sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg OpalPasswordSupportLib: Add check to avoid potential buffer overflow.

Browse Source 
Current code not check the CommunicationBuffer size before use it. Attacker can
read beyond the end of the (untrusted) commbuffer into controlled memory. Attacker
can get access outside of valid SMM memory regions. This patch add check before
use it.

bugz: https://bugzilla.tianocore.org/show_bug.cgi?id=198

Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Wu Hao <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
This commit is contained in:
Eric Dong
2018-07-31 13:13:20 +08:00
parent c4c7fb388e
commit 87acb6e298
4 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
SecurityPkg/Include/Library/OpalPasswordSupportLib.h
View File

@@ -19,6 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/DevicePath.h>
#include <Library/TcgStorageOpalLib.h>
#define OPAL_PASSWORD_MAX_LENGTH 32
#pragma pack(1)
@@ -76,7 +77,7 @@ typedef struct {
typedef struct {
LIST_ENTRY Link;
UINT8 Password[32];
UINT8 Password[OPAL_PASSWORD_MAX_LENGTH];
UINT8 PasswordLength;
EFI_DEVICE_PATH_PROTOCOL OpalDevicePath;