diff options
| author | oliviermartin <oliviermartin@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-12-13 09:42:36 +0000 |
|---|---|---|
| committer | oliviermartin <oliviermartin@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-12-13 09:42:36 +0000 |
| commit | 4d832aabbf0e917d1e66e78f3954d4bd46aa50e0 (patch) | |
| tree | 54c0dcceff3d355a861113f58dbc63c5d34269a7 /SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c | |
| parent | 3aa1ff61b29f0d2da5d920b70eee576f3680561c (diff) | |
| download | edk2-platforms-4d832aabbf0e917d1e66e78f3954d4bd46aa50e0.tar.xz | |
SecurityPkg/VariableAuthenticated: Check if there is a NV Variable Storage header prior to use its attributes
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of
EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at
the base address.
In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength'
is a non valid value that can lead to a non valid physical address when accessing produces an
access error.
Signed-off-by: oliviermartin
Reviewed-by: rsun3
Reviewed-by: niruiyu
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c')
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index 7d0d21502a..e3fc48b497 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -1157,7 +1157,7 @@ VariableGetBestLanguage ( **/
VOID
-AutoUpdateLangVariable(
+AutoUpdateLangVariable (
IN CHAR16 *VariableName,
IN VOID *Data,
IN UINTN DataSize
@@ -2616,6 +2616,17 @@ VariableCommonInitialize ( if (TempVariableStoreHeader == 0) {
TempVariableStoreHeader = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase);
}
+
+ //
+ // Check if the Firmware Volume is not corrupted
+ //
+ if ((((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)(TempVariableStoreHeader))->Signature != EFI_FVH_SIGNATURE) ||
+ (!CompareGuid (&gEfiSystemNvDataFvGuid, &((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)(TempVariableStoreHeader))->FileSystemGuid))) {
+ Status = EFI_VOLUME_CORRUPTED;
+ DEBUG ((EFI_D_ERROR, "Firmware Volume for Variable Store is corrupted\n"));
+ goto Done;
+ }
+
VariableStoreBase = TempVariableStoreHeader + \
(((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)(TempVariableStoreHeader)) -> HeaderLength);
VariableStoreLength = (UINT64) PcdGet32 (PcdFlashNvStorageVariableSize) - \
|