From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by mx.groups.io with SMTP id smtpd.web10.3002.1615962263935965704
 for <devel@edk2.groups.io>;
 Tue, 16 Mar 2021 23:24:24 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: ianx.kuo@intel.com)
IronPort-SDR: h8sjYJnH7fE+osd+yLfSXMfMhgL1SFeCYezkN1AqOIks1SyD3bX4wLNCxiuPI+CNMOYxzrPphx
 PhRJgGnhxhJw==
X-IronPort-AV: E=McAfee;i="6000,8403,9925"; a="186040978"
X-IronPort-AV: E=Sophos;i="5.81,255,1610438400"; 
   d="scan'208";a="186040978"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Mar 2021 23:24:17 -0700
IronPort-SDR: G+vB46H8ylJIqw+L/7u80JvEt4XQGONOSLfwWOOK14IbeDGmqCde/GcEB26WPyNQftwfZLwaoa
 Qjqe3oqGYfaQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.81,255,1610438400"; 
   d="scan'208";a="440341289"
Received: from ikuox-tiger-lake-client-platform.itwn.intel.com ([10.5.215.23])
  by FMSMGA003.fm.intel.com with ESMTP; 16 Mar 2021 23:24:16 -0700
From: "IanX Kuo" <ianx.kuo@intel.com>
To: devel@edk2.groups.io
Cc: VincentX Ke <vincentx.ke@intel.com>
Subject: [PATCH] ShellPkg/Pci: Add valid check for PCI extended config space parser
Date: Sat, 10 Apr 2021 22:15:09 +0800
Message-Id: <568b955d98de0cc3dc52467bf394324e391d4b7c.1615954984.git.vincentx.ke@intel.com>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: VincentX Ke <vincentx.ke@intel.com>

Bugzilla: 3262 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D3262)

No need to print PCIe details while CapabilityId is 0xFFFF.
Limit the NextCapabilityOffset to PCI configuration space.

Signed-off-by: VincentX Ke <vincentx.ke@intel.com>
---
 ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c b/ShellPkg/L=
ibrary/UefiShellDebug1CommandsLib/Pci.c
index a2f04d8db5..1e5dc75e27 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
@@ -2038,12 +2038,14 @@ LocatePciCapability (
 =0D
   @param[in] PciExpressCap       PCI Express capability buffer.=0D
   @param[in] ExtendedConfigSpace PCI Express extended configuration space.=
=0D
+  @param[in] ExtendedConfigSize  PCI Express extended configuration size.=
=0D
   @param[in] ExtendedCapability  PCI Express extended capability ID to exp=
lain.=0D
 **/=0D
 VOID=0D
 PciExplainPciExpress (=0D
   IN  PCI_CAPABILITY_PCIEXP                  *PciExpressCap,=0D
   IN  UINT8                                  *ExtendedConfigSpace,=0D
+  IN  UINTN                                  ExtendedConfigSize,=0D
   IN CONST UINT16                            ExtendedCapability=0D
   );=0D
 =0D
@@ -2921,6 +2923,7 @@ ShellCommandRunPci (
         PciExplainPciExpress (=0D
           (PCI_CAPABILITY_PCIEXP *) ((UINT8 *) &ConfigSpace + PcieCapabili=
tyPtr),=0D
           ExtendedConfigSpace,=0D
+          ExtendedConfigSize,=0D
           ExtendedCapability=0D
           );=0D
       }=0D
@@ -5698,12 +5701,14 @@ PrintPciExtendedCapabilityDetails(
 =0D
   @param[in] PciExpressCap       PCI Express capability buffer.=0D
   @param[in] ExtendedConfigSpace PCI Express extended configuration space.=
=0D
+  @param[in] ExtendedConfigSize  PCI Express extended configuration size.=
=0D
   @param[in] ExtendedCapability  PCI Express extended capability ID to exp=
lain.=0D
 **/=0D
 VOID=0D
 PciExplainPciExpress (=0D
   IN  PCI_CAPABILITY_PCIEXP                  *PciExpressCap,=0D
   IN  UINT8                                  *ExtendedConfigSpace,=0D
+  IN  UINTN                                  ExtendedConfigSize,=0D
   IN CONST UINT16                            ExtendedCapability=0D
   )=0D
 {=0D
@@ -5786,7 +5791,7 @@ PciExplainPciExpress (
   }=0D
 =0D
   ExtHdr =3D (PCI_EXP_EXT_HDR*)ExtendedConfigSpace;=0D
-  while (ExtHdr->CapabilityId !=3D 0 && ExtHdr->CapabilityVersion !=3D 0) =
{=0D
+  while (ExtHdr->CapabilityId !=3D 0 && ExtHdr->CapabilityVersion !=3D 0 &=
& ExtHdr->CapabilityId !=3D 0xFFFF) {=0D
     //=0D
     // Process this item=0D
     //=0D
@@ -5800,7 +5805,8 @@ PciExplainPciExpress (
     //=0D
     // Advance to the next item if it exists=0D
     //=0D
-    if (ExtHdr->NextCapabilityOffset !=3D 0) {=0D
+    if (ExtHdr->NextCapabilityOffset !=3D 0 &&=0D
+       (ExtHdr->NextCapabilityOffset <=3D (UINT32) (ExtendedConfigSize + E=
FI_PCIE_CAPABILITY_BASE_OFFSET - sizeof (PCI_EXP_EXT_HDR)))) {=0D
       ExtHdr =3D (PCI_EXP_EXT_HDR*)(ExtendedConfigSpace + ExtHdr->NextCapa=
bilityOffset - EFI_PCIE_CAPABILITY_BASE_OFFSET);=0D
     } else {=0D
       break;=0D
--=20
2.18.0.windows.1