r
-  IN  EFI_PHYSICAL_ADDRESS  VariableBase,\r
-  OUT UINTN                 *LastVariableOffset,\r
-  IN  BOOLEAN               IsVolatile,\r
-  IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,\r
-  IN  BOOLEAN               ReclaimPubKeyStore,\r
-  IN  BOOLEAN               ReclaimAnyway\r
+  IN     EFI_PHYSICAL_ADDRESS         VariableBase,\r
+  OUT    UINTN                        *LastVariableOffset,\r
+  IN     BOOLEAN                      IsVolatile,\r
+  IN OUT VARIABLE_POINTER_TRACK       *UpdatingPtrTrack,\r
+  IN     BOOLEAN                      ReclaimPubKeyStore,\r
+  IN     BOOLEAN                      ReclaimAnyway\r
   )\r
 {\r
   VARIABLE_HEADER       *Variable;\r
@@ -809,6 +810,12 @@ Reclaim (
     // Reinstall the new public key database.\r
     //\r
     ASSERT (PubKeyHeader != NULL);\r
+    if (PubKeyHeader == NULL) {\r
+      FreePool (ValidBuffer);\r
+      FreePool (NewPubKeyIndex);\r
+      FreePool (NewPubKeyStore);\r
+      return EFI_DEVICE_ERROR;\r
+    }\r
     CopyMem (CurrPtr, (UINT8*) PubKeyHeader, sizeof (VARIABLE_HEADER));\r
     Variable = (VARIABLE_HEADER*) CurrPtr;\r
     Variable->DataSize = NewPubKeySize;\r

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
index 8e292f36b21968ef24aad63ad255c281d6502e78..45015836484d7a9c9b59c518622dd5242228d2ac 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
@@ -381,27 +381,28 @@ VariableCommonInitialize (
   If ReclaimPubKeyStore is TRUE, reclaim invalid key in public key database and update the PubKeyIndex\r
   for all the count-based authenticate variable in NV storage.\r
 \r
-  @param[in]   VariableBase            Base address of variable store.\r
-  @param[out]  LastVariableOffset      Offset of last variable.\r
-  @param[in]   IsVolatile              The variable store is volatile or not;\r
-                                       if it is non-volatile, need FTW.\r
-  @param[in, out] UpdatingPtrTrack     Pointer to updating variable pointer track structure.\r
-  @param[in]   ReclaimPubKeyStore      Reclaim for public key database or not.\r
-  @param[in]   ReclaimAnyway           If TRUE, do reclaim anyway.\r
+  @param[in]      VariableBase            Base address of variable store.\r
+  @param[out]     LastVariableOffset      Offset of last variable.\r
+  @param[in]      IsVolatile              The variable store is volatile or not;\r
+                                          if it is non-volatile, need FTW.\r
+  @param[in, out] UpdatingPtrTrack        Pointer to updating variable pointer track structure.\r
+  @param[in]      ReclaimPubKeyStore      Reclaim for public key database or not.\r
+  @param[in]      ReclaimAnyway           If TRUE, do reclaim anyway.\r
   \r
-  @return EFI_OUT_OF_RESOURCES         No enough memory resources.\r
   @return EFI_SUCCESS                  Reclaim operation has finished successfully.\r
+  @return EFI_OUT_OF_RESOURCES         No enough memory resources.\r
+  @return EFI_DEVICE_ERROR             The public key database doesn't exist.\r
   @return Others                       Unexpect error happened during reclaim operation.\r
 \r
 **/\r
 EFI_STATUS\r
 Reclaim (\r
-  IN  EFI_PHYSICAL_ADDRESS  VariableBase,\r
-  OUT UINTN                 *LastVariableOffset,\r
-  IN  BOOLEAN               IsVolatile,\r
-  IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,\r
-  IN  BOOLEAN               ReclaimPubKeyStore,\r
-  IN  BOOLEAN               ReclaimAnyway\r
+  IN     EFI_PHYSICAL_ADDRESS         VariableBase,\r
+  OUT    UINTN                        *LastVariableOffset,\r
+  IN     BOOLEAN                      IsVolatile,\r
+  IN OUT VARIABLE_POINTER_TRACK       *UpdatingPtrTrack,\r
+  IN     BOOLEAN                      ReclaimPubKeyStore,\r
+  IN     BOOLEAN                      ReclaimAnyway\r
   );\r
 \r
 /**\r