From 51547bb879f66d3b4e46d69c112047d39dc234cc Mon Sep 17 00:00:00 2001
From: niruiyu <niruiyu@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Mon, 20 May 2013 07:04:56 +0000
Subject: Remove the complex buffer since the _LOCK_VARIABLE won't be allowed
 after leaving DXE phase. Add the variable name size check in the
 RequestToLock wrapper.

Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14377 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../Universal/Variable/RuntimeDxe/VariableSmm.c    | 48 ++++------------------
 1 file changed, 8 insertions(+), 40 deletions(-)

(limited to 'MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c')

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index 4009fcb171..aea9d4bcfe 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -717,48 +717,16 @@ SmmVariableHandler (
       break;
 
     case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE:
-      if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
-        DEBUG ((EFI_D_ERROR, "RequestToLock: SMM communication buffer size invalid!\n"));
-        return EFI_SUCCESS;
-      }
-      //
-      // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
-      //
-      CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
-      VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) mVariableBufferPayload;
-
-      if (VariableToLock->NameSize > MAX_ADDRESS - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
-        //
-        // Prevent InfoSize overflow happen
-        //
+      if (mEndOfDxe) {
         Status = EFI_ACCESS_DENIED;
-        goto EXIT;
+      } else {
+        VariableToLock = (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *) SmmVariableFunctionHeader->Data;
+        Status = VariableLockRequestToLock (
+                   NULL,
+                   VariableToLock->Name,
+                   &VariableToLock->Guid
+                   );
       }
-
-      if (VariableToLock->NameSize < sizeof (CHAR16) || VariableToLock->Name[VariableToLock->NameSize/sizeof (CHAR16) - 1] != L'\0') {
-        //
-        // Make sure VariableName is A Null-terminated string.
-        //
-        Status = EFI_ACCESS_DENIED;
-        goto EXIT;
-      }
-      
-      InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableToLock->NameSize;
-      
-      //
-      // SMRAM range check already covered before
-      //
-      if (InfoSize > CommBufferPayloadSize) {
-        DEBUG ((EFI_D_ERROR, "Data size exceed communication buffer size limit!\n"));
-        Status = EFI_ACCESS_DENIED;
-        goto EXIT;
-      }
-
-      Status = VariableLockRequestToLock (
-                 NULL,
-                 VariableToLock->Name,
-                 &VariableToLock->Guid
-                 );
       break;
 
     default:
-- 
cgit v1.2.3