summaryrefslogtreecommitdiff
path: root/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
diff options
context:
space:
mode:
authorczhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>2013-04-22 08:52:58 +0000
committerczhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>2013-04-22 08:52:58 +0000
commit56251c669f0f13d2ffc226cfd3a3d8c5f8269e7a (patch)
tree22364392e9453e22804f1a573a4011daf4a0ec95 /MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
parentb6d1508f17777c96287a01db36bcde2d41a27323 (diff)
downloadedk2-platforms-56251c669f0f13d2ffc226cfd3a3d8c5f8269e7a.tar.xz
Fix potential overflow for SetVariable interface
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by : Guo Dong <dong.guo@intel.com> Reviewed-by : Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14305 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c')
-rw-r--r--MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
index b83f8c9f4b..4d60da1205 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
@@ -424,6 +424,13 @@ RuntimeServiceSetVariable (
return EFI_INVALID_PARAMETER;
}
+ if ((UINTN)(~0) - StrSize (VariableName) < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + DataSize) {
+ //
+ // Prevent PayloadSize overflow
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
AcquireLockOnlyAtBootTime(&mVariableServicesLock);
//
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-05 00:49:48 +0000