From d9c640b9282dd3a6ee45bc5886e7d5b0e586c95d Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Fri, 13 Jul 2018 15:50:16 +0800 Subject: [PATCH] MdeModulePkg CapsuleApp: Check capsule header before using its Flags Cc: Michael D Kinney Cc: Jiewen Yao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng Reviewed-by: Jiewen Yao --- .../Application/CapsuleApp/CapsuleApp.c | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c index a83ebf3d10..dbcffddea9 100644 --- a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c @@ -715,6 +715,40 @@ CleanGatherList ( } } +/** + Validate if it is valid capsule header + + This function assumes the caller provided correct CapsuleHeader pointer + and CapsuleSize. + + This function validates the fields in EFI_CAPSULE_HEADER. + + @param[in] CapsuleHeader Points to a capsule header. + @param[in] CapsuleSize Size of the whole capsule image. + +**/ +BOOLEAN +IsValidCapsuleHeader ( + IN EFI_CAPSULE_HEADER *CapsuleHeader, + IN UINT64 CapsuleSize + ) +{ + if (CapsuleSize < sizeof (EFI_CAPSULE_HEADER)) { + return FALSE; + } + if (CapsuleHeader->CapsuleImageSize != CapsuleSize) { + return FALSE; + } + if (CapsuleHeader->HeaderSize > CapsuleHeader->CapsuleImageSize) { + return FALSE; + } + if (CapsuleHeader->HeaderSize < sizeof (EFI_CAPSULE_HEADER)) { + return FALSE; + } + + return TRUE; +} + /** Print APP usage. **/ @@ -891,6 +925,10 @@ UefiMain ( Print(L"CapsuleApp: capsule image (%s) is not found.\n", CapsuleName); goto Done; } + if (!IsValidCapsuleHeader (CapsuleBuffer[Index], FileSize[Index])) { + Print(L"CapsuleApp: Capsule image (%s) is not a valid capsule.\n", CapsuleName); + return EFI_INVALID_PARAMETER; + } } // -- 2.39.2