Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
HI Hao: I think the patch is to complete the security check both in info and code logic to ValidateCapsuleNameCapsuleIntegrity . It is OK to keep it in one patch. From: Wu, Hao A Sent: Friday, June 28, 2019 8:54 AM To: Xu, Wei6 ; devel@edk2.groups.io Cc: Wang, Jian J ; Zhang, Chao B Subject: RE: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check. > -Original Message- > From: Xu, Wei6 > Sent: Friday, June 28, 2019 12:26 AM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B > Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add > missing NULL pointer check. > > Add missing NULL pointer check for CapsuleNameBufStart. > Also add comments to notice that capsule name integrity check assumes > the capsule has been validated by IsValidCapsuleHeader(). The patch is doing 2 things. Please help to split it into 2 commits. With this handled, Reviewed-by: Hao A Wu mailto:hao.a...@intel.com>> Best Regards, Hao Wu > > Cc: Jian J Wang mailto:jian.j.w...@intel.com>> > Cc: Hao A Wu mailto:hao.a...@intel.com>> > Cc: Chao B Zhang mailto:chao.b.zh...@intel.com>> > Signed-off-by: Wei6 Xu mailto:wei6...@intel.com>> > --- > MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++ > 1 file changed, 6 insertions(+) > > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > index 66c9be8e1f..3193ca8f4d 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > @@ -23,10 +23,13 @@ IsCapsuleNameCapsule ( > > /** >Check the integrity of the capsule name capsule. >If the capsule is vaild, return the physical address of each capsule name > string. > > + This routine assumes the capsule has been validated by > IsValidCapsuleHeader(), so > + capsule memory overflow is not going to happen in this routine. > + >@param[in] CapsuleHeader Pointer to the capsule header of a capsule > name capsule. >@param[out] CapsuleNameNum Number of capsule name. > >@retval NULLCapsule name capsule is not valid. >@retval CapsuleNameBuf Array of capsule name physical address. > @@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity ( >// >// If strings are not aligned on a 16-bit boundary, reallocate memory for > it. >// >if (((UINTN) CapsuleNameBufStart & BIT0) != 0) { > CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader- > >CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart); > +if (CapsuleNameBufStart == NULL) { > + return NULL; > +} >} > >CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader- > >CapsuleImageSize - CapsuleHeader->HeaderSize; > >CapsuleNamePtr = CapsuleNameBufStart; > -- > 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42952): https://edk2.groups.io/g/devel/message/42952 Mute This Topic: https://groups.io/mt/32232931/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
> -Original Message- > From: Xu, Wei6 > Sent: Friday, June 28, 2019 12:26 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B > Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add > missing NULL pointer check. > > Add missing NULL pointer check for CapsuleNameBufStart. > Also add comments to notice that capsule name integrity check assumes > the capsule has been validated by IsValidCapsuleHeader(). The patch is doing 2 things. Please help to split it into 2 commits. With this handled, Reviewed-by: Hao A Wu Best Regards, Hao Wu > > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Chao B Zhang > Signed-off-by: Wei6 Xu > --- > MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++ > 1 file changed, 6 insertions(+) > > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > index 66c9be8e1f..3193ca8f4d 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c > @@ -23,10 +23,13 @@ IsCapsuleNameCapsule ( > > /** >Check the integrity of the capsule name capsule. >If the capsule is vaild, return the physical address of each capsule name > string. > > + This routine assumes the capsule has been validated by > IsValidCapsuleHeader(), so > + capsule memory overflow is not going to happen in this routine. > + >@param[in] CapsuleHeader Pointer to the capsule header of a capsule > name capsule. >@param[out] CapsuleNameNum Number of capsule name. > >@retval NULLCapsule name capsule is not valid. >@retval CapsuleNameBuf Array of capsule name physical address. > @@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity ( >// >// If strings are not aligned on a 16-bit boundary, reallocate memory for > it. >// >if (((UINTN) CapsuleNameBufStart & BIT0) != 0) { > CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader- > >CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart); > +if (CapsuleNameBufStart == NULL) { > + return NULL; > +} >} > >CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader- > >CapsuleImageSize - CapsuleHeader->HeaderSize; > >CapsuleNamePtr = CapsuleNameBufStart; > -- > 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42950): https://edk2.groups.io/g/devel/message/42950 Mute This Topic: https://groups.io/mt/32232931/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
Reviewed-by: Chao Zhang -Original Message- From: Xu, Wei6 Sent: Friday, June 28, 2019 12:26 AM To: devel@edk2.groups.io Cc: Wang, Jian J ; Wu, Hao A ; Zhang, Chao B Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check. Add missing NULL pointer check for CapsuleNameBufStart. Also add comments to notice that capsule name integrity check assumes the capsule has been validated by IsValidCapsuleHeader(). Cc: Jian J Wang Cc: Hao A Wu Cc: Chao B Zhang Signed-off-by: Wei6 Xu --- MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c index 66c9be8e1f..3193ca8f4d 100644 --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c @@ -23,10 +23,13 @@ IsCapsuleNameCapsule ( /** Check the integrity of the capsule name capsule. If the capsule is vaild, return the physical address of each capsule name string. + This routine assumes the capsule has been validated by + IsValidCapsuleHeader(), so capsule memory overflow is not going to happen in this routine. + @param[in] CapsuleHeader Pointer to the capsule header of a capsule name capsule. @param[out] CapsuleNameNum Number of capsule name. @retval NULLCapsule name capsule is not valid. @retval CapsuleNameBuf Array of capsule name physical address. @@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity ( // // If strings are not aligned on a 16-bit boundary, reallocate memory for it. // if (((UINTN) CapsuleNameBufStart & BIT0) != 0) { CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart); +if (CapsuleNameBufStart == NULL) { + return NULL; +} } CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize; CapsuleNamePtr = CapsuleNameBufStart; -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42948): https://edk2.groups.io/g/devel/message/42948 Mute This Topic: https://groups.io/mt/32232931/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
Add missing NULL pointer check for CapsuleNameBufStart. Also add comments to notice that capsule name integrity check assumes the capsule has been validated by IsValidCapsuleHeader(). Cc: Jian J Wang Cc: Hao A Wu Cc: Chao B Zhang Signed-off-by: Wei6 Xu --- MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c index 66c9be8e1f..3193ca8f4d 100644 --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c @@ -23,10 +23,13 @@ IsCapsuleNameCapsule ( /** Check the integrity of the capsule name capsule. If the capsule is vaild, return the physical address of each capsule name string. + This routine assumes the capsule has been validated by IsValidCapsuleHeader(), so + capsule memory overflow is not going to happen in this routine. + @param[in] CapsuleHeader Pointer to the capsule header of a capsule name capsule. @param[out] CapsuleNameNum Number of capsule name. @retval NULLCapsule name capsule is not valid. @retval CapsuleNameBuf Array of capsule name physical address. @@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity ( // // If strings are not aligned on a 16-bit boundary, reallocate memory for it. // if (((UINTN) CapsuleNameBufStart & BIT0) != 0) { CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart); +if (CapsuleNameBufStart == NULL) { + return NULL; +} } CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize; CapsuleNamePtr = CapsuleNameBufStart; -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42942): https://edk2.groups.io/g/devel/message/42942 Mute This Topic: https://groups.io/mt/32232931/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-