Improve robustness when scanning PCI Option ROM.

Signed-off-by: rsun3
Reviewed-by: geekboy15a


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13095 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
rsun3
2012-03-14 03:17:17 +00:00
parent 8a44cd74ec
commit 94020bb40f
9 changed files with 234 additions and 78 deletions

View File

@@ -1,6 +1,6 @@
/** @file
Copyright (c) 1999 - 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 1999 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -1226,6 +1226,16 @@ Undi16SimpleNetworkLoadUndi (
DEBUG ((DEBUG_INIT, "Option ROM found at %X\n", RomAddress));
//
// If the pointer to the PCI Data Structure is invalid, no further images can be located.
// The PCI Data Structure must be DWORD aligned.
//
if (PciExpansionRomHeader->PcirOffset == 0 ||
(PciExpansionRomHeader->PcirOffset & 3) != 0 ||
RomAddress + PciExpansionRomHeader->PcirOffset + sizeof (PCI_DATA_STRUCTURE) > 0x100000) {
break;
}
PciDataStructure = (PCI_DATA_STRUCTURE *) (RomAddress + PciExpansionRomHeader->PcirOffset);
if (PciDataStructure->Signature != PCI_DATA_STRUCTURE_SIGNATURE) {

View File

@@ -1,6 +1,6 @@
/** @file
Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -304,14 +304,24 @@ GetPciLegacyRom (
BackupImage = NULL;
RomHeader.Raw = *Rom;
while (RomHeader.Generic->Signature == PCI_EXPANSION_ROM_HEADER_SIGNATURE) {
if (*ImageSize <
RomHeader.Raw - (UINT8 *) *Rom + RomHeader.Generic->PcirOffset + sizeof (PCI_DATA_STRUCTURE)
) {
return EFI_NOT_FOUND;
if (RomHeader.Generic->PcirOffset == 0 ||
(RomHeader.Generic->PcirOffset & 3) !=0 ||
*ImageSize < RomHeader.Raw - (UINT8 *) *Rom + RomHeader.Generic->PcirOffset + sizeof (PCI_DATA_STRUCTURE)) {
break;
}
Pcir = (PCI_3_0_DATA_STRUCTURE *) (RomHeader.Raw + RomHeader.Generic->PcirOffset);
//
// Check signature in the PCI Data Structure.
//
if (Pcir->Signature != PCI_DATA_STRUCTURE_SIGNATURE) {
break;
}
if ((UINTN)(RomHeader.Raw - (UINT8 *) *Rom) + Pcir->ImageLength * 512 > *ImageSize) {
break;
}
if (Pcir->CodeType == PCI_CODE_TYPE_PCAT_IMAGE) {
Match = FALSE;
if (Pcir->VendorId == VendorId) {
@@ -2875,8 +2885,21 @@ LegacyBiosInstallPciRom (
}
LocalRomImage = *RomImage;
if (((PCI_EXPANSION_ROM_HEADER *) LocalRomImage)->Signature != PCI_EXPANSION_ROM_HEADER_SIGNATURE ||
((PCI_EXPANSION_ROM_HEADER *) LocalRomImage)->PcirOffset == 0 ||
(((PCI_EXPANSION_ROM_HEADER *) LocalRomImage)->PcirOffset & 3 ) != 0) {
mVgaInstallationInProgress = FALSE;
return EFI_UNSUPPORTED;
}
Pcir = (PCI_3_0_DATA_STRUCTURE *)
((UINT8 *) LocalRomImage + ((PCI_EXPANSION_ROM_HEADER *) LocalRomImage)->PcirOffset);
if (Pcir->Signature != PCI_DATA_STRUCTURE_SIGNATURE) {
mVgaInstallationInProgress = FALSE;
return EFI_UNSUPPORTED;
}
ImageSize = Pcir->ImageLength * 512;
if (Pcir->Length >= 0x1C) {
OpromRevision = Pcir->Revision;