Refine the code logic, use dynamic allocate buffer instead of static array to fix potential buffer overflow.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15829 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Eric Dong
2014-08-19 07:20:19 +00:00
committed by ydong10
parent 69c0fbd2c5
commit 17e95ca9a7
2 changed files with 100 additions and 69 deletions

View File

@@ -70,16 +70,16 @@ EFI_HANDLE *mDevicePathHandleBuffer;
EFI_HANDLE *mDriverImageHandleBuffer;
INTN mSelectedCtrIndex;
EFI_STRING_ID mControllerToken[MAX_CHOICE_NUM];
EFI_STRING_ID *mControllerToken;
UINTN mDriverImageHandleCount;
EFI_STRING_ID mDriverImageToken[MAX_CHOICE_NUM];
EFI_STRING_ID mDriverImageFilePathToken[MAX_CHOICE_NUM];
EFI_LOADED_IMAGE_PROTOCOL *mDriverImageProtocol[MAX_CHOICE_NUM];
EFI_DEVICE_PATH_PROTOCOL *mControllerDevicePathProtocol[MAX_CHOICE_NUM];
EFI_STRING_ID *mDriverImageToken;
EFI_DEVICE_PATH_PROTOCOL **mControllerDevicePathProtocol;
UINTN mSelectedDriverImageNum;
UINTN mLastSavedDriverImageNum;
UINT16 mCurrentPage;
EFI_CALLBACK_INFO *mCallbackInfo;
BOOLEAN *mDriSelection;
UINTN mMaxDeviceCount;
HII_VENDOR_DEVICE_PATH mHiiVendorDevicePath = {
{
@@ -425,6 +425,12 @@ UpdateDeviceSelectPage (
return EFI_SUCCESS;
}
mMaxDeviceCount = DevicePathHandleCount;
mControllerDevicePathProtocol = AllocateZeroPool (DevicePathHandleCount * sizeof (EFI_DEVICE_PATH_PROTOCOL *));
ASSERT (mControllerDevicePathProtocol != NULL);
mControllerToken = AllocateZeroPool (DevicePathHandleCount * sizeof (EFI_STRING_ID));
ASSERT (mControllerToken != NULL);
for (Index = 0; Index < DevicePathHandleCount; Index++) {
if (FakeNvData->PciDeviceFilter == 0x01) {
//
@@ -630,6 +636,9 @@ UpdateBindingDriverSelectPage (
VOID *EndOpCodeHandle;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
EFI_LOADED_IMAGE_PROTOCOL **DriverImageProtocol;
EFI_STRING_ID *DriverImageFilePathToken;
UINT8 CheckFlags;
//
// If user select a controller item in the first page the following code will be run.
@@ -698,6 +707,16 @@ UpdateBindingDriverSelectPage (
return EFI_NOT_FOUND;
}
mDriverImageToken = AllocateZeroPool (DriverImageHandleCount * sizeof (EFI_STRING_ID));
ASSERT (mDriverImageToken != NULL);
mDriSelection = AllocateZeroPool (DriverImageHandleCount * sizeof (BOOLEAN));
ASSERT (mDriSelection != NULL);
DriverImageProtocol = AllocateZeroPool (DriverImageHandleCount * sizeof (EFI_LOADED_IMAGE_PROTOCOL *));
ASSERT (DriverImageProtocol != NULL);
DriverImageFilePathToken = AllocateZeroPool (DriverImageHandleCount * sizeof (EFI_STRING_ID));
ASSERT (DriverImageFilePathToken != NULL);
mDriverImageHandleCount = DriverImageHandleCount;
for (Index = 0; Index < DriverImageHandleCount; Index++) {
//
@@ -718,16 +737,16 @@ UpdateBindingDriverSelectPage (
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (EFI_ERROR (Status)) {
FakeNvData->DriSelection[Index] = 0x00;
mDriSelection[Index] = FALSE;
continue;
}
mDriverImageProtocol[Index] = LoadedImage;
DriverImageProtocol[Index] = LoadedImage;
//
// Find its related driver binding protocol
//
DriverBindingHandle = GetDriverBindingHandleFromImageHandle (mDriverImageHandleBuffer[Index]);
if (DriverBindingHandle == NULL) {
FakeNvData->DriSelection[Index] = 0x00;
mDriSelection[Index] = FALSE;
continue;
}
@@ -741,7 +760,7 @@ UpdateBindingDriverSelectPage (
(VOID **) &LoadedImageDevicePath
);
if (LoadedImageDevicePath == NULL) {
FakeNvData->DriSelection[Index] = 0x00;
mDriSelection[Index] = FALSE;
continue;
}
@@ -757,11 +776,11 @@ UpdateBindingDriverSelectPage (
(VOID **) &BusSpecificDriverOverride
);
if (EFI_ERROR (Status) || BusSpecificDriverOverride == NULL) {
FakeNvData->DriSelection[Index] = 0x00;
mDriSelection[Index] = FALSE;
continue;
}
} else {
FakeNvData->DriSelection[Index] = 0x00;
mDriSelection[Index] = FALSE;
continue;
}
}
@@ -798,9 +817,9 @@ UpdateBindingDriverSelectPage (
NewString = AllocateZeroPool (StrSize (DriverName));
ASSERT (NewString != NULL);
if (EFI_ERROR (CheckMapping (mControllerDevicePathProtocol[mSelectedCtrIndex], LoadedImageDevicePath, &mMappingDataBase, NULL, NULL))) {
FakeNvData->DriSelection[Index] = 0x00;
mDriSelection[Index] = FALSE;
} else {
FakeNvData->DriSelection[Index] = 0x01;
mDriSelection[Index] = TRUE;
mLastSavedDriverImageNum++;
}
StrCat (NewString, DriverName);
@@ -820,21 +839,26 @@ UpdateBindingDriverSelectPage (
NewString = AllocateZeroPool (StrSize (DriverName));
ASSERT (NewString != NULL);
StrCat (NewString, DriverName);
NewStringHelpToken = HiiSetString (Private->RegisteredHandle, mDriverImageFilePathToken[Index], NewString, NULL);
NewStringHelpToken = HiiSetString (Private->RegisteredHandle, DriverImageFilePathToken[Index], NewString, NULL);
ASSERT (NewStringHelpToken != 0);
mDriverImageFilePathToken[Index] = NewStringHelpToken;
DriverImageFilePathToken[Index] = NewStringHelpToken;
FreePool (NewString);
FreePool (DriverName);
CheckFlags = 0;
if (mDriSelection[Index]) {
CheckFlags |= EFI_IFR_CHECKBOX_DEFAULT;
}
HiiCreateCheckBoxOpCode (
StartOpCodeHandle,
(UINT16) (DRIVER_SELECTION_QUESTION_ID + Index),
VARSTORE_ID_PLAT_OVER_MNGR,
(UINT16) (DRIVER_SELECTION_VAR_OFFSET + Index),
(UINT16) (KEY_VALUE_DRIVER_OFFSET + Index),
0,
0,
NewStringToken,
NewStringHelpToken,
0,
0,
EFI_IFR_FLAG_CALLBACK,
CheckFlags,
NULL
);
}
@@ -852,6 +876,15 @@ UpdateBindingDriverSelectPage (
HiiFreeOpCodeHandle (StartOpCodeHandle);
HiiFreeOpCodeHandle (EndOpCodeHandle);
if (DriverImageProtocol != NULL) {
FreePool (DriverImageProtocol);
}
if (DriverImageFilePathToken != NULL) {
FreePool (DriverImageFilePathToken);
}
return EFI_SUCCESS;
}
@@ -932,7 +965,7 @@ UpdatePrioritySelectPage (
//
SelectedDriverImageNum = 0;
for (Index = 0; Index < mDriverImageHandleCount; Index++) {
if (FakeNvData->DriSelection[Index] != 0) {
if (mDriSelection[Index]) {
SelectedDriverImageNum ++;
}
}
@@ -950,7 +983,7 @@ UpdatePrioritySelectPage (
//
SelectedDriverImageNum = 0;
for (Index = 0; Index < mDriverImageHandleCount; Index++) {
if (FakeNvData->DriSelection[Index] != 0) {
if (mDriSelection[Index]) {
//
// Use the NO. in driver binding buffer as value, will use it later
//
@@ -1068,7 +1101,7 @@ UpdatePrioritySelectPage (
**/
EFI_STATUS
CommintChanges (
CommitChanges (
IN EFI_CALLBACK_INFO *Private,
IN UINT16 KeyValue,
IN PLAT_OVER_MNGR_DATA *FakeNvData
@@ -1263,21 +1296,10 @@ PlatOverMngrRouteConfig (
}
Status = EFI_SUCCESS;
if (mCurrentPage == FORM_ID_DRIVER) {
KeyValue = KEY_VALUE_DRIVER_GOTO_ORDER;
UpdatePrioritySelectPage (Private, KeyValue, FakeNvData);
KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
Status = CommintChanges (Private, KeyValue, FakeNvData);
//
// Since UpdatePrioritySelectPage will change mCurrentPage,
// should ensure the mCurrentPage still indicate the second page here
//
mCurrentPage = FORM_ID_DRIVER;
}
if (mCurrentPage == FORM_ID_ORDER) {
KeyValue = KEY_VALUE_ORDER_SAVE_AND_EXIT;
Status = CommintChanges (Private, KeyValue, FakeNvData);
Status = CommitChanges (Private, KeyValue, FakeNvData);
}
return Status;
@@ -1350,7 +1372,7 @@ PlatOverMngrCallback (
}
}
if (((KeyValue >= KEY_VALUE_DEVICE_OFFSET) && (KeyValue < KEY_VALUE_DEVICE_MAX)) || (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS)) {
if (((KeyValue >= KEY_VALUE_DEVICE_OFFSET) && (KeyValue < KEY_VALUE_DEVICE_OFFSET + mMaxDeviceCount)) || (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS)) {
if (KeyValue == KEY_VALUE_ORDER_GOTO_PREVIOUS) {
KeyValue = (EFI_QUESTION_ID) (mSelectedCtrIndex + KEY_VALUE_DEVICE_OFFSET);
}
@@ -1384,30 +1406,34 @@ PlatOverMngrCallback (
UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (KeyValue) {
case KEY_VALUE_DEVICE_REFRESH:
case KEY_VALUE_DEVICE_FILTER:
UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
//
// Update page title string
//
NewStringToken = STRING_TOKEN (STR_TITLE);
if (HiiSetString (Private->RegisteredHandle, NewStringToken, L"First, Select the controller by device path", NULL) == 0) {
ASSERT (FALSE);
}
break;
case KEY_VALUE_ORDER_SAVE_AND_EXIT:
Status = CommintChanges (Private, KeyValue, FakeNvData);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
if (EFI_ERROR (Status)) {
CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"Single Override Info too large, Saving Error!", NULL);
return EFI_DEVICE_ERROR;
}
break;
if ((KeyValue >= KEY_VALUE_DRIVER_OFFSET) && (KeyValue < KEY_VALUE_DRIVER_OFFSET + mDriverImageHandleCount)) {
mDriSelection[KeyValue - KEY_VALUE_DRIVER_OFFSET] = Value->b;
} else {
switch (KeyValue) {
case KEY_VALUE_DEVICE_REFRESH:
case KEY_VALUE_DEVICE_FILTER:
UpdateDeviceSelectPage (Private, KeyValue, FakeNvData);
//
// Update page title string
//
NewStringToken = STRING_TOKEN (STR_TITLE);
if (HiiSetString (Private->RegisteredHandle, NewStringToken, L"First, Select the controller by device path", NULL) == 0) {
ASSERT (FALSE);
}
break;
case KEY_VALUE_ORDER_SAVE_AND_EXIT:
Status = CommitChanges (Private, KeyValue, FakeNvData);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
if (EFI_ERROR (Status)) {
CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, L"Single Override Info too large, Saving Error!", NULL);
return EFI_DEVICE_ERROR;
}
break;
default:
break;
default:
break;
}
}
}
@@ -1659,10 +1685,6 @@ PlatDriOverrideDxeInit (
//
mDriverImageHandleCount = 0;
mCurrentPage = 0;
ZeroMem (mDriverImageToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
ZeroMem (mDriverImageFilePathToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
ZeroMem (mControllerToken, MAX_CHOICE_NUM * sizeof (EFI_STRING_ID));
ZeroMem (mDriverImageProtocol, MAX_CHOICE_NUM * sizeof (EFI_LOADED_IMAGE_PROTOCOL *));
return EFI_SUCCESS;
@@ -1706,5 +1728,17 @@ PlatDriOverrideDxeUnload (
FreePool (mCallbackInfo);
if (mControllerToken != NULL) {
FreePool (mControllerToken);
}
if (mControllerDevicePathProtocol != NULL) {
FreePool (mControllerDevicePathProtocol);
}
if (mDriverImageToken != NULL) {
FreePool (mDriverImageToken);
}
return EFI_SUCCESS;
}