Refine code to make it more safely.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15590 6f19259b-4bc3-4df7-8a09-765794883524

2 files changed, 11 insertions, 7 deletions

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 9f2bd68299..0a48ce1628 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -770,22 +770,22 @@ AddImageExeInfo (
   //

   // Update new item's information.

   //

-  WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action);

-  WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize);

+  WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action);

+  WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize);

 

   if (Name != NULL) {

-    CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name, NameStringLen);

+    CopyMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), Name, NameStringLen);

   } else {

-    ZeroMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), sizeof (CHAR16));

+    ZeroMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), sizeof (CHAR16));

   }

   CopyMem (

-    (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen,

+    (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen,

     DevicePath,

     DevicePathSize

     );

   if (Signature != NULL) {

     CopyMem (

-      (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen + DevicePathSize,

+      (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen + DevicePathSize,

       Signature,

       SignatureSize

       );

diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
index 38f462628a..45d5cfe3c6 100644
--- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
@@ -2,7 +2,7 @@
   Implement authentication services for the authenticated variable

   service in UEFI2.2.

 

-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>

 This program and the accompanying materials 

 are licensed and made available under the terms and conditions of the BSD License 

 which accompanies this distribution.  The full text of the license may be found at 

@@ -48,6 +48,8 @@ AutenticatedVariableServiceInitialize (
   VARIABLE_HEADER         VariableHeader;

   BOOLEAN                 Valid;

 

+  ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER));

+

   mVariableModuleGlobal->AuthenticatedVariableGuid[Physical] = &gEfiAuthenticatedVariableGuid;

   mVariableModuleGlobal->CertRsa2048Sha256Guid[Physical]     = &gEfiCertRsa2048Sha256Guid;

   mVariableModuleGlobal->ImageSecurityDatabaseGuid[Physical] = &gEfiImageSecurityDatabaseGuid;

@@ -484,6 +486,7 @@ ProcessVarWithPk (
   BOOLEAN                     Valid;

 

   OldPkList = NULL;

+  ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER));

 

   if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) {

     //

@@ -623,6 +626,7 @@ ProcessVarWithKek (
   BOOLEAN                         Valid;

 

   KekList = NULL;

+  ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER));

 

   if (mPlatformMode == USER_MODE) {

     if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {