From 6bc4e19fec00de37d760d3b79ee5341fdc989d16 Mon Sep 17 00:00:00 2001 From: sfu5 Date: Mon, 26 Mar 2012 01:43:45 +0000 Subject: [PATCH 1/1] 1. Update AuthVarialbe driver to avoid integer overflow when using EFI_VARIABLE_AUTHENTICATION_2 descriptor. Signed-off-by: sfu5 Reviewed-by: tye Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13120 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index e3fc48b497..c84a2f62d3 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -2,7 +2,7 @@ The common variable operation routines shared by DXE_RINTIME variable module and DXE_SMM variable module. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -2163,8 +2163,8 @@ VariableServiceSetVariable ( // Sanity check for EFI_VARIABLE_AUTHENTICATION_2 descriptor. // if (DataSize < OFFSET_OF_AUTHINFO2_CERT_DATA || - DataSize < AUTHINFO2_SIZE (Data) || - ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) { + ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength > DataSize - (OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) || + ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) { return EFI_SECURITY_VIOLATION; } PayloadSize = DataSize - AUTHINFO2_SIZE (Data); -- 2.39.2