sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow issue.

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Chao, Zhang
2014-10-22 07:30:22 +00:00
committed by czhang46
parent 0414ec24ba
commit 36bdec3cd9
4 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -7,6 +7,10 @@
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
Variable attribute should also be checked to avoid authentication bypass.
The whole SMM authentication variable design relies on the integrity of flash part and SMM.
which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
may not be modified without authorization. If platform fails to protect these resources,
the authentication service provided in this driver will be broken, and the behavior is undefined.
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
variable authentication.
@ -251,6 +255,10 @@ AutenticatedVariableServiceInitialize (
DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
//
// "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
// Therefore, there is no memory overflow in underlying CopyMem.
//
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
}
@ -564,6 +572,10 @@ AddPubKeyInStore (
DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
//
// "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
// Therefore, there is no memory overflow in underlying CopyMem.
//
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);