Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow issue.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Chao, Zhang
czhang46
@ -7,6 +7,10 @@
|
|||||||
This external input must be validated carefully to avoid security issue like
|
This external input must be validated carefully to avoid security issue like
|
||||||
buffer overflow, integer overflow.
|
buffer overflow, integer overflow.
|
||||||
Variable attribute should also be checked to avoid authentication bypass.
|
Variable attribute should also be checked to avoid authentication bypass.
|
||||||
|
The whole SMM authentication variable design relies on the integrity of flash part and SMM.
|
||||||
|
which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
|
||||||
|
may not be modified without authorization. If platform fails to protect these resources,
|
||||||
|
the authentication service provided in this driver will be broken, and the behavior is undefined.
|
||||||
|
|
||||||
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
|
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
|
||||||
variable authentication.
|
variable authentication.
|
||||||
@ -251,6 +255,10 @@ AutenticatedVariableServiceInitialize (
|
|||||||
DataSize = DataSizeOfVariable (Variable.CurrPtr);
|
DataSize = DataSizeOfVariable (Variable.CurrPtr);
|
||||||
Data = GetVariableDataPtr (Variable.CurrPtr);
|
Data = GetVariableDataPtr (Variable.CurrPtr);
|
||||||
ASSERT ((DataSize != 0) && (Data != NULL));
|
ASSERT ((DataSize != 0) && (Data != NULL));
|
||||||
|
//
|
||||||
|
// "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
|
||||||
|
// Therefore, there is no memory overflow in underlying CopyMem.
|
||||||
|
//
|
||||||
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
|
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
|
||||||
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
|
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
|
||||||
}
|
}
|
||||||
@ -564,6 +572,10 @@ AddPubKeyInStore (
|
|||||||
DataSize = DataSizeOfVariable (Variable.CurrPtr);
|
DataSize = DataSizeOfVariable (Variable.CurrPtr);
|
||||||
Data = GetVariableDataPtr (Variable.CurrPtr);
|
Data = GetVariableDataPtr (Variable.CurrPtr);
|
||||||
ASSERT ((DataSize != 0) && (Data != NULL));
|
ASSERT ((DataSize != 0) && (Data != NULL));
|
||||||
|
//
|
||||||
|
// "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
|
||||||
|
// Therefore, there is no memory overflow in underlying CopyMem.
|
||||||
|
//
|
||||||
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
|
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
|
||||||
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
|
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
|
||||||
|
|
||||||
|
|||||||
@ -2,6 +2,16 @@
|
|||||||
The internal header file includes the common header files, defines
|
The internal header file includes the common header files, defines
|
||||||
internal structure and functions used by AuthService module.
|
internal structure and functions used by AuthService module.
|
||||||
|
|
||||||
|
Caution: This module requires additional review when modified.
|
||||||
|
This driver will have external input - variable data. It may be input in SMM mode.
|
||||||
|
This external input must be validated carefully to avoid security issue like
|
||||||
|
buffer overflow, integer overflow.
|
||||||
|
Variable attribute should also be checked to avoid authentication bypass.
|
||||||
|
The whole SMM authentication variable design relies on the integrity of flash part and SMM.
|
||||||
|
which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
|
||||||
|
may not be modified without authorization. If platform fails to protect these resources,
|
||||||
|
the authentication service provided in this driver will be broken, and the behavior is undefined.
|
||||||
|
|
||||||
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
|||||||
@ -13,6 +13,10 @@
|
|||||||
# This driver will have external input - variable data and communicate buffer in SMM mode.
|
# This driver will have external input - variable data and communicate buffer in SMM mode.
|
||||||
# This external input must be validated carefully to avoid security issues such as
|
# This external input must be validated carefully to avoid security issues such as
|
||||||
# buffer overflow or integer overflow.
|
# buffer overflow or integer overflow.
|
||||||
|
# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
|
||||||
|
# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
|
||||||
|
# may not be modified without authorization. If platform fails to protect these resources,
|
||||||
|
# the authentication service provided in this driver will be broken, and the behavior is undefined.
|
||||||
#
|
#
|
||||||
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
|
|||||||
@ -8,6 +8,10 @@
|
|||||||
# This driver will have external input - variable data.
|
# This driver will have external input - variable data.
|
||||||
# This external input must be validated carefully to avoid security issues such as
|
# This external input must be validated carefully to avoid security issues such as
|
||||||
# buffer overflow or integer overflow.
|
# buffer overflow or integer overflow.
|
||||||
|
# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
|
||||||
|
# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
|
||||||
|
# may not be modified without authorization. If platform fails to protect these resources,
|
||||||
|
# the authentication service provided in this driver will be broken, and the behavior is undefined.
|
||||||
#
|
#
|
||||||
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
|
|||||||
Reference in New Issue
Block a user