Change BufferSize from UINTN * to UINTN to eliminate pointer to pointer in SmmCore for security consideration.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10299 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -210,8 +210,8 @@ SMM_CORE_PRIVATE_DATA mSmmCorePrivateData = {
|
||||
FALSE, // SmmEntryPointRegistered
|
||||
FALSE, // InSmm
|
||||
NULL, // Smst
|
||||
0, // BufferSize
|
||||
NULL, // CommunicationBuffer
|
||||
0, // BufferSize
|
||||
EFI_SUCCESS // ReturnStatus
|
||||
};
|
||||
|
||||
@@ -410,6 +410,13 @@ SmmCommunicationCommunicate (
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// CommSize must hold HeaderGuid and MessageLength
|
||||
//
|
||||
if (*CommSize < OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// If not already in SMM, then generate a Software SMI
|
||||
//
|
||||
@@ -418,7 +425,7 @@ SmmCommunicationCommunicate (
|
||||
// Put arguments for Software SMI in gSmmCorePrivate
|
||||
//
|
||||
gSmmCorePrivate->CommunicationBuffer = CommBuffer;
|
||||
gSmmCorePrivate->BufferSize = CommSize;
|
||||
gSmmCorePrivate->BufferSize = *CommSize;
|
||||
|
||||
//
|
||||
// Generate Software SMI
|
||||
@@ -431,6 +438,7 @@ SmmCommunicationCommunicate (
|
||||
//
|
||||
// Return status from software SMI
|
||||
//
|
||||
*CommSize = gSmmCorePrivate->BufferSize;
|
||||
return gSmmCorePrivate->ReturnStatus;
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user