From: Fu Siyuan Date: Wed, 3 Feb 2016 07:15:20 +0000 (+0800) Subject: MdeModulePkg: Update DBsize in SNP GetStatus command. X-Git-Tag: edk2-stable201903~7899 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=f000a8c60e8ea21704789c415a7279a5ed6ecd70 MdeModulePkg: Update DBsize in SNP GetStatus command. Update the DBsize in GetStatus command to let UNDI return an array of recycled buffers. This is to make the loop at the end of PxeGetStatus() useful and to prevent buffer overflow with some non-conformant UNDI drivers which not check the value of the input DBsize in UNDI GetStatus command. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan Reviewed-by: Sriram Subramanian Reviewed-by: Laszlo Ersek Reviewed-by: Ye Ting --- diff --git a/MdeModulePkg/Universal/Network/SnpDxe/Get_status.c b/MdeModulePkg/Universal/Network/SnpDxe/Get_status.c index 8f2ab9b24a..fad2e98212 100644 --- a/MdeModulePkg/Universal/Network/SnpDxe/Get_status.c +++ b/MdeModulePkg/Universal/Network/SnpDxe/Get_status.c @@ -65,11 +65,7 @@ PxeGetStatus ( Snp->Cdb.CPBsize = PXE_CPBSIZE_NOT_USED; Snp->Cdb.CPBaddr = PXE_CPBADDR_NOT_USED; - // - // size DB for return of one buffer - // - Snp->Cdb.DBsize = (UINT16) ((sizeof (PXE_DB_GET_STATUS) - sizeof (Db->TxBuffer)) + sizeof (Db->TxBuffer[0])); - + Snp->Cdb.DBsize = (UINT16) sizeof (PXE_DB_GET_STATUS); Snp->Cdb.DBaddr = (UINT64)(UINTN) Db; Snp->Cdb.StatCode = PXE_STATCODE_INITIALIZE;