From 7b0ae7e82a079fde8eef0455363725755769c332 Mon Sep 17 00:00:00 2001 From: vanjeff Date: Thu, 9 Jul 2009 08:54:39 +0000 Subject: [PATCH] add security check. update functions comments. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8832 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 2 +- MdeModulePkg/Library/DxeNetLib/NetBuffer.c | 21 ++++++++++++------- .../Universal/Network/Dhcp4Dxe/Dhcp4Option.c | 5 +++-- .../Universal/Network/Dhcp4Dxe/Dhcp4Option.h | 1 + .../Universal/Network/SnpDxe/Nvdata.c | 4 ++-- .../Network/UefiPxeBcDxe/PxeBcDhcp.c | 5 +++-- 6 files changed, 23 insertions(+), 15 deletions(-) diff --git a/IntelFrameworkModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c b/IntelFrameworkModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c index 49c7ec4ee0..2d5408abe0 100644 --- a/IntelFrameworkModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c +++ b/IntelFrameworkModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c @@ -1126,7 +1126,7 @@ UpdatePciInfo ( BarEndIndex = PCI_MAX_BAR - 1; } - if (BarIndex >= PCI_MAX_BAR) { + if (BarIndex > PCI_MAX_BAR) { Ptr++; continue; } diff --git a/MdeModulePkg/Library/DxeNetLib/NetBuffer.c b/MdeModulePkg/Library/DxeNetLib/NetBuffer.c index 3fbb6094a5..907bdfd3ea 100644 --- a/MdeModulePkg/Library/DxeNetLib/NetBuffer.c +++ b/MdeModulePkg/Library/DxeNetLib/NetBuffer.c @@ -77,7 +77,7 @@ NetbufAllocStruct ( FreeNbuf: - gBS->FreePool (Nbuf); + FreePool (Nbuf); return NULL; } @@ -132,7 +132,7 @@ NetbufAlloc ( return Nbuf; FreeNBuf: - gBS->FreePool (Nbuf); + FreePool (Nbuf); return NULL; } @@ -153,6 +153,7 @@ NetbufFreeVector ( { UINT32 Index; + ASSERT (Vector != NULL); NET_CHECK_SIGNATURE (Vector, NET_VECTOR_SIGNATURE); ASSERT (Vector->RefCnt > 0); @@ -183,7 +184,7 @@ NetbufFreeVector ( } } - gBS->FreePool (Vector); + FreePool (Vector); } @@ -205,6 +206,7 @@ NetbufFree ( IN NET_BUF *Nbuf ) { + ASSERT (Nbuf != NULL); NET_CHECK_SIGNATURE (Nbuf, NET_BUF_SIGNATURE); ASSERT (Nbuf->RefCnt > 0); @@ -216,7 +218,7 @@ NetbufFree ( // all the sharing of Nbuf increse Vector's RefCnt by one // NetbufFreeVector (Nbuf->Vector); - gBS->FreePool (Nbuf); + FreePool (Nbuf); } } @@ -685,7 +687,7 @@ NetbufGetFragment ( FreeChild: - gBS->FreePool (Child); + FreePool (Child); return NULL; } @@ -867,7 +869,9 @@ NetbufFromExt ( return Nbuf; FreeFirstBlock: - gBS->FreePool (FirstBlock); + if (FirstBlock != NULL) { + FreePool (FirstBlock); + } return NULL; } @@ -987,7 +991,7 @@ NetbufFromBufList ( } Nbuf = NetbufFromExt (Fragment, Current, HeadSpace, HeaderLen, ExtFree, Arg); - gBS->FreePool (Fragment); + FreePool (Fragment); return Nbuf; } @@ -1379,13 +1383,14 @@ NetbufQueFree ( IN NET_BUF_QUEUE *NbufQue ) { + ASSERT (NbufQue != NULL); NET_CHECK_SIGNATURE (NbufQue, NET_QUE_SIGNATURE); NbufQue->RefCnt--; if (NbufQue->RefCnt == 0) { NetbufQueFlush (NbufQue); - gBS->FreePool (NbufQue); + FreePool (NbufQue); } } diff --git a/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c b/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c index aa5009abf3..559fd9ad0e 100644 --- a/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c +++ b/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c @@ -542,6 +542,7 @@ DhcpFillOption ( @param[out] OptionPoint The array that contains the DHCP options. Caller should free it. + @retval EFI_NOT_FOUND Cannot find any option. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory to parse the packet. @retval EFI_INVALID_PARAMETER The options are mal-formated @retval EFI_SUCCESS The options are parsed into OptionPoint @@ -603,6 +604,7 @@ DhcpParseOption ( *OptionPoint = NULL; if (OptNum == 0) { + Status = EFI_NOT_FOUND; goto ON_EXIT; } @@ -673,13 +675,12 @@ DhcpValidateOptions ( if (EFI_ERROR (Status) || (Count == 0)) { return Status; } - + Updated = FALSE; ZeroMem (&Parameter, sizeof (Parameter)); for (Index = 0; Index < Count; Index++) { Option = &AllOption[Index]; - ASSERT (Option != NULL); // // Find the format of the option then validate it. diff --git a/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.h b/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.h index 3574292ff4..3685b379ef 100644 --- a/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.h +++ b/MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.h @@ -280,6 +280,7 @@ DhcpValidateOptions ( @param[out] OptionPoint The array that contains the DHCP options. Caller should free it. + @retval EFI_NOT_FOUND Cannot find any option. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory to parse the packet. @retval EFI_INVALID_PARAMETER The options are mal-formated @retval EFI_SUCCESS The options are parsed into OptionPoint diff --git a/MdeModulePkg/Universal/Network/SnpDxe/Nvdata.c b/MdeModulePkg/Universal/Network/SnpDxe/Nvdata.c index 20d5daa25c..8cd69bc37c 100644 --- a/MdeModulePkg/Universal/Network/SnpDxe/Nvdata.c +++ b/MdeModulePkg/Universal/Network/SnpDxe/Nvdata.c @@ -88,9 +88,9 @@ PxeNvDataRead ( return EFI_DEVICE_ERROR; } - ASSERT ((Offset + BufferSize) <= sizeof (Db->Data)); + ASSERT (Offset < sizeof (Db->Data)); - CopyMem (Buffer, Db->Data.Byte + Offset, BufferSize); + CopyMem (Buffer, &Db->Data.Byte[Offset], BufferSize); return EFI_SUCCESS; } diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c index c04b2032c7..15a5b26d68 100644 --- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c +++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c @@ -1715,10 +1715,10 @@ PxeBcSelectBootMenu ( } while (MenuSize > 0) { - MenuArray[Index] = MenuItem; + MenuArray[Index++] = MenuItem; MenuSize = (UINT8) (MenuSize - (MenuItem->DescLen + 3)); MenuItem = (PXEBC_BOOT_MENU_ENTRY *) ((UINT8 *) MenuItem + MenuItem->DescLen + 3); - if (Index++ > (PXEBC_MAX_MENU_NUM - 1)) { + if (Index >= PXEBC_MAX_MENU_NUM) { break; } } @@ -1738,6 +1738,7 @@ PxeBcSelectBootMenu ( TopRow = gST->ConOut->Mode->CursorRow - MenuNum; do { + ASSERT (Select < PXEBC_MAX_MENU_NUM); // // highlight selected row // -- 2.39.2