From: Chao, Zhang Date: Wed, 22 Oct 2014 07:30:22 +0000 (+0000) Subject: Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow... X-Git-Tag: edk2-stable201903~10783 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=36bdec3cd94346c9ccae4df02ae5890409498cf8;hp=0414ec24bad8adf62982fe2c15d7f55a7a0fda6b Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow issue. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao, Zhang Reviewed-by: Yao, Jiewen git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 49d7648f66..566c5e29a7 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -7,6 +7,10 @@ This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow. Variable attribute should also be checked to avoid authentication bypass. + The whole SMM authentication variable design relies on the integrity of flash part and SMM. + which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory + may not be modified without authorization. If platform fails to protect these resources, + the authentication service provided in this driver will be broken, and the behavior is undefined. ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do variable authentication. @@ -251,6 +255,10 @@ AutenticatedVariableServiceInitialize ( DataSize = DataSizeOfVariable (Variable.CurrPtr); Data = GetVariableDataPtr (Variable.CurrPtr); ASSERT ((DataSize != 0) && (Data != NULL)); + // + // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) + // Therefore, there is no memory overflow in underlying CopyMem. + // CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize); mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE); } @@ -564,6 +572,10 @@ AddPubKeyInStore ( DataSize = DataSizeOfVariable (Variable.CurrPtr); Data = GetVariableDataPtr (Variable.CurrPtr); ASSERT ((DataSize != 0) && (Data != NULL)); + // + // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) + // Therefore, there is no memory overflow in underlying CopyMem. + // CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize); mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE); diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h index 6ebc777075..0e57c5b5e5 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h @@ -2,6 +2,16 @@ The internal header file includes the common header files, defines internal structure and functions used by AuthService module. + Caution: This module requires additional review when modified. + This driver will have external input - variable data. It may be input in SMM mode. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + Variable attribute should also be checked to avoid authentication bypass. + The whole SMM authentication variable design relies on the integrity of flash part and SMM. + which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory + may not be modified without authorization. If platform fails to protect these resources, + the authentication service provided in this driver will be broken, and the behavior is undefined. + Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf index 279a9248e2..1987764d80 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf @@ -13,6 +13,10 @@ # This driver will have external input - variable data and communicate buffer in SMM mode. # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. +# The whole SMM authentication variable design relies on the integrity of flash part and SMM. +# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory +# may not be modified without authorization. If platform fails to protect these resources, +# the authentication service provided in this driver will be broken, and the behavior is undefined. # # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf index f0dfa89810..ca60274339 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -8,6 +8,10 @@ # This driver will have external input - variable data. # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. +# The whole SMM authentication variable design relies on the integrity of flash part and SMM. +# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory +# may not be modified without authorization. If platform fails to protect these resources, +# the authentication service provided in this driver will be broken, and the behavior is undefined. # # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials