summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorxli24 <xli24@6f19259b-4bc3-4df7-8a09-765794883524>2009-01-13 08:29:55 +0000
committerxli24 <xli24@6f19259b-4bc3-4df7-8a09-765794883524>2009-01-13 08:29:55 +0000
commit81464cf1067b6b1d26679b20104c665e902647c5 (patch)
tree1e8c1327e044dd3532cfb757c19badfddcfecc25
parentf8e01ca87b2cad5afb5fc9dc1af68390238e5361 (diff)
downloadedk2-platforms-81464cf1067b6b1d26679b20104c665e902647c5.tar.xz
Update for code security.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@7255 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r--MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c17
-rw-r--r--MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.h1
-rw-r--r--MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassImpl.c6
-rw-r--r--MdeModulePkg/Library/DxePlatDriOverLib/PlatDriOverLib.c2
4 files changed, 23 insertions, 3 deletions
diff --git a/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c b/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c
index 79598c5a01..3c72822a6d 100644
--- a/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c
+++ b/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c
@@ -1161,6 +1161,8 @@ KeyboardHandler (
// Handle repeat key
//
KeyDescriptor = GetKeyDescriptor (UsbKeyboardDevice, CurKeyCodeBuffer[Index]);
+ ASSERT (KeyDescriptor != NULL);
+
if (KeyDescriptor->Modifier == EFI_NUM_LOCK_MODIFIER || KeyDescriptor->Modifier == EFI_CAPS_LOCK_MODIFIER) {
//
// For NumLock or CapsLock pressed, there is no need to handle repeat key for them.
@@ -1302,6 +1304,8 @@ USBParseKey (
RemoveKeyCode (&(UsbKeyboardDevice->KeyboardBuffer), &UsbKey);
KeyDescriptor = GetKeyDescriptor (UsbKeyboardDevice, UsbKey.KeyCode);
+ ASSERT (KeyDescriptor != NULL);
+
if (!UsbKey.Down) {
//
// Key is released.
@@ -1546,6 +1550,7 @@ USBParseKey (
@retval EFI_INVALID_PARAMETER KeyCode is not in the range of 0x4 to 0x65.
@retval EFI_INVALID_PARAMETER Translated EFI_INPUT_KEY has zero for both ScanCode and UnicodeChar.
@retval EFI_NOT_READY KeyCode represents a dead key with EFI_NS_KEY_MODIFIER
+ @retval EFI_DEVICE_ERROR Keyboard layout is invalid.
**/
EFI_STATUS
@@ -1569,6 +1574,7 @@ UsbKeyCodeToEfiInputKey (
}
KeyDescriptor = GetKeyDescriptor (UsbKeyboardDevice, KeyCode);
+ ASSERT (KeyDescriptor != NULL);
if (KeyDescriptor->Modifier == EFI_NS_KEY_MODIFIER) {
//
@@ -1587,6 +1593,13 @@ UsbKeyCodeToEfiInputKey (
UsbKeyboardDevice->CurrentNsKey = NULL;
}
+ //
+ // Make sure modifier of Key Descriptor is in the valid range according to UEFI spec.
+ //
+ if (KeyDescriptor->Modifier > EFI_FUNCTION_KEY_TWELVE_MODIFIER) {
+ return EFI_DEVICE_ERROR;
+ }
+
Key->ScanCode = ModifierValueToEfiScanCodeConvertionTable[KeyDescriptor->Modifier];
Key->UnicodeChar = KeyDescriptor->Unicode;
@@ -1804,6 +1817,8 @@ InsertKeyCode (
RemoveKeyCode (KeyboardBuffer, &UsbKey);
}
+ ASSERT (KeyboardBuffer->BufferTail <= MAX_KEY_ALLOWED);
+
KeyboardBuffer->Buffer[KeyboardBuffer->BufferTail].KeyCode = Key;
KeyboardBuffer->Buffer[KeyboardBuffer->BufferTail].Down = Down;
@@ -1835,6 +1850,8 @@ RemoveKeyCode (
return EFI_DEVICE_ERROR;
}
+ ASSERT (KeyboardBuffer->BufferHead <= MAX_KEY_ALLOWED);
+
UsbKey->KeyCode = KeyboardBuffer->Buffer[KeyboardBuffer->BufferHead].KeyCode;
UsbKey->Down = KeyboardBuffer->Buffer[KeyboardBuffer->BufferHead].Down;
diff --git a/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.h b/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.h
index aab3d24e67..60ebee1daa 100644
--- a/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.h
+++ b/MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.h
@@ -161,6 +161,7 @@ USBParseKey (
@retval EFI_INVALID_PARAMETER KeyCode is not in the range of 0x4 to 0x65.
@retval EFI_INVALID_PARAMETER Translated EFI_INPUT_KEY has zero for both ScanCode and UnicodeChar.
@retval EFI_NOT_READY KeyCode represents a dead key with EFI_NS_KEY_MODIFIER
+ @retval EFI_DEVICE_ERROR Keyboard layout is invalid.
**/
EFI_STATUS
diff --git a/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassImpl.c b/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassImpl.c
index 0db4c14356..15fdad573d 100644
--- a/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassImpl.c
+++ b/MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassImpl.c
@@ -596,10 +596,10 @@ UsbMassInitMultiLun (
return EFI_SUCCESS;
ON_ERROR:
- if (UsbMass->DevicePath != NULL) {
- FreePool (UsbMass->DevicePath);
- }
if (UsbMass != NULL) {
+ if (UsbMass->DevicePath != NULL) {
+ FreePool (UsbMass->DevicePath);
+ }
FreePool (UsbMass);
}
if (UsbIo != NULL) {
diff --git a/MdeModulePkg/Library/DxePlatDriOverLib/PlatDriOverLib.c b/MdeModulePkg/Library/DxePlatDriOverLib/PlatDriOverLib.c
index 81570a2111..f2aad41e7a 100644
--- a/MdeModulePkg/Library/DxePlatDriOverLib/PlatDriOverLib.c
+++ b/MdeModulePkg/Library/DxePlatDriOverLib/PlatDriOverLib.c
@@ -1800,6 +1800,8 @@ ConnectDevicePath (
// After this call DevicePath points to the next Instance
//
Instance = GetNextDevicePathInstance (&DevicePath, &Size);
+ ASSERT (Instance != NULL);
+
Next = Instance;
while (!IsDevicePathEndType (Next)) {
Next = NextDevicePathNode (Next);