From 2788ff5116913c11e457382b42d4da19afc9e11c Mon Sep 17 00:00:00 2001 From: li-elvin Date: Wed, 9 Jun 2010 02:04:12 +0000 Subject: Fix the issue that if OEM SMBIOS data includes string, it will cause SmbiosFldMiscTypeOEM buffer overflow. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10569 6f19259b-4bc3-4df7-8a09-765794883524 --- .../ConvLib.c | 45 +++++++++++++++++++++- .../MiscConv.c | 42 ++++++++++---------- .../Thunk.h | 14 +++++++ 3 files changed, 78 insertions(+), 23 deletions(-) (limited to 'EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk') diff --git a/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/ConvLib.c b/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/ConvLib.c index 3adaeffb5d..10208cecb4 100644 --- a/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/ConvLib.c +++ b/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/ConvLib.c @@ -2,7 +2,7 @@ Common filling functions used in translating Datahub's record to PI SMBIOS's record. -Copyright (c) 2009, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -158,6 +158,49 @@ SmbiosEnlargeStructureBuffer ( return EFI_SUCCESS; } +/** + Update the structure buffer of a structure node in SMBIOS database. + The function lead the structure pointer for SMBIOS record changed. + + @param StructureNode The structure node whose structure buffer is to be enlarged. + @param NewRecord The new SMBIOS record. + +**/ +VOID +SmbiosUpdateStructureBuffer ( + IN OUT SMBIOS_STRUCTURE_NODE *StructureNode, + IN EFI_SMBIOS_TABLE_HEADER *NewRecord + ) +{ + EFI_SMBIOS_PROTOCOL *Smbios; + EFI_STATUS Status; + UINT8 CountOfString; + + Smbios = GetSmbiosProtocol(); + ASSERT (Smbios != NULL); + + Status = Smbios->Remove (Smbios, StructureNode->SmbiosHandle); + ASSERT_EFI_ERROR (Status); + + // + // try to use original handle to enlarge the buffer. + // + Status = Smbios->Add (Smbios, NULL, &StructureNode->SmbiosHandle, NewRecord); + ASSERT_EFI_ERROR (Status); + + StructureNode->Structure = GetSmbiosBufferFromHandle ( + StructureNode->SmbiosHandle, + StructureNode->SmbiosType, + NULL + ); + GetSmbiosStructureSize ( + StructureNode->Structure, + &StructureNode->StructureSize, + &CountOfString + ); + return ; +} + /** Fill a standard Smbios string field. diff --git a/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/MiscConv.c b/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/MiscConv.c index 3358a96672..5c62cc6b53 100644 --- a/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/MiscConv.c +++ b/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/MiscConv.c @@ -2391,30 +2391,28 @@ SmbiosFldMiscTypeOEM ( ASSERT_EFI_ERROR (Status); if (StructureSize < RecordDataSize) { - Status = SmbiosEnlargeStructureBuffer ( - StructureNode, - ((EFI_SMBIOS_TABLE_HEADER *)RecordData)->Length, - StructureSize, - RecordDataSize - ); - if (EFI_ERROR (Status)) { - return Status; - } + // + // Create new SMBIOS table entry + // + SmbiosUpdateStructureBuffer ( + StructureNode, + RecordData + ); + } else { + // + // Copy the entire data (including the Smbios structure header), + // but preserve the handle that is already allocated. + // + Handle = StructureNode->Structure->Handle; + CopyMem ( + StructureNode->Structure, + RecordData, + RecordDataSize + ); + StructureNode->Structure->Handle = Handle; + StructureNode->StructureSize = RecordDataSize; } - // - // Copy the entire data (including the Smbios structure header), - // but preserve the handle that is already allocated. - // - Handle = StructureNode->Structure->Handle; - CopyMem ( - StructureNode->Structure, - RecordData, - RecordDataSize - ); - StructureNode->Structure->Handle = Handle; - StructureNode->StructureSize = RecordDataSize; - if (NewRecordData != NULL) { FreePool (NewRecordData); } diff --git a/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/Thunk.h b/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/Thunk.h index a35db23370..a2f477dafa 100644 --- a/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/Thunk.h +++ b/EdkCompatibilityPkg/Compatibility/PiSmbiosRecordOnDataHubSmbiosRecordThunk/Thunk.h @@ -264,6 +264,20 @@ SmbiosEnlargeStructureBuffer ( UINTN NewBufferSize ); +/** + Update the structure buffer of a structure node in SMBIOS database. + The function lead the structure pointer for SMBIOS record changed. + + @param StructureNode The structure node whose structure buffer is to be enlarged. + @param NewRecord The new SMBIOS record. + +**/ +VOID +SmbiosUpdateStructureBuffer ( + IN OUT SMBIOS_STRUCTURE_NODE *StructureNode, + IN EFI_SMBIOS_TABLE_HEADER *NewRecord + ); + /** Fill a standard Smbios string field. -- cgit v1.2.3