From 443bd74473c7578d52677ec511b8c76c7120d96a Mon Sep 17 00:00:00 2001
From: Chao Zhang <chao.b.zhang@intel.com>
Date: Thu, 6 Jun 2013 00:39:41 +0000
Subject: Fix overflow issue in TcgProtocol

Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14396 6f19259b-4bc3-4df7-8a09-765794883524
---
 SecurityPkg/Tcg/TcgDxe/TpmComm.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'SecurityPkg/Tcg')

diff --git a/SecurityPkg/Tcg/TcgDxe/TpmComm.c b/SecurityPkg/Tcg/TcgDxe/TpmComm.c
index c47794b4f..96732fad5 100644
--- a/SecurityPkg/Tcg/TcgDxe/TpmComm.c
+++ b/SecurityPkg/Tcg/TcgDxe/TpmComm.c
@@ -1,7 +1,7 @@
 /** @file  
   Utility functions used by TPM Dxe driver.
 
-Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -144,10 +144,17 @@ TpmCommLogEvent (
   IN      UINT8                     *NewEventData
   )
 {
-  UINT32                            NewLogSize;
+  UINTN                            NewLogSize;
+
+  //
+  // Prevent Event Overflow
+  //
+  if (NewEventHdr->EventSize > (UINTN)(~0) - sizeof (*NewEventHdr)) {
+    return EFI_OUT_OF_RESOURCES;
+  }
 
   NewLogSize = sizeof (*NewEventHdr) + NewEventHdr->EventSize;
-  if (NewLogSize + *LogSize > MaxSize) {
+  if (NewLogSize > MaxSize - *LogSize) {
     return EFI_OUT_OF_RESOURCES;
   }
 
-- 
cgit v1.2.3