Add comment for modules which have external input.
signed-off-by: jiewen.yao@intel.com reviewed-by: guo.dong@intel.com reviewed-by: ting.ye@intel.com reviewed-by: liming.gao@intel.com reviewed-by: elvin.li@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -2,6 +2,19 @@
|
||||
Implement authentication services for the authenticated variable
|
||||
service in UEFI2.2.
|
||||
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data. It may be input in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
Variable attribute should also be checked to avoid authentication bypass.
|
||||
|
||||
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
|
||||
variable authentication.
|
||||
|
||||
VerifyTimeBasedPayload() and VerifyCounterBasedPayload() are sub function to do verification.
|
||||
They will do basic validation for authentication data structure, then call crypto library
|
||||
to verify the signature.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -502,6 +515,12 @@ AddPubKeyInStore (
|
||||
Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID type.
|
||||
Follow the steps in UEFI2.2.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
@param[in] Data Pointer to data with AuthInfo.
|
||||
@param[in] DataSize Size of Data.
|
||||
@param[in] PubKey Public key used for verification.
|
||||
@@ -852,6 +871,13 @@ CheckSignatureListFormat(
|
||||
/**
|
||||
Process variable with platform key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -961,6 +987,13 @@ ProcessVarWithPk (
|
||||
/**
|
||||
Process variable with key exchange key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -1039,6 +1072,13 @@ ProcessVarWithKek (
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
|
||||
@@ -1806,6 +1846,12 @@ InsertCertsToDb (
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
|
@@ -76,6 +76,13 @@ typedef struct {
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
|
||||
@@ -162,6 +169,13 @@ CheckSignatureListFormat(
|
||||
/**
|
||||
Process variable with platform key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -191,6 +205,13 @@ ProcessVarWithPk (
|
||||
/**
|
||||
Process variable with key exchange key for verification.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
@@ -257,6 +278,12 @@ CompareTimeStamp (
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Data Data pointer.
|
||||
|
@@ -2,6 +2,20 @@
|
||||
The common variable operation routines shared by DXE_RUNTIME variable
|
||||
module and DXE_SMM variable module.
|
||||
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data. They may be input in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
VariableServiceGetNextVariableName () and VariableServiceQueryVariableInfo() are external API.
|
||||
They need check input parameter.
|
||||
|
||||
VariableServiceGetVariable() and VariableServiceSetVariable() are external API
|
||||
to receive datasize and data buffer. The size should be checked carefully.
|
||||
|
||||
VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
|
||||
integer overflow. It should also check attribute to avoid authentication bypass.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -1945,6 +1959,10 @@ IsHwErrRecVariable (
|
||||
|
||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize is external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found.
|
||||
@@ -2022,6 +2040,9 @@ Done:
|
||||
|
||||
This code Finds the Next available variable.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableNameSize Size of the variable name.
|
||||
@param VariableName Pointer to variable name.
|
||||
@param VendorGuid Variable Vendor Guid.
|
||||
@@ -2167,6 +2188,13 @@ Done:
|
||||
|
||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found
|
||||
@@ -2336,6 +2364,9 @@ VariableServiceSetVariable (
|
||||
|
||||
This code returns information about the EFI variables.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param Attributes Attributes bitmask to specify the type of variables
|
||||
on which to return information.
|
||||
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
||||
@@ -2497,6 +2528,9 @@ VariableServiceQueryVariableInfo (
|
||||
/**
|
||||
This function reclaims variable storage if free size is below the threshold.
|
||||
|
||||
Caution: This function may be invoked at SMM runtime.
|
||||
Care must be taken to make sure not security issue at runtime.
|
||||
|
||||
**/
|
||||
VOID
|
||||
ReclaimForOS(
|
||||
|
@@ -402,6 +402,10 @@ GetFvbInfoByAddress (
|
||||
|
||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found.
|
||||
@@ -429,6 +433,9 @@ VariableServiceGetVariable (
|
||||
|
||||
This code Finds the Next available variable.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param VariableNameSize Size of the variable name.
|
||||
@param VariableName Pointer to variable name.
|
||||
@param VendorGuid Variable Vendor Guid.
|
||||
@@ -451,6 +458,13 @@ VariableServiceGetNextVariableName (
|
||||
|
||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode, and datasize and data are external input.
|
||||
This function will do basic validation, before parse the data.
|
||||
This function will parse the authentication carefully to avoid security issues, like
|
||||
buffer overflow, integer overflow.
|
||||
This function will check attribute carefully to avoid authentication bypass.
|
||||
|
||||
@param VariableName Name of Variable to be found.
|
||||
@param VendorGuid Variable vendor GUID.
|
||||
@param Attributes Attribute value of the variable found
|
||||
@@ -479,6 +493,9 @@ VariableServiceSetVariable (
|
||||
|
||||
This code returns information about the EFI variables.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
|
||||
|
||||
@param Attributes Attributes bitmask to specify the type of variables
|
||||
on which to return information.
|
||||
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
|
||||
|
@@ -1,6 +1,11 @@
|
||||
## @file
|
||||
# Component description file for Authenticated Variable module.
|
||||
#
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable data.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
@@ -3,7 +3,18 @@
|
||||
implements an SMI handler to communicate with the DXE runtime driver
|
||||
to provide variable services.
|
||||
|
||||
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data and communicate buffer in SMM mode.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
SmmVariableHandler() will receive untrusted input and do basic validation.
|
||||
|
||||
Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
|
||||
VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
|
||||
SmmVariableGetStatistics() should also do validation based on its own knowledge.
|
||||
|
||||
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -241,6 +252,9 @@ GetFvbCountAndBuffer (
|
||||
/**
|
||||
Get the variable statistics information from the information buffer pointed by gVariableInfo.
|
||||
|
||||
Caution: This function may be invoked at SMM runtime.
|
||||
InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
|
||||
|
||||
@param[in, out] InfoEntry A pointer to the buffer of variable information entry.
|
||||
On input, point to the variable information returned last time. if
|
||||
InfoEntry->VendorGuid is zero, return the first information.
|
||||
@@ -338,6 +352,12 @@ SmmVariableGetStatistics (
|
||||
|
||||
This SMI handler provides services for the variable wrapper driver.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
This variable data and communicate buffer are external input, so this function will do basic validation.
|
||||
Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
|
||||
VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
|
||||
SmmVariableGetStatistics() should also do validation based on its own knowledge.
|
||||
|
||||
@param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
|
||||
@param[in] RegisterContext Points to an optional handler context which was specified when the
|
||||
handler was registered.
|
||||
|
@@ -9,6 +9,11 @@
|
||||
# SMM Runtime DXE module would install variable arch protocol and variable
|
||||
# write arch protocol based on SMM variable module.
|
||||
#
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable data and communicate buffer in SMM mode.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
|
@@ -3,7 +3,17 @@
|
||||
and volatile storage space and install variable architecture protocol
|
||||
based on SMM variable module.
|
||||
|
||||
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Caution: This module requires additional review when modified.
|
||||
This driver will have external input - variable data.
|
||||
This external input must be validated carefully to avoid security issue like
|
||||
buffer overflow, integer overflow.
|
||||
|
||||
RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
|
||||
to receive data buffer. The size should be checked carefully.
|
||||
|
||||
InitCommunicateBuffer() is really function to check the variable data size.
|
||||
|
||||
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -50,6 +60,9 @@ UINTN mVariableBufferSize;
|
||||
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
|
||||
DataSize.
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
The data size external input, so this function will validate it carefully to avoid buffer overflow.
|
||||
|
||||
@param[out] DataPtr Points to the data in the communicate buffer.
|
||||
@param[in] DataSize The data size to send to SMM.
|
||||
@param[in] Function The function number to initialize the communicate header.
|
||||
@@ -119,6 +132,9 @@ SendCommunicateBuffer (
|
||||
/**
|
||||
This code finds variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
The data size is external input, so this function will validate it carefully to avoid buffer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[out] Attributes Attribute value of the variable found.
|
||||
@@ -264,6 +280,9 @@ RuntimeServiceGetNextVariableName (
|
||||
/**
|
||||
This code sets variable in storage blocks (Volatile or Non-Volatile).
|
||||
|
||||
Caution: This function may receive untrusted input.
|
||||
The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
|
||||
|
||||
@param[in] VariableName Name of Variable to be found.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
@param[in] Attributes Attribute value of the variable found
|
||||
|
@@ -5,7 +5,12 @@
|
||||
# installs variable arch protocol and variable write arch protocol and works
|
||||
# with SMM variable module together.
|
||||
#
|
||||
# Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
# Caution: This module requires additional review when modified.
|
||||
# This driver will have external input - variable data.
|
||||
# This external input must be validated carefully to avoid security issue like
|
||||
# buffer overflow, integer overflow.
|
||||
#
|
||||
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
|
Reference in New Issue
Block a user