Add comment for modules which have external input.

signed-off-by: jiewen.yao@intel.com reviewed-by: guo.dong@intel.com reviewed-by: ting.ye@intel.com reviewed-by: liming.gao@intel.com reviewed-by: elvin.li@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-12 08:28:43 +00:00
parent 90eaa3c1e0
commit dc204d5a0f
30 changed files with 435 additions and 22 deletions
--- a/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
@ -3,7 +3,12 @@
 #
 # Capsule update module supports EFI and UEFI.
 #
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+#  Caution: This module requires additional review when modified.
+#  This driver will have external input - capsule image.
+#  This external input must be validated carefully to avoid security issue like
+#  buffer overflow, integer overflow.
+#
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
 #
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions
--- a/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
+++ b/MdeModulePkg/Universal/CapsulePei/CapsuleX64.inf
@ -4,6 +4,11 @@
 # The X64 entrypoint to process capsule in long mode.
 # This module is built as X64.
 #
+#  Caution: This module requires additional review when modified.
+#  This driver will have external input - capsule image.
+#  This external input must be validated carefully to avoid security issue like
+#  buffer overflow, integer overflow.
+#
 # Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
 #
 # This program and the accompanying materials
--- a/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
+++ b/MdeModulePkg/Universal/CapsulePei/Common/CapsuleCoalesce.c
@ -1,6 +1,14 @@
 /** @file
  The logic to process capsule.

+  Caution: This module requires additional review when modified.
+  This driver will have external input - capsule image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  CapsuleDataCoalesce() will do basic validation before coalesce capsule data
+  into memory.
+
 Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
@ -792,6 +800,10 @@ BuildCapsuleDescriptors (
                   |    PrivateDataDesc 0      |
      MemBase ---->+---------------------------+<----- BlockList

+  Caution: This function may receive untrusted input.
+  The capsule data is external input, so this routine will do basic validation before
+  coalesce capsule data into memory.
+
  @param PeiServices        General purpose services available to every PEIM.
  @param BlockListBuffer    Point to the buffer of Capsule Descriptor Variables.
  @param MemoryBase         Pointer to the base of a block of memory that we can walk
--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
@ -2,7 +2,18 @@
  Decode a hard disk partitioned with the GPT scheme in the UEFI 2.0
  specification.

-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+  Caution: This file requires additional review when modified.
+  This driver will have external input - disk partition.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  PartitionInstallGptChildHandles() routine will read disk partition content and
+  do basic validation before PartitionInstallChildHandle().
+
+  PartitionValidGptTable(), PartitionCheckGptEntry() routine will accept disk
+  partition content and validate the GPT table and GPT entry.
+
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@ -19,6 +30,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 /**
  Install child handles if the Handle supports GPT partition structure.

+  Caution: This function may receive untrusted input.
+  The GPT partition table header is external input, so this routine
+  will do basic validation for GPT partition table header before return.
+
  @param[in]  BlockIo     Parent BlockIo interface.
  @param[in]  DiskIo      Disk Io protocol.
  @param[in]  Lba         The starting Lba of the Partition Table
@ -77,8 +92,11 @@ PartitionRestoreGptTable (


 /**
-  Restore Partition Table to its alternate place.
-  (Primary -> Backup or Backup -> Primary)
+  This routine will check GPT partition entry and return entry status.
+
+  Caution: This function may receive untrusted input.
+  The GPT partition entry is external input, so this routine
+  will do basic validation for GPT partition entry and report status.

  @param[in]    PartHeader    Partition table header structure
  @param[in]    PartEntry     The partition entry array
@ -158,6 +176,11 @@ PartitionSetCrc (
 /**
  Install child handles if the Handle supports GPT partition structure.

+  Caution: This function may receive untrusted input.
+  The GPT partition table is external input, so this routine
+  will do basic validation for GPT partition table before install
+  child handle for each GPT partition.
+
  @param[in]  This       Calling context.
  @param[in]  Handle     Parent Handle.
  @param[in]  DiskIo     Parent DiskIo interface.
@ -411,7 +434,11 @@ Done:
 }

 /**
-  Install child handles if the Handle supports GPT partition structure.
+  This routine will read GPT partition table header and return it.
+
+  Caution: This function may receive untrusted input.
+  The GPT partition table header is external input, so this routine
+  will do basic validation for GPT partition table header before return.

  @param[in]  BlockIo     Parent BlockIo interface.
  @param[in]  DiskIo      Disk Io protocol.
@ -640,8 +667,11 @@ Done:
 }

 /**
-  Restore Partition Table to its alternate place.
-  (Primary -> Backup or Backup -> Primary)
+  This routine will check GPT partition entry and return entry status.
+
+  Caution: This function may receive untrusted input.
+  The GPT partition entry is external input, so this routine
+  will do basic validation for GPT partition entry and report status.

  @param[in]    PartHeader    Partition table header structure
  @param[in]    PartEntry     The partition entry array
--- a/MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
@ -6,8 +6,13 @@
 #  the bytes from Start to End of the Parent Block I/O device.
 #  The partition of physical BlockIo device supported is one of legacy MBR, GPT,
 #  and "El Torito" partitions.
-#  
-#  Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+#
+#  Caution: This module requires additional review when modified.
+#  This driver will have external input - disk partition.
+#  This external input must be validated carefully to avoid security issue like
+#  buffer overflow, integer overflow.
+#
+#  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at