[Patch 0/4] Enhance IsDevciePathValid API

[Patch 0/4] Enhance IsDevciePathValid API

[Eric Dong]

Current code may return error status and touch unsafe
buffer, this patch series fix these issues.

Eric Dong (4):
  MdePkg DevicePathLib: Rollback former change.
  MdePkg DevicePathLib: Validate before touch input buffer.
  MdePkg UefiDevicePathLib: Rollback former change.
  MdePkg UefiDevicePathLib: Validate before touch input buffer.

 .../UefiDevicePathLib/DevicePathUtilities.c        | 24 ++++++++++++++--------
 .../UefiDevicePathLib.c                            | 24 ++++++++++++++--------
 2 files changed, 30 insertions(+), 18 deletions(-)

-- 
2.6.4.windows.1

[Patch 1/4] MdePkg DevicePathLib: Rollback former change.

[Eric Dong]

Former patch still has some bugs, so rollback it and
enhance the original code.

Cc: Ruiyu NI <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 .../UefiDevicePathLib.c                            | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
index 4872416..a514f1b 100644
--- a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
+++ b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
@@ -103,35 +103,25 @@ IsDevicePathValid (
 
   ASSERT (DevicePath != NULL);
 
-  if (MaxSize == 0){
-    MaxSize = MAX_UINTN;
-  }
-
-  Size = 0;
-  Count = 0;
-
-  while (MaxSize >= sizeof (EFI_DEVICE_PATH_PROTOCOL) &&
-        (MaxSize - sizeof (EFI_DEVICE_PATH_PROTOCOL) >= Size) &&
-        !IsDevicePathEnd (DevicePath)) {
+  for (Count = 0, Size = 0; !IsDevicePathEnd (DevicePath); DevicePath = NextDevicePathNode (DevicePath)) {
     NodeLength = DevicePathNodeLength (DevicePath);
     if (NodeLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
       return FALSE;
     }
 
-    if (NodeLength > MAX_UINTN - Size) {
-      return FALSE;
+    if (MaxSize > 0) {
+      Size += NodeLength;
+      if (Size + END_DEVICE_PATH_LENGTH > MaxSize) {
+        return FALSE;
+      }
     }
 
-    Size += NodeLength;
-
     if (PcdGet32 (PcdMaximumDevicePathNodeCount) > 0) {
       Count++;
       if (Count >= PcdGet32 (PcdMaximumDevicePathNodeCount)) {
         return FALSE;
       }
     }
-
-    DevicePath = NextDevicePathNode (DevicePath);
   }
 
   //
-- 
2.6.4.windows.1

[Patch 2/4] MdePkg DevicePathLib: Validate before touch input buffer.

[Eric Dong]

Current code not validate the input buffer before touch.
it may touch the buffer outside the validate scope. This
patch validate the input size big enough to touch the
first node.

Cc: Ruiyu NI <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 .../UefiDevicePathLib.c                            | 26 +++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
index a514f1b..2252d18 100644
--- a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
+++ b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
@@ -103,17 +103,33 @@ IsDevicePathValid (
 
   ASSERT (DevicePath != NULL);
 
+  if (MaxSize == 0) {
+    MaxSize = MAX_UINTN;
+  }
+
+  //
+  // Validate the input size big enough to touch the first node.
+  //
+  if (MaxSize < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
+    return FALSE;
+  }
+
   for (Count = 0, Size = 0; !IsDevicePathEnd (DevicePath); DevicePath = NextDevicePathNode (DevicePath)) {
     NodeLength = DevicePathNodeLength (DevicePath);
     if (NodeLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
       return FALSE;
     }
 
-    if (MaxSize > 0) {
-      Size += NodeLength;
-      if (Size + END_DEVICE_PATH_LENGTH > MaxSize) {
-        return FALSE;
-      }
+    if (NodeLength > MAX_UINTN - Size) {
+      return FALSE;
+    }
+    Size += NodeLength;
+
+    //
+    // Validate next node before touch it.
+    //
+    if (Size > MaxSize - END_DEVICE_PATH_LENGTH ) {
+      return FALSE;
     }
 
     if (PcdGet32 (PcdMaximumDevicePathNodeCount) > 0) {
-- 
2.6.4.windows.1

[Patch 3/4] MdePkg UefiDevicePathLib: Rollback former change.

[Eric Dong]

Former patch still has some bugs, so rollback it and
enhance the original code.

Cc: Ruiyu NI <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 .../UefiDevicePathLib/DevicePathUtilities.c        | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
index 82419a4..024dcc2 100644
--- a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
+++ b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
@@ -61,35 +61,25 @@ IsDevicePathValid (
 
   ASSERT (DevicePath != NULL);
 
-  if (MaxSize == 0){
-    MaxSize = MAX_UINTN;
-  }
-
-  Size = 0;
-  Count = 0;
-
-  while (MaxSize >= sizeof (EFI_DEVICE_PATH_PROTOCOL) &&
-        (MaxSize - sizeof (EFI_DEVICE_PATH_PROTOCOL) >= Size) &&
-        !IsDevicePathEnd (DevicePath)) {
+  for (Count = 0, Size = 0; !IsDevicePathEnd (DevicePath); DevicePath = NextDevicePathNode (DevicePath)) {
     NodeLength = DevicePathNodeLength (DevicePath);
     if (NodeLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
       return FALSE;
     }
 
-    if (NodeLength > MAX_UINTN - Size) {
-      return FALSE;
+    if (MaxSize > 0) {
+      Size += NodeLength;
+      if (Size + END_DEVICE_PATH_LENGTH > MaxSize) {
+        return FALSE;
+      }
     }
 
-    Size += NodeLength;
-
     if (PcdGet32 (PcdMaximumDevicePathNodeCount) > 0) {
       Count++;
       if (Count >= PcdGet32 (PcdMaximumDevicePathNodeCount)) {
         return FALSE;
       }
     }
-
-    DevicePath = NextDevicePathNode (DevicePath);
   }
 
   //
-- 
2.6.4.windows.1

[Patch 4/4] MdePkg UefiDevicePathLib: Validate before touch input buffer.

[Eric Dong]

Current code not validate the input buffer before touch.
it may touch the buffer outside the validate scope. This
patch validate the input size big enough to touch the
first node.

Cc: Ruiyu NI <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 .../UefiDevicePathLib/DevicePathUtilities.c        | 26 +++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
index 024dcc2..bb4a563 100644
--- a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
+++ b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
@@ -61,17 +61,33 @@ IsDevicePathValid (
 
   ASSERT (DevicePath != NULL);
 
+  if (MaxSize == 0) {
+    MaxSize = MAX_UINTN;
+  }
+
+  //
+  // Validate the input size big enough to touch the first node.
+  //
+  if (MaxSize < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
+    return FALSE;
+  }
+
   for (Count = 0, Size = 0; !IsDevicePathEnd (DevicePath); DevicePath = NextDevicePathNode (DevicePath)) {
     NodeLength = DevicePathNodeLength (DevicePath);
     if (NodeLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
       return FALSE;
     }
 
-    if (MaxSize > 0) {
-      Size += NodeLength;
-      if (Size + END_DEVICE_PATH_LENGTH > MaxSize) {
-        return FALSE;
-      }
+    if (NodeLength > MAX_UINTN - Size) {
+      return FALSE;
+    }
+    Size += NodeLength;
+
+    //
+    // Validate next node before touch it.
+    //
+    if (Size > MaxSize - END_DEVICE_PATH_LENGTH ) {
+      return FALSE;
     }
 
     if (PcdGet32 (PcdMaximumDevicePathNodeCount) > 0) {
-- 
2.6.4.windows.1