Add comment for modules which have external input.
signed-off-by: jiewen.yao@intel.com reviewed-by: guo.dong@intel.com reviewed-by: ting.ye@intel.com reviewed-by: liming.gao@intel.com reviewed-by: elvin.li@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
jyao1
@@ -1,6 +1,17 @@
|
||||
/** @file
|
||||
Implement image verification services for secure boot service in UEFI2.3.1.
|
||||
|
||||
Caution: This file requires additional review when modified.
|
||||
This library will have external input - PE/COFF image.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
|
||||
read is within the image buffer.
|
||||
|
||||
DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
|
||||
untrusted PE/COFF image and validate its data structure within this image buffer before use.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -14,14 +25,22 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
#include "DxeImageVerificationLib.h"
|
||||
|
||||
//
|
||||
// Caution: This is used by a function which may receive untrusted input.
|
||||
// These global variables hold PE/COFF image data, and they should be validated before use.
|
||||
//
|
||||
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
|
||||
UINTN mImageSize;
|
||||
UINT32 mPeCoffHeaderOffset;
|
||||
EFI_IMAGE_DATA_DIRECTORY *mSecDataDir = NULL;
|
||||
EFI_GUID mCertType;
|
||||
|
||||
//
|
||||
// Information on current PE/COFF image
|
||||
//
|
||||
UINTN mImageSize;
|
||||
UINT8 *mImageBase = NULL;
|
||||
UINT8 mImageDigest[MAX_DIGEST_SIZE];
|
||||
UINTN mImageDigestSize;
|
||||
EFI_IMAGE_DATA_DIRECTORY *mSecDataDir = NULL;
|
||||
UINT8 *mImageBase = NULL;
|
||||
EFI_GUID mCertType;
|
||||
|
||||
//
|
||||
// Notify string for authorization UI.
|
||||
@@ -57,6 +76,10 @@ HASH_TABLE mHash[] = {
|
||||
/**
|
||||
Reads contents of a PE/COFF image in memory buffer.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
PE/COFF image is external input, so this function will make sure the PE/COFF image content
|
||||
read is within the image buffer.
|
||||
|
||||
@param FileHandle Pointer to the file handle to read the PE/COFF image.
|
||||
@param FileOffset Offset into the PE/COFF image to begin the read operation.
|
||||
@param ReadSize On input, the size in bytes of the requested read operation.
|
||||
@@ -229,6 +252,10 @@ GetImageType (
|
||||
Caculate hash of Pe/Coff image based on the authenticode image hashing in
|
||||
PE/COFF Specification 8.0 Appendix A
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
PE/COFF image is external input, so this function will validate its data structure
|
||||
within this image buffer before use.
|
||||
|
||||
@param[in] HashAlg Hash algorithm type.
|
||||
|
||||
@retval TRUE Successfully hash image.
|
||||
@@ -550,6 +577,10 @@ Done:
|
||||
Pe/Coff image based on the authenticode image hashing in PE/COFF Specification
|
||||
8.0 Appendix A
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
PE/COFF image is external input, so this function will validate its data structure
|
||||
within this image buffer before use.
|
||||
|
||||
@retval EFI_UNSUPPORTED Hash algorithm is not supported.
|
||||
@retval EFI_SUCCESS Hash successfully.
|
||||
|
||||
@@ -1184,6 +1215,10 @@ Done:
|
||||
If no,
|
||||
Error out
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
PE/COFF image is external input, so this function will validate its data structure
|
||||
within this image buffer before use.
|
||||
|
||||
@param[in] AuthenticationStatus
|
||||
This is the authentication status returned from the security
|
||||
measurement services for the input file.
|
||||
|
||||
@@ -2,6 +2,11 @@
|
||||
# The library instance provides security service of image verification.
|
||||
# Image verification Library module supports UEFI2.3.1
|
||||
#
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This library will have external input - PE/COFF image.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
||||
@@ -2,6 +2,12 @@
|
||||
|
||||
Execute pending TPM requests from OS or BIOS and Lock TPM.
|
||||
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable.
|
||||
This external input must be validated carefully to avoid security issue.
|
||||
|
||||
ExecutePendingTpmRequest() will receive untrusted input and do validation.
|
||||
|
||||
Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -882,6 +888,10 @@ UserConfirm (
|
||||
/**
|
||||
Check and execute the requested physical presence command.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
TcgPpData variable is external input, so this function will validate
|
||||
its data structure to be valid value.
|
||||
|
||||
@param[in] TcgProtocol EFI TCG Protocol instance.
|
||||
@param[in] TcgPpData Point to the physical presence NV variable.
|
||||
|
||||
|
||||
@@ -2,7 +2,11 @@
|
||||
# TCG physical presence library instance. This library will lock
|
||||
# TPM after executing TPM request.
|
||||
#
|
||||
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable.
|
||||
# This external input must be validated carefully to avoid security issue.
|
||||
#
|
||||
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
|
||||
@@ -1,6 +1,20 @@
|
||||
/** @file
|
||||
The library instance provides security service of TPM measure boot.
|
||||
|
||||
Caution: This file requires additional review when modified.
|
||||
This library will have external input - PE/COFF image and GPT partition.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content
|
||||
read is within the image buffer.
|
||||
|
||||
TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its
|
||||
data structure within this image buffer before use.
|
||||
|
||||
TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse
|
||||
partition data carefully.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -42,6 +56,10 @@ UINTN mImageSize;
|
||||
/**
|
||||
Reads contents of a PE/COFF image in memory buffer.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
PE/COFF image is external input, so this function will make sure the PE/COFF image content
|
||||
read is within the image buffer.
|
||||
|
||||
@param FileHandle Pointer to the file handle to read the PE/COFF image.
|
||||
@param FileOffset Offset into the PE/COFF image to begin the read operation.
|
||||
@param ReadSize On input, the size in bytes of the requested read operation.
|
||||
@@ -86,6 +104,9 @@ DxeTpmMeasureBootLibImageRead (
|
||||
/**
|
||||
Measure GPT table data into TPM log.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
The GPT partition table is external input, so this function should parse partition data carefully.
|
||||
|
||||
@param TcgProtocol Pointer to the located TCG protocol instance.
|
||||
@param GptHandle Handle that GPT partition was installed.
|
||||
|
||||
@@ -247,6 +268,10 @@ TcgMeasureGptTable (
|
||||
Measure PE image into TPM log based on the authenticode image hashing in
|
||||
PE/COFF Specification 8.0 Appendix A.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
PE/COFF image is external input, so this function will validate its data structure
|
||||
within this image buffer before use.
|
||||
|
||||
@param[in] TcgProtocol Pointer to the located TCG protocol instance.
|
||||
@param[in] ImageAddress Start address of image buffer.
|
||||
@param[in] ImageSize Image size
|
||||
|
||||
@@ -1,7 +1,12 @@
|
||||
## @file
|
||||
# The library instance provides security service of TPM measure boot.
|
||||
#
|
||||
# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This library will have external input - PE/COFF image and GPT partition.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
|
||||
@@ -2,6 +2,12 @@
|
||||
It updates TPM items in ACPI table and registers SMI callback
|
||||
functions for physical presence and ClearMemory.
|
||||
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable and ACPINvs data in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue.
|
||||
|
||||
PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check.
|
||||
|
||||
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -21,6 +27,10 @@ TCG_NVS *mTcgNvs;
|
||||
/**
|
||||
Software SMI callback for TPM physical presence which is called from ACPI method.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
Variable and ACPINvs are external input, so this function will validate
|
||||
its data structure to be valid value.
|
||||
|
||||
@param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
|
||||
@param[in] Context Points to an optional handler context which was specified when the
|
||||
handler was registered.
|
||||
@@ -161,6 +171,10 @@ PhysicalPresenceCallback (
|
||||
/**
|
||||
Software SMI callback for MemoryClear which is called from ACPI method.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
Variable and ACPINvs are external input, so this function will validate
|
||||
its data structure to be valid value.
|
||||
|
||||
@param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
|
||||
@param[in] Context Points to an optional handler context which was specified when the
|
||||
handler was registered.
|
||||
|
||||
@@ -3,6 +3,10 @@
|
||||
# registers SMI callback functions for physical presence and
|
||||
# MemoryClear to handle the requests from ACPI method.
|
||||
#
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable and ACPINvs data in SMM mode.
|
||||
# This external input must be validated carefully to avoid security issue.
|
||||
#
|
||||
# Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
||||
@@ -2,6 +2,19 @@
|
||||
Implement authentication services for the authenticated variable
|
||||
service in UEFI2.2.
|
||||
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data. It may be input in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
Variable attribute should also be checked to avoid authentication bypass.
|
||||
|
||||
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
|
||||
variable authentication.
|
||||
|
||||
VerifyTimeBasedPayload() and VerifyCounterBasedPayload() are sub function to do verification.
|
||||
They will do basic validation for authentication data structure, then call crypto library
|
||||
to verify the signature.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -502,6 +515,12 @@ AddPubKeyInStore (
|
||||
Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID type.
|
||||
Follow the steps in UEFI2.2.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
@param[in] Data Pointer to data with AuthInfo.
|
||||
@param[in] DataSize Size of Data.
|
||||
@param[in] PubKey Public key used for verification.
|
||||
@@ -852,6 +871,13 @@ CheckSignatureListFormat(
|
||||
/**
|
||||
Process variable with platform key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -961,6 +987,13 @@ ProcessVarWithPk (
|
||||
/**
|
||||
Process variable with key exchange key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -1039,6 +1072,13 @@ ProcessVarWithKek (
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
|
||||
@@ -1806,6 +1846,12 @@ InsertCertsToDb (
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
|
||||
@@ -76,6 +76,13 @@ typedef struct {
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
|
||||
@@ -162,6 +169,13 @@ CheckSignatureListFormat(
|
||||
/**
|
||||
Process variable with platform key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -191,6 +205,13 @@ ProcessVarWithPk (
|
||||
/**
|
||||
Process variable with key exchange key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -257,6 +278,12 @@ CompareTimeStamp (
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
|
||||
@@ -2,6 +2,20 @@
|
||||
The common variable operation routines shared by DXE_RUNTIME variable
|
||||
module and DXE_SMM variable module.
|
||||
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data. They may be input in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
VariableServiceGetNextVariableName () and VariableServiceQueryVariableInfo() are external API.
|
||||
They need check input parameter.
|
||||
|
||||
VariableServiceGetVariable() and VariableServiceSetVariable() are external API
|
||||
to receive datasize and data buffer. The size should be checked carefully.
|
||||
|
||||
VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
|
||||
integer overflow. It should also check attribute to avoid authentication bypass.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -1945,6 +1959,10 @@ IsHwErrRecVariable (
|
||||
|
||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize is external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found.
|
||||
@@ -2022,6 +2040,9 @@ Done:
|
||||
|
||||
This code Finds the Next available variable.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableNameSize Size of the variable name.
|
||||
@param VariableName Pointer to variable name.
|
||||
@param VendorGuid Variable Vendor Guid.
|
||||
@@ -2167,6 +2188,13 @@ Done:
|
||||
|
||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found
|
||||
@@ -2336,6 +2364,9 @@ VariableServiceSetVariable (
|
||||
|
||||
This code returns information about the EFI variables.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param Attributes Attributes bitmask to specify the type of variables
|
||||
on which to return information.
|
||||
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
||||
@@ -2497,6 +2528,9 @@ VariableServiceQueryVariableInfo (
|
||||
/**
|
||||
This function reclaims variable storage if free size is below the threshold.
|
||||
|
||||
Caution: This function may be invoked at SMM runtime.
|
||||
Care must be taken to make sure not security issue at runtime.
|
||||
|
||||
**/
|
||||
VOID
|
||||
ReclaimForOS(
|
||||
|
||||
@@ -402,6 +402,10 @@ GetFvbInfoByAddress (
|
||||
|
||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found.
|
||||
@@ -429,6 +433,9 @@ VariableServiceGetVariable (
|
||||
|
||||
This code Finds the Next available variable.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableNameSize Size of the variable name.
|
||||
@param VariableName Pointer to variable name.
|
||||
@param VendorGuid Variable Vendor Guid.
|
||||
@@ -451,6 +458,13 @@ VariableServiceGetNextVariableName (
|
||||
|
||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found
|
||||
@@ -479,6 +493,9 @@ VariableServiceSetVariable (
|
||||
|
||||
This code returns information about the EFI variables.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param Attributes Attributes bitmask to specify the type of variables
|
||||
on which to return information.
|
||||
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
## @file
|
||||
# Component description file for Authenticated Variable module.
|
||||
#
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable data.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
||||
@@ -3,7 +3,18 @@
|
||||
implements an SMI handler to communicate with the DXE runtime driver
|
||||
to provide variable services.
|
||||
|
||||
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data and communicate buffer in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
SmmVariableHandler() will receive untrusted input and do basic validation.
|
||||
|
||||
Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
|
||||
VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
|
||||
SmmVariableGetStatistics() should also do validation based on its own knowledge.
|
||||
|
||||
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -241,6 +252,9 @@ GetFvbCountAndBuffer (
|
||||
/**
|
||||
Get the variable statistics information from the information buffer pointed by gVariableInfo.
|
||||
|
||||
Caution: This function may be invoked at SMM runtime.
|
||||
InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
|
||||
|
||||
@param[in, out] InfoEntry A pointer to the buffer of variable information entry.
|
||||
On input, point to the variable information returned last time. if
|
||||
InfoEntry->VendorGuid is zero, return the first information.
|
||||
@@ -338,6 +352,12 @@ SmmVariableGetStatistics (
|
||||
|
||||
This SMI handler provides services for the variable wrapper driver.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This variable data and communicate buffer are external input, so this function will do basic validation.
|
||||
Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
|
||||
VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
|
||||
SmmVariableGetStatistics() should also do validation based on its own knowledge.
|
||||
|
||||
@param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
|
||||
@param[in] RegisterContext Points to an optional handler context which was specified when the
|
||||
handler was registered.
|
||||
|
||||
@@ -9,6 +9,11 @@
|
||||
# SMM Runtime DXE module would install variable arch protocol and variable
|
||||
# write arch protocol based on SMM variable module.
|
||||
#
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable data and communicate buffer in SMM mode.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
||||
@@ -3,7 +3,17 @@
|
||||
and volatile storage space and install variable architecture protocol
|
||||
based on SMM variable module.
|
||||
|
||||
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
|
||||
to receive data buffer. The size should be checked carefully.
|
||||
|
||||
InitCommunicateBuffer() is really function to check the variable data size.
|
||||
|
||||
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -50,6 +60,9 @@ UINTN mVariableBufferSize;
|
||||
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
|
||||
DataSize.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
The data size external input, so this function will validate it carefully to avoid buffer overflow.
|
||||
|
||||
@param[out] DataPtr Points to the data in the communicate buffer.
|
||||
@param[in] DataSize The data size to send to SMM.
|
||||
@param[in] Function The function number to initialize the communicate header.
|
||||
@@ -119,6 +132,9 @@ SendCommunicateBuffer (
|
||||
/**
|
||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
The data size is external input, so this function will validate it carefully to avoid buffer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[out] Attributes Attribute value of the variable found.
|
||||
@@ -264,6 +280,9 @@ RuntimeServiceGetNextVariableName (
|
||||
/**
|
||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Attributes Attribute value of the variable found
|
||||
|
||||
@@ -5,7 +5,12 @@
|
||||
# installs variable arch protocol and variable write arch protocol and works
|
||||
# with SMM variable module together.
|
||||
#
|
||||
# Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable data.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
|
||||
Reference in New Issue
Block a user