MdeModulePkg CapsuleApp: Check capsule header before using its Flags

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
index a83ebf3d101b39dcad26839b0fc53d67be83c928..dbcffddea9ce55c70c9d8cf4fa607adbe1025f6b 100644 (file)
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
@@ -715,6 +715,40 @@ CleanGatherList (
   }\r
 }\r
 \r
+/**\r
+  Validate if it is valid capsule header\r
+\r
+  This function assumes the caller provided correct CapsuleHeader pointer\r
+  and CapsuleSize.\r
+\r
+  This function validates the fields in EFI_CAPSULE_HEADER.\r
+\r
+  @param[in] CapsuleHeader  Points to a capsule header.\r
+  @param[in] CapsuleSize    Size of the whole capsule image.\r
+\r
+**/\r
+BOOLEAN\r
+IsValidCapsuleHeader (\r
+  IN EFI_CAPSULE_HEADER     *CapsuleHeader,\r
+  IN UINT64                 CapsuleSize\r
+  )\r
+{\r
+  if (CapsuleSize < sizeof (EFI_CAPSULE_HEADER)) {\r
+    return FALSE;\r
+  }\r
+  if (CapsuleHeader->CapsuleImageSize != CapsuleSize) {\r
+    return FALSE;\r
+  }\r
+  if (CapsuleHeader->HeaderSize > CapsuleHeader->CapsuleImageSize) {\r
+    return FALSE;\r
+  }\r
+  if (CapsuleHeader->HeaderSize < sizeof (EFI_CAPSULE_HEADER)) {\r
+    return FALSE;\r
+  }\r
+\r
+  return TRUE;\r
+}\r
+\r
 /**\r
   Print APP usage.\r
 **/\r
@@ -891,6 +925,10 @@ UefiMain (
       Print(L"CapsuleApp: capsule image (%s) is not found.\n", CapsuleName);\r
       goto Done;\r
     }\r
+    if (!IsValidCapsuleHeader (CapsuleBuffer[Index], FileSize[Index])) {\r
+      Print(L"CapsuleApp: Capsule image (%s) is not a valid capsule.\n", CapsuleName);\r
+      return EFI_INVALID_PARAMETER;\r
+    }\r
   }\r
 \r
   //\r