add security check.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8680 6f19259b-4bc3-4df7-8a09-765794883524
author: vanjeff <vanjeff@6f19259b-4bc3-4df7-8a09-765794883524> 2009-06-29 09:19:25 +0000
committer: vanjeff <vanjeff@6f19259b-4bc3-4df7-8a09-765794883524> 2009-06-29 09:19:25 +0000
commit: 894d038a8d0e99d456042e2b6d1554c4a406ea70 (patch)
tree: cbce1adbcd8436ff3e73e693a0fae87ce5e7482b /MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c
parent: f2a064736dcea55b602e0e74607cb9b5b9f4a730 (diff)
download: edk2-platforms-894d038a8d0e99d456042e2b6d1554c4a406ea70.tar.xz
1 files changed, 12 insertions, 2 deletions
diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c
index ad7d139cf7..9b5080f15d 100644
--- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c
+++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c
@@ -274,6 +274,7 @@ PxeBcTryBinl (
   PXEBC_CACHED_DHCP4_PACKET *CachedPacket;
   EFI_DHCP4_PACKET          *Reply;
 
+  ASSERT (Index < PXEBC_MAX_OFFER_NUM);
   ASSERT (Private->Dhcp4Offers[Index].OfferType == DHCP4_PACKET_TYPE_BINL);
 
   Offer = &Private->Dhcp4Offers[Index].Packet.Offer;
@@ -560,6 +561,7 @@ PxeBcCacheDhcpOffer (
   }
 
   OfferType = CachedOffer->OfferType;
+  ASSERT (OfferType < DHCP4_PACKET_TYPE_MAX);
 
   if (OfferType == DHCP4_PACKET_TYPE_BOOTP) {
 
@@ -603,6 +605,7 @@ PxeBcCacheDhcpOffer (
       //
       // It's a dhcp offer with your address.
       //
+      ASSERT (Private->ServerCount[OfferType] < PXEBC_MAX_OFFER_NUM);
       Private->OfferIndex[OfferType][Private->ServerCount[OfferType]] = Private->NumOffers;
       Private->ServerCount[OfferType]++;
     }
@@ -1119,6 +1122,7 @@ PxeBcDiscvBootService (
   EFI_DHCP4_HEADER                    *DhcpHeader;
   UINT32                              Xid;
 
+  ASSERT (IsDiscv && (Layer != NULL));
 
   Mode      = Private->PxeBc.Mode;
   Dhcp4     = Private->Dhcp4;
@@ -1717,15 +1721,21 @@ PxeBcSelectBootMenu (
   MenuSize  = VendorOpt->BootMenuLen;
   MenuItem  = VendorOpt->BootMenu;
 
+  if (MenuSize == 0) {
+    return EFI_NOT_READY;
+  }
+
   while (MenuSize > 0) {
     MenuArray[Index]  = MenuItem;
     MenuSize          = (UINT8) (MenuSize - (MenuItem->DescLen + 3));
     MenuItem          = (PXEBC_BOOT_MENU_ENTRY *) ((UINT8 *) MenuItem + MenuItem->DescLen + 3);
-    Index++;
+    if (Index++ > (PXEBC_MAX_MENU_NUM - 1)) {
+      break;
+    }
   }
 
   if (UseDefaultItem) {
-    CopyMem (Type, &MenuArray[0]->Type, sizeof (UINT16));
+    *Type = MenuArray[0]->Type;
     *Type = NTOHS (*Type);
     return EFI_SUCCESS;
   }
author	vanjeff <vanjeff@6f19259b-4bc3-4df7-8a09-765794883524>	2009-06-29 09:19:25 +0000
committer	vanjeff <vanjeff@6f19259b-4bc3-4df7-8a09-765794883524>	2009-06-29 09:19:25 +0000
commit	894d038a8d0e99d456042e2b6d1554c4a406ea70 (patch)
tree	cbce1adbcd8436ff3e73e693a0fae87ce5e7482b /MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c
parent	f2a064736dcea55b602e0e74607cb9b5b9f4a730 (diff)
download	edk2-platforms-894d038a8d0e99d456042e2b6d1554c4a406ea70.tar.xz