summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>2013-02-21 01:35:22 +0000
committersfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>2013-02-21 01:35:22 +0000
commitca5a7d87e372ad8897881a543cb3e2beb8b1ec01 (patch)
tree61c689c4f6dec6a3681557d5acd37983f32260a6
parentfb5278ef782a253cdb0daabe2184e165d889ce68 (diff)
downloadedk2-platforms-ca5a7d87e372ad8897881a543cb3e2beb8b1ec01.tar.xz
Add error handling code to prevent variable store corruption in release build.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14139 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c7
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c35
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h29
3 files changed, 43 insertions, 28 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 8552d31b25..6f8808a756 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -445,6 +445,10 @@ AddPubKeyInStore (
FALSE
);
ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return 0;
+ }
+
//
// Check whether the public key entry does exist.
//
@@ -492,6 +496,9 @@ AddPubKeyInStore (
FALSE
);
ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return 0;
+ }
DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index ce4f6e813e..10915e45b0 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -651,27 +651,28 @@ PubKeyStoreFilter (
If ReclaimPubKeyStore is TRUE, reclaim invalid key in public key database and update the PubKeyIndex
for all the count-based authenticate variable in NV storage.
- @param[in] VariableBase Base address of variable store.
- @param[out] LastVariableOffset Offset of last variable.
- @param[in] IsVolatile The variable store is volatile or not;
- if it is non-volatile, need FTW.
- @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure.
- @param[in] ReclaimPubKeyStore Reclaim for public key database or not.
- @param[in] ReclaimAnyway If TRUE, do reclaim anyway.
+ @param[in] VariableBase Base address of variable store.
+ @param[out] LastVariableOffset Offset of last variable.
+ @param[in] IsVolatile The variable store is volatile or not;
+ if it is non-volatile, need FTW.
+ @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure.
+ @param[in] ReclaimPubKeyStore Reclaim for public key database or not.
+ @param[in] ReclaimAnyway If TRUE, do reclaim anyway.
- @return EFI_OUT_OF_RESOURCES No enough memory resources.
@return EFI_SUCCESS Reclaim operation has finished successfully.
+ @return EFI_OUT_OF_RESOURCES No enough memory resources.
+ @return EFI_DEVICE_ERROR The public key database doesn't exist.
@return Others Unexpect error happened during reclaim operation.
**/
EFI_STATUS
Reclaim (
- IN EFI_PHYSICAL_ADDRESS VariableBase,
- OUT UINTN *LastVariableOffset,
- IN BOOLEAN IsVolatile,
- IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
- IN BOOLEAN ReclaimPubKeyStore,
- IN BOOLEAN ReclaimAnyway
+ IN EFI_PHYSICAL_ADDRESS VariableBase,
+ OUT UINTN *LastVariableOffset,
+ IN BOOLEAN IsVolatile,
+ IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
+ IN BOOLEAN ReclaimPubKeyStore,
+ IN BOOLEAN ReclaimAnyway
)
{
VARIABLE_HEADER *Variable;
@@ -809,6 +810,12 @@ Reclaim (
// Reinstall the new public key database.
//
ASSERT (PubKeyHeader != NULL);
+ if (PubKeyHeader == NULL) {
+ FreePool (ValidBuffer);
+ FreePool (NewPubKeyIndex);
+ FreePool (NewPubKeyStore);
+ return EFI_DEVICE_ERROR;
+ }
CopyMem (CurrPtr, (UINT8*) PubKeyHeader, sizeof (VARIABLE_HEADER));
Variable = (VARIABLE_HEADER*) CurrPtr;
Variable->DataSize = NewPubKeySize;
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
index 8e292f36b2..4501583648 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
@@ -381,27 +381,28 @@ VariableCommonInitialize (
If ReclaimPubKeyStore is TRUE, reclaim invalid key in public key database and update the PubKeyIndex
for all the count-based authenticate variable in NV storage.
- @param[in] VariableBase Base address of variable store.
- @param[out] LastVariableOffset Offset of last variable.
- @param[in] IsVolatile The variable store is volatile or not;
- if it is non-volatile, need FTW.
- @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure.
- @param[in] ReclaimPubKeyStore Reclaim for public key database or not.
- @param[in] ReclaimAnyway If TRUE, do reclaim anyway.
+ @param[in] VariableBase Base address of variable store.
+ @param[out] LastVariableOffset Offset of last variable.
+ @param[in] IsVolatile The variable store is volatile or not;
+ if it is non-volatile, need FTW.
+ @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure.
+ @param[in] ReclaimPubKeyStore Reclaim for public key database or not.
+ @param[in] ReclaimAnyway If TRUE, do reclaim anyway.
- @return EFI_OUT_OF_RESOURCES No enough memory resources.
@return EFI_SUCCESS Reclaim operation has finished successfully.
+ @return EFI_OUT_OF_RESOURCES No enough memory resources.
+ @return EFI_DEVICE_ERROR The public key database doesn't exist.
@return Others Unexpect error happened during reclaim operation.
**/
EFI_STATUS
Reclaim (
- IN EFI_PHYSICAL_ADDRESS VariableBase,
- OUT UINTN *LastVariableOffset,
- IN BOOLEAN IsVolatile,
- IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
- IN BOOLEAN ReclaimPubKeyStore,
- IN BOOLEAN ReclaimAnyway
+ IN EFI_PHYSICAL_ADDRESS VariableBase,
+ OUT UINTN *LastVariableOffset,
+ IN BOOLEAN IsVolatile,
+ IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
+ IN BOOLEAN ReclaimPubKeyStore,
+ IN BOOLEAN ReclaimAnyway
);
/**