Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Yonghong Zhu <yonghong....@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.z...@intel.com>
---
MdeModulePkg/Application/CapsuleApp/CapsuleApp.c | 38 ++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
index a83ebf3d101b..dbcffddea9ce 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
@@ -716,6 +716,40 @@ CleanGatherList (
}
/**
+ Validate if it is valid capsule header
+
+ This function assumes the caller provided correct CapsuleHeader pointer
+ and CapsuleSize.
+
+ This function validates the fields in EFI_CAPSULE_HEADER.
+
+ @param[in] CapsuleHeader Points to a capsule header.
+ @param[in] CapsuleSize Size of the whole capsule image.
+
+**/
+BOOLEAN
+IsValidCapsuleHeader (
+ IN EFI_CAPSULE_HEADER *CapsuleHeader,
+ IN UINT64 CapsuleSize
+ )
+{
+ if (CapsuleSize < sizeof (EFI_CAPSULE_HEADER)) {
+ return FALSE;
+ }
+ if (CapsuleHeader->CapsuleImageSize != CapsuleSize) {
+ return FALSE;
+ }
+ if (CapsuleHeader->HeaderSize > CapsuleHeader->CapsuleImageSize) {
+ return FALSE;
+ }
+ if (CapsuleHeader->HeaderSize < sizeof (EFI_CAPSULE_HEADER)) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
Print APP usage.
**/
VOID
@@ -891,6 +925,10 @@ UefiMain (
Print(L"CapsuleApp: capsule image (%s) is not found.\n", CapsuleName);
goto Done;
}
+ if (!IsValidCapsuleHeader (CapsuleBuffer[Index], FileSize[Index])) {
+ Print(L"CapsuleApp: Capsule image (%s) is not a valid capsule.\n",
CapsuleName);
+ return EFI_INVALID_PARAMETER;
+ }
}
//
--
2.7.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
