sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add comment for modules which have external input.

Browse Source 
signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
jyao1
2012-06-12 08:28:43 +00:00
parent 90eaa3c1e0
commit dc204d5a0f
30 changed files with 435 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
View File

@ -3,7 +3,17 @@
and volatile storage space and install variable architecture protocol
based on SMM variable module.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
Caution: This module requires additional review when modified.
This driver will have external input - variable data.
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
to receive data buffer. The size should be checked carefully.
InitCommunicateBuffer() is really function to check the variable data size.
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -50,6 +60,9 @@ UINTN mVariableBufferSize;
The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
DataSize.
Caution: This function may receive untrusted input.
The data size external input, so this function will validate it carefully to avoid buffer overflow.
@param[out] DataPtr Points to the data in the communicate buffer.
@param[in] DataSize The data size to send to SMM.
@param[in] Function The function number to initialize the communicate header.
@ -119,6 +132,9 @@ SendCommunicateBuffer (
/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
Caution: This function may receive untrusted input.
The data size is external input, so this function will validate it carefully to avoid buffer overflow.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[out] Attributes Attribute value of the variable found.
@ -264,6 +280,9 @@ RuntimeServiceGetNextVariableName (
/**
This code sets variable in storage blocks (Volatile or Non-Volatile).
Caution: This function may receive untrusted input.
The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Attributes Attribute value of the variable found