diff options
Diffstat (limited to 'MdeModulePkg/Library/PiDxeS3BootScriptLib')
-rw-r--r-- | MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c index 9106e7d0f9..9315fc9f01 100644 --- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c @@ -1,7 +1,7 @@ /** @file
Save the S3 data to S3 boot script.
- Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -1006,6 +1006,14 @@ S3BootScriptSaveIoWrite ( EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite;
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1102,6 +1110,14 @@ S3BootScriptSaveMemWrite ( EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite;
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1206,6 +1222,14 @@ S3BootScriptSavePciCfgWrite ( }
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1324,6 +1348,14 @@ S3BootScriptSavePciCfg2Write ( }
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
+
+ //
+ // Truncation check
+ //
+ if ((Count > MAX_UINT8) ||
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE))) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE) + (WidthInByte * Count));
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -1549,6 +1581,12 @@ S3BootScriptSaveSmbusExecute ( return Status;
}
+ //
+ // Truncation check
+ //
+ if (BufferLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
DataSize = (UINT8)(sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE) + BufferLength);
Script = S3BootScriptGetEntryAddAddress (DataSize);
@@ -1736,6 +1774,12 @@ S3BootScriptSaveInformation ( UINT8 *Script;
EFI_BOOT_SCRIPT_INFORMATION ScriptInformation;
+ //
+ // Truncation check
+ //
+ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength);
Script = S3BootScriptGetEntryAddAddress (Length);
@@ -2195,6 +2239,12 @@ S3BootScriptLabelInternal ( UINT8 *Script;
EFI_BOOT_SCRIPT_INFORMATION ScriptInformation;
+ //
+ // Truncation check
+ //
+ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength);
Script = S3BootScriptGetEntryAddAddress (Length);
|