From 56056c7cd8c829baa5941f5650b3739e074c7f71 Mon Sep 17 00:00:00 2001 From: qhuang8 Date: Mon, 16 Apr 2007 05:20:06 +0000 Subject: 1. UsbMassStorage: Increase the timeout of USBFloppyRead10 and USBFloppyWrite10 for data transfer. 2. PxeBc: Fix array out bound error and add code to check the validation of the IP and subnet mask addresses. 3. DxeIpl: Make sure FV HOB is not corrupted by checking FV signature. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@2570 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Usb/UsbMassStorage/Dxe/UsbMassStorageData.h | 7 +-- .../Usb/UsbMassStorage/Dxe/UsbMassStorageHelper.c | 6 +-- EdkModulePkg/Core/DxeIplPeim/DxeLoad.c | 5 +++ EdkModulePkg/Universal/Network/PxeBc/Dxe/bc.c | 52 +++++++++++++++++++--- .../Universal/Network/PxeBc/Dxe/pxe_loadfile.c | 2 +- 5 files changed, 58 insertions(+), 14 deletions(-) (limited to 'EdkModulePkg') diff --git a/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageData.h b/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageData.h index cef33bd4f5..56dbcd8e40 100644 --- a/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageData.h +++ b/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageData.h @@ -1,5 +1,5 @@ /*++ -Copyright (c) 2006, Intel Corporation +Copyright (c) 2006 - 2007, Intel Corporation All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -30,9 +30,10 @@ Revision History // // timeout unit is in millisecond. // -#define USBFLPTIMEOUT 1000 -#define STALL_1_MILLI_SECOND 1000 +#define STALL_1_MILLI_SECOND 1000 +#define USBFLPTIMEOUT STALL_1_MILLI_SECOND +#define USBDATATIMEOUT 2 * STALL_1_MILLI_SECOND // // ATAPI Packet Command // diff --git a/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageHelper.c b/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageHelper.c index eb7a8bb63a..6483601b2b 100644 --- a/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageHelper.c +++ b/EdkModulePkg/Bus/Usb/UsbMassStorage/Dxe/UsbMassStorageHelper.c @@ -1,6 +1,6 @@ /*++ -Copyright (c) 2006, Intel Corporation +Copyright (c) 2006 - 2007, Intel Corporation All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -348,7 +348,7 @@ USBFloppyRead10 ( ByteCount = SectorCount * BlockSize; - TimeOut = (UINT16) (SectorCount * USBFLPTIMEOUT); + TimeOut = (UINT16) (SectorCount * USBDATATIMEOUT); Status = USBFloppyPacketCommand ( @@ -780,7 +780,7 @@ USBFloppyWrite10 ( ByteCount = SectorCount * BlockSize; - TimeOut = (UINT16) (SectorCount * USBFLPTIMEOUT); + TimeOut = (UINT16) (SectorCount * USBDATATIMEOUT); Status = USBFloppyPacketCommand ( UsbFloppyDevice, diff --git a/EdkModulePkg/Core/DxeIplPeim/DxeLoad.c b/EdkModulePkg/Core/DxeIplPeim/DxeLoad.c index cd38a03e57..1133f62860 100644 --- a/EdkModulePkg/Core/DxeIplPeim/DxeLoad.c +++ b/EdkModulePkg/Core/DxeIplPeim/DxeLoad.c @@ -370,6 +370,11 @@ Returns: Hob.Raw = GetHobList (); while ((Hob.Raw = GetNextHob (EFI_HOB_TYPE_FV, Hob.Raw)) != NULL) { FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) (Hob.FirmwareVolume->BaseAddress); + // + // Make sure the FV HOB does not get corrupted. + // + ASSERT (FwVolHeader->Signature == EFI_FVH_SIGNATURE); + Status = PeiServicesFfsFindNextFile ( Type, FwVolHeader, diff --git a/EdkModulePkg/Universal/Network/PxeBc/Dxe/bc.c b/EdkModulePkg/Universal/Network/PxeBc/Dxe/bc.c index ec2099eb7a..251690205a 100644 --- a/EdkModulePkg/Universal/Network/PxeBc/Dxe/bc.c +++ b/EdkModulePkg/Universal/Network/PxeBc/Dxe/bc.c @@ -1950,11 +1950,14 @@ BcSetStationIP ( --*/ { EFI_PXE_BASE_CODE_MODE *PxebcMode; + EFI_STATUS StatCode; PXE_BASECODE_DEVICE *Private; + UINT32 SubnetMask; // // Lock the instance data and make sure started // + StatCode = EFI_SUCCESS; if (This == NULL) { DEBUG ((EFI_D_ERROR, "BC *This pointer == NULL")); @@ -1972,26 +1975,61 @@ BcSetStationIP ( if (This->Mode == NULL || !This->Mode->Started) { DEBUG ((EFI_D_ERROR, "BC was not started.")); - EfiReleaseLock (&Private->Lock); - return EFI_NOT_STARTED; + StatCode = EFI_NOT_STARTED; + goto RELEASE_LOCK; } PxebcMode = Private->EfiBc.Mode; - if (StationIpPtr != NULL) { - CopyMem (&PxebcMode->StationIp, StationIpPtr, sizeof (EFI_IP_ADDRESS)); - Private->GoodStationIp = TRUE; + if (!Private->GoodStationIp && ((StationIpPtr == NULL) || (SubnetMaskPtr == NULL))) { + // + // It's not allowed to only set one of the two addresses while there isn't a previous + // GOOD address configuration. + // + StatCode = EFI_INVALID_PARAMETER; + goto RELEASE_LOCK; } if (SubnetMaskPtr != NULL) { - CopyMem (&PxebcMode->SubnetMask, SubnetMaskPtr, sizeof (EFI_IP_ADDRESS)); + SubnetMask = SubnetMaskPtr->Addr[0]; + + if (SubnetMask & (SubnetMask + 1)) { + // + // the subnet mask is valid if it's with leading continuous 1 bits. + // + StatCode = EFI_INVALID_PARAMETER; + goto RELEASE_LOCK; + } + } else { + SubnetMaskPtr = &PxebcMode->SubnetMask; + SubnetMask = SubnetMaskPtr->Addr[0]; } + + if (StationIpPtr == NULL) { + StationIpPtr = &PxebcMode->StationIp; + } + + if (!IS_INADDR_UNICAST (StationIpPtr) || + ((StationIpPtr->Addr[0] | SubnetMask) == BROADCAST_IPv4)) { + // + // The station IP is not a unicast address. + // + StatCode = EFI_INVALID_PARAMETER; + goto RELEASE_LOCK; + } + + CopyMem (&PxebcMode->StationIp, StationIpPtr, sizeof (EFI_IP_ADDRESS)); + CopyMem (&PxebcMode->SubnetMask, SubnetMaskPtr, sizeof (EFI_IP_ADDRESS)); + + Private->GoodStationIp = TRUE; + +RELEASE_LOCK: // // Unlock the instance data // EfiReleaseLock (&Private->Lock); - return EFI_SUCCESS; + return StatCode; } EFI_DRIVER_BINDING_PROTOCOL gPxeBcDriverBinding = { diff --git a/EdkModulePkg/Universal/Network/PxeBc/Dxe/pxe_loadfile.c b/EdkModulePkg/Universal/Network/PxeBc/Dxe/pxe_loadfile.c index 3dceefb945..85bb8bb2bf 100644 --- a/EdkModulePkg/Universal/Network/PxeBc/Dxe/pxe_loadfile.c +++ b/EdkModulePkg/Universal/Network/PxeBc/Dxe/pxe_loadfile.c @@ -571,7 +571,7 @@ Returns: // // build menu items array // - for (Longest = NumMenuItems = Index = 0; Index < MenuLth && NumMenuItems <= MAX_MENULIST;) { + for (Longest = NumMenuItems = Index = 0; Index < MenuLth && NumMenuItems < MAX_MENULIST;) { UINTN lth; lth = Ptr.CurrentMenuItemPtr->DataLen + sizeof (*Ptr.CurrentMenuItemPtr) - sizeof (Ptr.CurrentMenuItemPtr->Data); -- cgit v1.2.3