From e94728b359f4e20da7fdef88a1d5123327557655 Mon Sep 17 00:00:00 2001 From: lgao4 Date: Tue, 17 Jul 2012 01:51:26 +0000 Subject: Update HobLib and Hob Service to avoid data over flow. Signed-off-by: Liming Gao Reviewed-by: Rui Sun git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13533 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Core/Pei/Hob/Hob.c | 8 +++++++- MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'MdeModulePkg/Core') diff --git a/MdeModulePkg/Core/Pei/Hob/Hob.c b/MdeModulePkg/Core/Pei/Hob/Hob.c index 682fa781c..e0ee8e7f1 100644 --- a/MdeModulePkg/Core/Pei/Hob/Hob.c +++ b/MdeModulePkg/Core/Pei/Hob/Hob.c @@ -1,7 +1,7 @@ /** @file This module provide Hand-Off Block manupulation. -Copyright (c) 2006, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -89,6 +89,12 @@ PeiCreateHob ( HandOffHob = *Hob; + // + // Check Length to avoid data overflow. + // + if (0x10000 - Length <= 0x7) { + return EFI_INVALID_PARAMETER; + } Length = (UINT16)((Length + 0x7) & (~0x7)); FreeMemory = HandOffHob->EfiFreeMemoryTop - diff --git a/MdeModulePkg/Core/Pei/Memory/MemoryServices.c b/MdeModulePkg/Core/Pei/Memory/MemoryServices.c index ded8754e8..c7a06a3c5 100644 --- a/MdeModulePkg/Core/Pei/Memory/MemoryServices.c +++ b/MdeModulePkg/Core/Pei/Memory/MemoryServices.c @@ -1,7 +1,7 @@ /** @file EFI PEI Core memory services -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -249,9 +249,9 @@ PeiAllocatePool ( // // Generally, the size of heap in temporary memory does not exceed to 64K, - // so the maxmium size of pool is 0x10000 - sizeof (EFI_HOB_MEMORY_POOL) + // HobLength is multiples of 8 bytes, so the maxmium size of pool is 0xFFF8 - sizeof (EFI_HOB_MEMORY_POOL) // - if (Size >= (0x10000 - sizeof (EFI_HOB_MEMORY_POOL))) { + if (Size > (0xFFF8 - sizeof (EFI_HOB_MEMORY_POOL))) { return EFI_OUT_OF_RESOURCES; } -- cgit v1.2.3