sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg/SecurityPkg Variable: Add boundary check for while (IsValidVariableHeader (Variable)).

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16280 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Star Zeng
2014-10-31 10:26:54 +00:00
committed by lzeng14
parent a75cf433d1
commit 6ebffb67c8
4 changed files with 90 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
MdeModulePkg/Universal/Variable/Pei/Variable.c
View File

@ -3,7 +3,7 @@
Implement ReadOnly Variable Services required by PEIM and install Implement ReadOnly Variable Services required by PEIM and install
PEI ReadOnly Varaiable2 PPI. These services operates the non volatile storage space. PEI ReadOnly Varaiable2 PPI. These services operates the non volatile storage space.
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -547,14 +547,25 @@ GetVariableHeader (
EFI_HOB_GUID_TYPE *GuidHob; EFI_HOB_GUID_TYPE *GuidHob;
UINTN PartialHeaderSize; UINTN PartialHeaderSize;
if (Variable == NULL) {
return FALSE;
}
// //
// First assume variable header pointed by Variable is consecutive. // First assume variable header pointed by Variable is consecutive.
// //
*VariableHeader = Variable; *VariableHeader = Variable;
if ((Variable != NULL) && (StoreInfo->FtwLastWriteData != NULL)) { if (StoreInfo->FtwLastWriteData != NULL) {
TargetAddress = StoreInfo->FtwLastWriteData->TargetAddress; TargetAddress = StoreInfo->FtwLastWriteData->TargetAddress;
SpareAddress = StoreInfo->FtwLastWriteData->SpareAddress; SpareAddress = StoreInfo->FtwLastWriteData->SpareAddress;
if (((UINTN) Variable > (UINTN) SpareAddress) &&
(((UINTN) Variable - (UINTN) SpareAddress + (UINTN) TargetAddress) >= (UINTN) GetEndPointer (StoreInfo->VariableStoreHeader))) {
//
// Reach the end of variable store.
//
return FALSE;
}
if (((UINTN) Variable < (UINTN) TargetAddress) && (((UINTN) Variable + sizeof (VARIABLE_HEADER)) > (UINTN) TargetAddress)) { if (((UINTN) Variable < (UINTN) TargetAddress) && (((UINTN) Variable + sizeof (VARIABLE_HEADER)) > (UINTN) TargetAddress)) {
// //
// Variable header pointed by Variable is inconsecutive, // Variable header pointed by Variable is inconsecutive,
@ -576,6 +587,13 @@ GetVariableHeader (
CopyMem ((UINT8 *) *VariableHeader + PartialHeaderSize, (UINT8 *) (UINTN) SpareAddress, sizeof (VARIABLE_HEADER) - PartialHeaderSize); CopyMem ((UINT8 *) *VariableHeader + PartialHeaderSize, (UINT8 *) (UINTN) SpareAddress, sizeof (VARIABLE_HEADER) - PartialHeaderSize);
} }
} }
} else {
if (Variable >= GetEndPointer (StoreInfo->VariableStoreHeader)) {
//
// Reach the end of variable store.
//
return FALSE;
}
} }
return IsValidVariableHeader (*VariableHeader); return IsValidVariableHeader (*VariableHeader);

40
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
View File

@ -191,6 +191,7 @@ UpdateVariableInfo (
This code checks if variable header is valid or not. This code checks if variable header is valid or not.
@param Variable Pointer to the Variable Header. @param Variable Pointer to the Variable Header.
@param VariableStoreEnd Pointer to the Variable Store End.
@retval TRUE Variable header is valid. @retval TRUE Variable header is valid.
@retval FALSE Variable header is not valid. @retval FALSE Variable header is not valid.
@ -198,10 +199,15 @@ UpdateVariableInfo (
**/ **/
BOOLEAN BOOLEAN
IsValidVariableHeader ( IsValidVariableHeader (
IN VARIABLE_HEADER *Variable IN VARIABLE_HEADER *Variable,
IN VARIABLE_HEADER *VariableStoreEnd
) )
{ {
if (Variable == NULL || Variable->StartId != VARIABLE_DATA) { if ((Variable == NULL) || (Variable >= VariableStoreEnd) || (Variable->StartId != VARIABLE_DATA)) {
//
// Variable is NULL or has reached the end of variable store,
// or the StartId is not correct.
//
return FALSE; return FALSE;
} }
@ -499,10 +505,6 @@ GetNextVariablePtr (
{ {
UINTN Value; UINTN Value;
if (!IsValidVariableHeader (Variable)) {
return NULL;
}
Value = (UINTN) GetVariableDataPtr (Variable); Value = (UINTN) GetVariableDataPtr (Variable);
Value += DataSizeOfVariable (Variable); Value += DataSizeOfVariable (Variable);
Value += GET_PAD_SIZE (DataSizeOfVariable (Variable)); Value += GET_PAD_SIZE (DataSizeOfVariable (Variable));
@ -622,7 +624,7 @@ Reclaim (
Variable = GetStartPointer (VariableStoreHeader); Variable = GetStartPointer (VariableStoreHeader);
MaximumBufferSize = sizeof (VARIABLE_STORE_HEADER); MaximumBufferSize = sizeof (VARIABLE_STORE_HEADER);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) && if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) &&
Variable != UpdatingVariable && Variable != UpdatingVariable &&
@ -672,7 +674,7 @@ Reclaim (
// Reinstall all ADDED variables as long as they are not identical to Updating Variable. // Reinstall all ADDED variables as long as they are not identical to Updating Variable.
// //
Variable = GetStartPointer (VariableStoreHeader); Variable = GetStartPointer (VariableStoreHeader);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
if (Variable != UpdatingVariable && Variable->State == VAR_ADDED) { if (Variable != UpdatingVariable && Variable->State == VAR_ADDED) {
VariableSize = (UINTN) NextVariable - (UINTN) Variable; VariableSize = (UINTN) NextVariable - (UINTN) Variable;
@ -691,7 +693,7 @@ Reclaim (
// Reinstall all in delete transition variables. // Reinstall all in delete transition variables.
// //
Variable = GetStartPointer (VariableStoreHeader); Variable = GetStartPointer (VariableStoreHeader);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
if (Variable != UpdatingVariable && Variable != UpdatingInDeletedTransition && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { if (Variable != UpdatingVariable && Variable != UpdatingInDeletedTransition && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
@ -703,7 +705,7 @@ Reclaim (
FoundAdded = FALSE; FoundAdded = FALSE;
AddedVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer); AddedVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer);
while (IsValidVariableHeader (AddedVariable)) { while (IsValidVariableHeader (AddedVariable, GetEndPointer ((VARIABLE_STORE_HEADER *) ValidBuffer))) {
NextAddedVariable = GetNextVariablePtr (AddedVariable); NextAddedVariable = GetNextVariablePtr (AddedVariable);
NameSize = NameSizeOfVariable (AddedVariable); NameSize = NameSizeOfVariable (AddedVariable);
if (CompareGuid (&AddedVariable->VendorGuid, &Variable->VendorGuid) && if (CompareGuid (&AddedVariable->VendorGuid, &Variable->VendorGuid) &&
@ -795,7 +797,7 @@ Reclaim (
mVariableModuleGlobal->CommonVariableTotalSize = CommonVariableTotalSize; mVariableModuleGlobal->CommonVariableTotalSize = CommonVariableTotalSize;
} else { } else {
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase); NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase);
while (IsValidVariableHeader (NextVariable)) { while (IsValidVariableHeader (NextVariable, GetEndPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase))) {
VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER); VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER);
if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize); mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize);
@ -853,7 +855,7 @@ FindVariableEx (
InDeletedVariable = NULL; InDeletedVariable = NULL;
for ( PtrTrack->CurrPtr = PtrTrack->StartPtr for ( PtrTrack->CurrPtr = PtrTrack->StartPtr
; (PtrTrack->CurrPtr < PtrTrack->EndPtr) && IsValidVariableHeader (PtrTrack->CurrPtr) ; IsValidVariableHeader (PtrTrack->CurrPtr, PtrTrack->EndPtr)
; PtrTrack->CurrPtr = GetNextVariablePtr (PtrTrack->CurrPtr) ; PtrTrack->CurrPtr = GetNextVariablePtr (PtrTrack->CurrPtr)
) { ) {
if (PtrTrack->CurrPtr->State == VAR_ADDED || if (PtrTrack->CurrPtr->State == VAR_ADDED ||
@ -2408,10 +2410,7 @@ VariableServiceGetNextVariableName (
// //
// Switch from Volatile to HOB, to Non-Volatile. // Switch from Volatile to HOB, to Non-Volatile.
// //
while ((Variable.CurrPtr >= Variable.EndPtr) || while (!IsValidVariableHeader (Variable.CurrPtr, Variable.EndPtr)) {
(Variable.CurrPtr == NULL) ||
!IsValidVariableHeader (Variable.CurrPtr)
) {
// //
// Find current storage index // Find current storage index
// //
@ -2617,8 +2616,7 @@ VariableServiceSetVariable (
// Parse non-volatile variable data and get last variable offset. // Parse non-volatile variable data and get last variable offset.
// //
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point); NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point);
while ((NextVariable < GetEndPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point)) while (IsValidVariableHeader (NextVariable, GetEndPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point))) {
&& IsValidVariableHeader (NextVariable)) {
NextVariable = GetNextVariablePtr (NextVariable); NextVariable = GetNextVariablePtr (NextVariable);
} }
mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) NextVariable - (UINTN) Point; mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) NextVariable - (UINTN) Point;
@ -2765,7 +2763,7 @@ VariableServiceQueryVariableInfoInternal (
// //
// Now walk through the related variable store. // Now walk through the related variable store.
// //
while ((Variable < GetEndPointer (VariableStoreHeader)) && IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
VariableSize = (UINT64) (UINTN) NextVariable - (UINT64) (UINTN) Variable; VariableSize = (UINT64) (UINTN) NextVariable - (UINT64) (UINTN) Variable;
@ -3063,7 +3061,7 @@ InitNonVolatileVariableStore (
// Parse non-volatile variable data and get last variable offset. // Parse non-volatile variable data and get last variable offset.
// //
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase); NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase);
while (IsValidVariableHeader (NextVariable)) { while (IsValidVariableHeader (NextVariable, GetEndPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase))) {
VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER); VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER);
if ((NextVariable->Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { if ((NextVariable->Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize); mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize);
@ -3109,7 +3107,7 @@ FlushHobVariableToFlash (
// //
mVariableModuleGlobal->VariableGlobal.HobVariableBase = 0; mVariableModuleGlobal->VariableGlobal.HobVariableBase = 0;
for ( Variable = GetStartPointer (VariableStoreHeader) for ( Variable = GetStartPointer (VariableStoreHeader)
; (Variable < GetEndPointer (VariableStoreHeader) && IsValidVariableHeader (Variable)) ; IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))
; Variable = GetNextVariablePtr (Variable) ; Variable = GetNextVariablePtr (Variable)
) { ) {
if (Variable->State != VAR_ADDED) { if (Variable->State != VAR_ADDED) {

22
SecurityPkg/VariableAuthenticated/Pei/Variable.c
View File

@ -3,7 +3,7 @@
ReadOnly Varaiable2 PPI. These services operates the non-volatile ReadOnly Varaiable2 PPI. These services operates the non-volatile
storage space. storage space.
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -546,14 +546,25 @@ GetVariableHeader (
EFI_HOB_GUID_TYPE *GuidHob; EFI_HOB_GUID_TYPE *GuidHob;
UINTN PartialHeaderSize; UINTN PartialHeaderSize;
if (Variable == NULL) {
return FALSE;
}
// //
// First assume variable header pointed by Variable is consecutive. // First assume variable header pointed by Variable is consecutive.
// //
*VariableHeader = Variable; *VariableHeader = Variable;
if ((Variable != NULL) && (StoreInfo->FtwLastWriteData != NULL)) { if (StoreInfo->FtwLastWriteData != NULL) {
TargetAddress = StoreInfo->FtwLastWriteData->TargetAddress; TargetAddress = StoreInfo->FtwLastWriteData->TargetAddress;
SpareAddress = StoreInfo->FtwLastWriteData->SpareAddress; SpareAddress = StoreInfo->FtwLastWriteData->SpareAddress;
if (((UINTN) Variable > (UINTN) SpareAddress) &&
(((UINTN) Variable - (UINTN) SpareAddress + (UINTN) TargetAddress) >= (UINTN) GetEndPointer (StoreInfo->VariableStoreHeader))) {
//
// Reach the end of variable store.
//
return FALSE;
}
if (((UINTN) Variable < (UINTN) TargetAddress) && (((UINTN) Variable + sizeof (VARIABLE_HEADER)) > (UINTN) TargetAddress)) { if (((UINTN) Variable < (UINTN) TargetAddress) && (((UINTN) Variable + sizeof (VARIABLE_HEADER)) > (UINTN) TargetAddress)) {
// //
// Variable header pointed by Variable is inconsecutive, // Variable header pointed by Variable is inconsecutive,
@ -575,6 +586,13 @@ GetVariableHeader (
CopyMem ((UINT8 *) *VariableHeader + PartialHeaderSize, (UINT8 *) (UINTN) SpareAddress, sizeof (VARIABLE_HEADER) - PartialHeaderSize); CopyMem ((UINT8 *) *VariableHeader + PartialHeaderSize, (UINT8 *) (UINTN) SpareAddress, sizeof (VARIABLE_HEADER) - PartialHeaderSize);
} }
} }
} else {
if (Variable >= GetEndPointer (StoreInfo->VariableStoreHeader)) {
//
// Reach the end of variable store.
//
return FALSE;
}
} }
return IsValidVariableHeader (*VariableHeader); return IsValidVariableHeader (*VariableHeader);

46
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
View File

@ -219,6 +219,7 @@ UpdateVariableInfo (
This code checks if variable header is valid or not. This code checks if variable header is valid or not.
@param Variable Pointer to the Variable Header. @param Variable Pointer to the Variable Header.
@param VariableStoreEnd Pointer to the Variable Store End.
@retval TRUE Variable header is valid. @retval TRUE Variable header is valid.
@retval FALSE Variable header is not valid. @retval FALSE Variable header is not valid.
@ -226,10 +227,15 @@ UpdateVariableInfo (
**/ **/
BOOLEAN BOOLEAN
IsValidVariableHeader ( IsValidVariableHeader (
IN VARIABLE_HEADER *Variable IN VARIABLE_HEADER *Variable,
IN VARIABLE_HEADER *VariableStoreEnd
) )
{ {
if (Variable == NULL || Variable->StartId != VARIABLE_DATA) { if ((Variable == NULL) || (Variable >= VariableStoreEnd) || (Variable->StartId != VARIABLE_DATA)) {
//
// Variable is NULL or has reached the end of variable store,
// or the StartId is not correct.
//
return FALSE; return FALSE;
} }
@ -529,10 +535,6 @@ GetNextVariablePtr (
{ {
UINTN Value; UINTN Value;
if (!IsValidVariableHeader (Variable)) {
return NULL;
}
Value = (UINTN) GetVariableDataPtr (Variable); Value = (UINTN) GetVariableDataPtr (Variable);
Value += DataSizeOfVariable (Variable); Value += DataSizeOfVariable (Variable);
Value += GET_PAD_SIZE (DataSizeOfVariable (Variable)); Value += GET_PAD_SIZE (DataSizeOfVariable (Variable));
@ -605,14 +607,16 @@ IsValidPubKeyIndex (
) )
{ {
VARIABLE_HEADER *Variable; VARIABLE_HEADER *Variable;
VARIABLE_HEADER *VariableStoreEnd;
if (PubKeyIndex > mPubKeyNumber) { if (PubKeyIndex > mPubKeyNumber) {
return FALSE; return FALSE;
} }
Variable = GetStartPointer ((VARIABLE_STORE_HEADER *) (UINTN) mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase); Variable = GetStartPointer ((VARIABLE_STORE_HEADER *) (UINTN) mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase);
VariableStoreEnd = GetEndPointer ((VARIABLE_STORE_HEADER *) (UINTN) mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, VariableStoreEnd)) {
if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) && if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) &&
Variable->PubKeyIndex == PubKeyIndex) { Variable->PubKeyIndex == PubKeyIndex) {
return TRUE; return TRUE;
@ -799,7 +803,7 @@ Reclaim (
Variable = GetStartPointer (VariableStoreHeader); Variable = GetStartPointer (VariableStoreHeader);
MaximumBufferSize = sizeof (VARIABLE_STORE_HEADER); MaximumBufferSize = sizeof (VARIABLE_STORE_HEADER);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) && if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) &&
Variable != UpdatingVariable && Variable != UpdatingVariable &&
@ -866,7 +870,7 @@ Reclaim (
// Refresh the PubKeyIndex for all valid variables (ADDED and IN_DELETED_TRANSITION). // Refresh the PubKeyIndex for all valid variables (ADDED and IN_DELETED_TRANSITION).
// //
Variable = GetStartPointer (VariableStoreHeader); Variable = GetStartPointer (VariableStoreHeader);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
if (Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { if (Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
if ((StrCmp (GetVariableNamePtr (Variable), AUTHVAR_KEYDB_NAME) == 0) && if ((StrCmp (GetVariableNamePtr (Variable), AUTHVAR_KEYDB_NAME) == 0) &&
@ -912,7 +916,7 @@ Reclaim (
// Reinstall all ADDED variables as long as they are not identical to Updating Variable. // Reinstall all ADDED variables as long as they are not identical to Updating Variable.
// //
Variable = GetStartPointer (VariableStoreHeader); Variable = GetStartPointer (VariableStoreHeader);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
if (Variable != UpdatingVariable && Variable->State == VAR_ADDED) { if (Variable != UpdatingVariable && Variable->State == VAR_ADDED) {
VariableSize = (UINTN) NextVariable - (UINTN) Variable; VariableSize = (UINTN) NextVariable - (UINTN) Variable;
@ -931,7 +935,7 @@ Reclaim (
// Reinstall all in delete transition variables. // Reinstall all in delete transition variables.
// //
Variable = GetStartPointer (VariableStoreHeader); Variable = GetStartPointer (VariableStoreHeader);
while (IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
if (Variable != UpdatingVariable && Variable != UpdatingInDeletedTransition && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { if (Variable != UpdatingVariable && Variable != UpdatingInDeletedTransition && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
@ -943,7 +947,7 @@ Reclaim (
FoundAdded = FALSE; FoundAdded = FALSE;
AddedVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer); AddedVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer);
while (IsValidVariableHeader (AddedVariable)) { while (IsValidVariableHeader (AddedVariable, GetEndPointer ((VARIABLE_STORE_HEADER *) ValidBuffer))) {
NextAddedVariable = GetNextVariablePtr (AddedVariable); NextAddedVariable = GetNextVariablePtr (AddedVariable);
NameSize = NameSizeOfVariable (AddedVariable); NameSize = NameSizeOfVariable (AddedVariable);
if (CompareGuid (&AddedVariable->VendorGuid, &Variable->VendorGuid) && if (CompareGuid (&AddedVariable->VendorGuid, &Variable->VendorGuid) &&
@ -1036,7 +1040,7 @@ Reclaim (
mVariableModuleGlobal->CommonVariableTotalSize = CommonVariableTotalSize; mVariableModuleGlobal->CommonVariableTotalSize = CommonVariableTotalSize;
} else { } else {
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase); NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase);
while (IsValidVariableHeader (NextVariable)) { while (IsValidVariableHeader (NextVariable, GetEndPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase))) {
VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER); VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER);
if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize); mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize);
@ -1102,7 +1106,7 @@ FindVariableEx (
InDeletedVariable = NULL; InDeletedVariable = NULL;
for ( PtrTrack->CurrPtr = PtrTrack->StartPtr for ( PtrTrack->CurrPtr = PtrTrack->StartPtr
; (PtrTrack->CurrPtr < PtrTrack->EndPtr) && IsValidVariableHeader (PtrTrack->CurrPtr) ; IsValidVariableHeader (PtrTrack->CurrPtr, PtrTrack->EndPtr)
; PtrTrack->CurrPtr = GetNextVariablePtr (PtrTrack->CurrPtr) ; PtrTrack->CurrPtr = GetNextVariablePtr (PtrTrack->CurrPtr)
) { ) {
if (PtrTrack->CurrPtr->State == VAR_ADDED || if (PtrTrack->CurrPtr->State == VAR_ADDED ||
@ -2867,10 +2871,7 @@ VariableServiceGetNextVariableName (
// //
// Switch from Volatile to HOB, to Non-Volatile. // Switch from Volatile to HOB, to Non-Volatile.
// //
while ((Variable.CurrPtr >= Variable.EndPtr) || while (!IsValidVariableHeader (Variable.CurrPtr, Variable.EndPtr)) {
(Variable.CurrPtr == NULL) ||
!IsValidVariableHeader (Variable.CurrPtr)
) {
// //
// Find current storage index // Find current storage index
// //
@ -3119,8 +3120,7 @@ VariableServiceSetVariable (
// Parse non-volatile variable data and get last variable offset. // Parse non-volatile variable data and get last variable offset.
// //
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point); NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point);
while ((NextVariable < GetEndPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point)) while (IsValidVariableHeader (NextVariable, GetEndPointer ((VARIABLE_STORE_HEADER *) (UINTN) Point))) {
&& IsValidVariableHeader (NextVariable)) {
NextVariable = GetNextVariablePtr (NextVariable); NextVariable = GetNextVariablePtr (NextVariable);
} }
mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) NextVariable - (UINTN) Point; mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) NextVariable - (UINTN) Point;
@ -3294,7 +3294,7 @@ VariableServiceQueryVariableInfoInternal (
// //
// Now walk through the related variable store. // Now walk through the related variable store.
// //
while ((Variable < GetEndPointer (VariableStoreHeader)) && IsValidVariableHeader (Variable)) { while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable); NextVariable = GetNextVariablePtr (Variable);
VariableSize = (UINT64) (UINTN) NextVariable - (UINT64) (UINTN) Variable; VariableSize = (UINT64) (UINTN) NextVariable - (UINT64) (UINTN) Variable;
@ -3594,7 +3594,7 @@ InitNonVolatileVariableStore (
// Parse non-volatile variable data and get last variable offset. // Parse non-volatile variable data and get last variable offset.
// //
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase); NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase);
while (IsValidVariableHeader (NextVariable)) { while (IsValidVariableHeader (NextVariable, GetEndPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase))) {
VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER); VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER);
if ((NextVariable->Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { if ((NextVariable->Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize); mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize);
@ -3640,7 +3640,7 @@ FlushHobVariableToFlash (
// //
mVariableModuleGlobal->VariableGlobal.HobVariableBase = 0; mVariableModuleGlobal->VariableGlobal.HobVariableBase = 0;
for ( Variable = GetStartPointer (VariableStoreHeader) for ( Variable = GetStartPointer (VariableStoreHeader)
; (Variable < GetEndPointer (VariableStoreHeader) && IsValidVariableHeader (Variable)) ; IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))
; Variable = GetNextVariablePtr (Variable) ; Variable = GetNextVariablePtr (Variable)
) { ) {
if (Variable->State != VAR_ADDED) { if (Variable->State != VAR_ADDED) {