From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web11.4421.1616037808352637240
 for <devel@edk2.groups.io>;
 Wed, 17 Mar 2021 20:23:29 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: ianx.kuo@intel.com)
IronPort-SDR: JZCs/BLWtW0U21BqDtyI9w1TK5rTVhrCwetNGi1bzlDY7mI3Ij7Jj7QQ3C9YdxIu31sRmlO7Vb
 vzWYxu9Zh9Tw==
X-IronPort-AV: E=McAfee;i="6000,8403,9926"; a="187228306"
X-IronPort-AV: E=Sophos;i="5.81,257,1610438400"; 
   d="scan'208";a="187228306"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2021 20:23:24 -0700
IronPort-SDR: jB4I2/hEQmcZ/lNGlbGo/a3CljVcG7/swIr6JlMRfIXueEL5lWCZ0c8tYR32Wj4ExkyCKerSJ/
 1DDs/9FuH3cA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.81,257,1610438400"; 
   d="scan'208";a="605973917"
Received: from ikuox-tiger-lake-client-platform.itwn.intel.com ([10.5.215.23])
  by fmsmga005.fm.intel.com with ESMTP; 17 Mar 2021 20:23:22 -0700
From: "IanX Kuo" <ianx.kuo@intel.com>
To: devel@edk2.groups.io
Cc: VincentX Ke <vincentx.ke@intel.com>
Subject: [PATCH v4] ShellPkg/Pci: Add valid check for PCI extended config space parser
Date: Thu, 18 Mar 2021 00:01:54 +0800
Message-Id: <4f96766095369b1062be5ddae93208ac16ca958b.1616036135.git.vincentx.ke@intel.com>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: VincentX Ke <vincentx.ke@intel.com>

Bugzilla: 3262 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D3262)

No need to print PCIe details while CapabilityId is 0xFFFF.
Limit the NextCapabilityOffset to PCI/PCIe configuration space.

Signed-off-by: VincentX Ke <vincentx.ke@intel.com>
---
 ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c b/ShellPkg/L=
ibrary/UefiShellDebug1CommandsLib/Pci.c
index a2f04d8db5..1e5dc75e27 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
@@ -2038,12 +2038,14 @@ LocatePciCapability (
 =0D
   @param[in] PciExpressCap       PCI Express capability buffer.=0D
   @param[in] ExtendedConfigSpace PCI Express extended configuration space.=
=0D
+  @param[in] ExtendedConfigSize  PCI Express extended configuration size.=
=0D
   @param[in] ExtendedCapability  PCI Express extended capability ID to exp=
lain.=0D
 **/=0D
 VOID=0D
 PciExplainPciExpress (=0D
   IN  PCI_CAPABILITY_PCIEXP                  *PciExpressCap,=0D
   IN  UINT8                                  *ExtendedConfigSpace,=0D
+  IN  UINTN                                  ExtendedConfigSize,=0D
   IN CONST UINT16                            ExtendedCapability=0D
   );=0D
 =0D
@@ -2921,6 +2923,7 @@ ShellCommandRunPci (
         PciExplainPciExpress (=0D
           (PCI_CAPABILITY_PCIEXP *) ((UINT8 *) &ConfigSpace + PcieCapabili=
tyPtr),=0D
           ExtendedConfigSpace,=0D
+          ExtendedConfigSize,=0D
           ExtendedCapability=0D
           );=0D
       }=0D
@@ -5698,12 +5701,14 @@ PrintPciExtendedCapabilityDetails(
 =0D
   @param[in] PciExpressCap       PCI Express capability buffer.=0D
   @param[in] ExtendedConfigSpace PCI Express extended configuration space.=
=0D
+  @param[in] ExtendedConfigSize  PCI Express extended configuration size.=
=0D
   @param[in] ExtendedCapability  PCI Express extended capability ID to exp=
lain.=0D
 **/=0D
 VOID=0D
 PciExplainPciExpress (=0D
   IN  PCI_CAPABILITY_PCIEXP                  *PciExpressCap,=0D
   IN  UINT8                                  *ExtendedConfigSpace,=0D
+  IN  UINTN                                  ExtendedConfigSize,=0D
   IN CONST UINT16                            ExtendedCapability=0D
   )=0D
 {=0D
@@ -5786,7 +5791,7 @@ PciExplainPciExpress (
   }=0D
 =0D
   ExtHdr =3D (PCI_EXP_EXT_HDR*)ExtendedConfigSpace;=0D
-  while (ExtHdr->CapabilityId !=3D 0 && ExtHdr->CapabilityVersion !=3D 0) =
{=0D
+  while (ExtHdr->CapabilityId !=3D 0 && ExtHdr->CapabilityVersion !=3D 0 &=
& ExtHdr->CapabilityId !=3D 0xFFFF) {=0D
     //=0D
     // Process this item=0D
     //=0D
@@ -5800,7 +5805,8 @@ PciExplainPciExpress (
     //=0D
     // Advance to the next item if it exists=0D
     //=0D
-    if (ExtHdr->NextCapabilityOffset !=3D 0) {=0D
+    if (ExtHdr->NextCapabilityOffset !=3D 0 &&=0D
+       (ExtHdr->NextCapabilityOffset <=3D (UINT32) (ExtendedConfigSize + E=
FI_PCIE_CAPABILITY_BASE_OFFSET - sizeof (PCI_EXP_EXT_HDR)))) {=0D
       ExtHdr =3D (PCI_EXP_EXT_HDR*)(ExtendedConfigSpace + ExtHdr->NextCapa=
bilityOffset - EFI_PCIE_CAPABILITY_BASE_OFFSET);=0D
     } else {=0D
       break;=0D
--=20
2.18.0.windows.1