Change BufferSize from UINTN * to UINTN to eliminate pointer to pointer in SmmCore for security consideration.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10299 6f19259b-4bc3-4df7-8a09-765794883524
2010-03-21 04:17:16 +00:00
parent 59a4bd4037
commit ab780ebf90
3 changed files with 14 additions and 6 deletions
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
@@ -210,8 +210,8 @@ SMM_CORE_PRIVATE_DATA  mSmmCorePrivateData = {
  FALSE,                              // SmmEntryPointRegistered
  FALSE,                              // InSmm
  NULL,                               // Smst
-  0,                                  // BufferSize
  NULL,                               // CommunicationBuffer
+  0,                                  // BufferSize
  EFI_SUCCESS                         // ReturnStatus
 };

@@ -410,6 +410,13 @@ SmmCommunicationCommunicate (
    return EFI_INVALID_PARAMETER;
  }

+  //
+  // CommSize must hold HeaderGuid and MessageLength
+  //
+  if (*CommSize < OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
  //
  // If not already in SMM, then generate a Software SMI
  //
@@ -418,7 +425,7 @@ SmmCommunicationCommunicate (
    // Put arguments for Software SMI in gSmmCorePrivate
    //
    gSmmCorePrivate->CommunicationBuffer = CommBuffer;
-    gSmmCorePrivate->BufferSize          = CommSize;
+    gSmmCorePrivate->BufferSize          = *CommSize;

    //
    // Generate Software SMI
@@ -431,6 +438,7 @@ SmmCommunicationCommunicate (
    //
    // Return status from software SMI 
    //
+    *CommSize = gSmmCorePrivate->BufferSize;
    return gSmmCorePrivate->ReturnStatus;
  }