From 6e67fec07f7fe4033da696eb2d08c5617edaa590 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Fri, 16 Aug 2013 03:19:45 +0000 Subject: MdeModulePkg/SecurityPkg Variable: If a preexisting variable is rewritten with different attributes, SetVariable() shall not modify the variable and shall return EFI_INVALID_PARAMETER. Two exceptions to this rule: 1. No access attributes specified 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Liming Gao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14552 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'SecurityPkg/VariableAuthenticated/RuntimeDxe') diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index ef123d2d5c..53ef092aff 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -2831,6 +2831,16 @@ VariableServiceSetVariable ( Status = EFI_WRITE_PROTECTED; goto Done; } + if (Attributes != 0 && (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Variable.CurrPtr->Attributes) { + // + // If a preexisting variable is rewritten with different attributes, SetVariable() shall not + // modify the variable and shall return EFI_INVALID_PARAMETER. Two exceptions to this rule: + // 1. No access attributes specified + // 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE + // + Status = EFI_INVALID_PARAMETER; + goto Done; + } } // -- cgit v1.2.3