add security check.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8680 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -274,6 +274,7 @@ PxeBcTryBinl (
|
||||
PXEBC_CACHED_DHCP4_PACKET *CachedPacket;
|
||||
EFI_DHCP4_PACKET *Reply;
|
||||
|
||||
ASSERT (Index < PXEBC_MAX_OFFER_NUM);
|
||||
ASSERT (Private->Dhcp4Offers[Index].OfferType == DHCP4_PACKET_TYPE_BINL);
|
||||
|
||||
Offer = &Private->Dhcp4Offers[Index].Packet.Offer;
|
||||
@@ -560,6 +561,7 @@ PxeBcCacheDhcpOffer (
|
||||
}
|
||||
|
||||
OfferType = CachedOffer->OfferType;
|
||||
ASSERT (OfferType < DHCP4_PACKET_TYPE_MAX);
|
||||
|
||||
if (OfferType == DHCP4_PACKET_TYPE_BOOTP) {
|
||||
|
||||
@@ -603,6 +605,7 @@ PxeBcCacheDhcpOffer (
|
||||
//
|
||||
// It's a dhcp offer with your address.
|
||||
//
|
||||
ASSERT (Private->ServerCount[OfferType] < PXEBC_MAX_OFFER_NUM);
|
||||
Private->OfferIndex[OfferType][Private->ServerCount[OfferType]] = Private->NumOffers;
|
||||
Private->ServerCount[OfferType]++;
|
||||
}
|
||||
@@ -1119,6 +1122,7 @@ PxeBcDiscvBootService (
|
||||
EFI_DHCP4_HEADER *DhcpHeader;
|
||||
UINT32 Xid;
|
||||
|
||||
ASSERT (IsDiscv && (Layer != NULL));
|
||||
|
||||
Mode = Private->PxeBc.Mode;
|
||||
Dhcp4 = Private->Dhcp4;
|
||||
@@ -1717,15 +1721,21 @@ PxeBcSelectBootMenu (
|
||||
MenuSize = VendorOpt->BootMenuLen;
|
||||
MenuItem = VendorOpt->BootMenu;
|
||||
|
||||
if (MenuSize == 0) {
|
||||
return EFI_NOT_READY;
|
||||
}
|
||||
|
||||
while (MenuSize > 0) {
|
||||
MenuArray[Index] = MenuItem;
|
||||
MenuSize = (UINT8) (MenuSize - (MenuItem->DescLen + 3));
|
||||
MenuItem = (PXEBC_BOOT_MENU_ENTRY *) ((UINT8 *) MenuItem + MenuItem->DescLen + 3);
|
||||
Index++;
|
||||
if (Index++ > (PXEBC_MAX_MENU_NUM - 1)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (UseDefaultItem) {
|
||||
CopyMem (Type, &MenuArray[0]->Type, sizeof (UINT16));
|
||||
*Type = MenuArray[0]->Type;
|
||||
*Type = NTOHS (*Type);
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
@@ -1432,6 +1432,8 @@ CheckIpByFilter (
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
ASSERT (PxeBcMode->IpFilter.IpCnt < EFI_PXE_BASE_CODE_MAX_IPCNT);
|
||||
|
||||
for (Index = 0; Index < PxeBcMode->IpFilter.IpCnt; Index++) {
|
||||
CopyMem (
|
||||
&Ip4Address,
|
||||
@@ -1755,20 +1757,20 @@ EfiPxeBcSetIpFilter (
|
||||
BOOLEAN PromiscuousNeed;
|
||||
|
||||
if (This == NULL) {
|
||||
DEBUG ((EFI_D_ERROR, "BC *This pointer == NULL.\n"));
|
||||
DEBUG ((EFI_D_ERROR, "This == NULL.\n"));
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
Private = PXEBC_PRIVATE_DATA_FROM_PXEBC (This);
|
||||
Mode = Private->PxeBc.Mode;
|
||||
|
||||
if (Private == NULL) {
|
||||
DEBUG ((EFI_D_ERROR, "PXEBC_PRIVATE_DATA poiner == NULL.\n"));
|
||||
if (NewFilter == NULL) {
|
||||
DEBUG ((EFI_D_ERROR, "NewFilter == NULL.\n"));
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (NewFilter == NULL) {
|
||||
DEBUG ((EFI_D_ERROR, "IP Filter *NewFilter == NULL.\n"));
|
||||
if (NewFilter->IpCnt > EFI_PXE_BASE_CODE_MAX_IPCNT) {
|
||||
DEBUG ((EFI_D_ERROR, "NewFilter->IpCnt > %d.\n", EFI_PXE_BASE_CODE_MAX_IPCNT));
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
@@ -1778,6 +1780,7 @@ EfiPxeBcSetIpFilter (
|
||||
}
|
||||
|
||||
PromiscuousNeed = FALSE;
|
||||
|
||||
for (Index = 0; Index < NewFilter->IpCnt; ++Index) {
|
||||
if (IP4_IS_LOCAL_BROADCAST (EFI_IP4 (NewFilter->IpList[Index].v4))) {
|
||||
//
|
||||
|
@@ -250,9 +250,10 @@ CvtNum (
|
||||
{
|
||||
UINTN Remainder;
|
||||
|
||||
while (Length-- > 0) {
|
||||
while (Length > 0) {
|
||||
Remainder = Number % 10;
|
||||
Number /= 10;
|
||||
Length--;
|
||||
Buffer[Length] = (UINT8) ('0' + Remainder);
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user