From f22e9658954c53ebb7336de5e96492f2348dbda1 Mon Sep 17 00:00:00 2001 From: Olivier Martin Date: Thu, 2 Apr 2015 13:50:18 +0000 Subject: EmbeddedPkg/Lan9118Dxe: Fix risk of buffer overflow. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Olivier Martin Reviewed-by: Ronald Cron git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17107 6f19259b-4bc3-4df7-8a09-765794883524 --- EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'EmbeddedPkg/Drivers') diff --git a/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c b/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c index 3b7882d5d7..5b7eda65c3 100644 --- a/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c +++ b/EmbeddedPkg/Drivers/Lan9118Dxe/Lan9118Dxe.c @@ -1412,12 +1412,6 @@ SnpReceive ( PLength = GET_RXSTATUS_PACKET_LENGTH(RxFifoStatus); LanDriver->Stats.RxTotalBytes += (PLength - 4); - // Check buffer size - if (*BuffSize < PLength) { - *BuffSize = PLength; - return EFI_BUFFER_TOO_SMALL; - } - // If padding is applied, read more DWORDs if (PLength % 4) { Padding = 4 - (PLength % 4); @@ -1427,6 +1421,12 @@ SnpReceive ( Padding = 0; } + // Check buffer size + if (*BuffSize < (PLength + Padding)) { + *BuffSize = PLength + Padding; + return EFI_BUFFER_TOO_SMALL; + } + // Set the amount of data to be transfered out of FIFO for THIS packet // This can be used to trigger an interrupt, and status can be checked RxCfgValue = MmioRead32 (LAN9118_RX_CFG); -- cgit v1.2.3