[PATCH V3 0/3] Update comments and code for GetNextVariableName to follow UEFI 2.7

[PATCH V3 0/3] Update comments and code for GetNextVariableName to follow UEFI 2.7

[Star Zeng]

V3: Remove the ((VariableName[MaxLen - 1] != 0) check and enhance the code comments
    based on Ruiyu's feedback.

V2: Add changes for EmuVariable and FsVariable.

"The size must be large enough to fit input string supplied in
VariableName buffer" is added in the description for VariableNameSize.
And two cases of EFI_INVALID_PARAMETER are added.
1. The input values of VariableName and VendorGuid are not a name and
   GUID of an existing variable.
2. Null-terminator is not found in the first VariableNameSize bytes of
   the input VariableName buffer.

Star Zeng (3):
  MdePkg: Update comments for GetNextVariableName to follow UEFI 2.7
  MdeModulePkg Variable: Update GetNextVariableName to follow UEFI 2.7
  DuetPkg FsVariable: Update GetNextVariableName to follow UEFI 2.7

 DuetPkg/FSVariable/FSVariable.c                    | 31 ++++++++++++-
 .../Universal/Variable/EmuRuntimeDxe/EmuVariable.c | 41 ++++++++++++++---
 .../Variable/EmuRuntimeDxe/InitVariable.c          | 24 ++++++----
 .../Universal/Variable/EmuRuntimeDxe/Variable.h    | 15 ++++---
 .../Universal/Variable/RuntimeDxe/Variable.c       | 51 +++++++++++++++++++---
 .../Universal/Variable/RuntimeDxe/Variable.h       | 25 ++++++++---
 MdePkg/Include/Uefi/UefiSpec.h                     |  8 +++-
 7 files changed, 160 insertions(+), 35 deletions(-)

-- 
2.7.0.windows.1

[PATCH V3 1/3] MdePkg: Update comments for GetNextVariableName to follow UEFI 2.7

[Star Zeng]

"The size must be large enough to fit input string supplied in
VariableName buffer" is added in the description for VariableNameSize.
And two cases of EFI_INVALID_PARAMETER are added.
1. The input values of VariableName and VendorGuid are not a name and
   GUID of an existing variable.
2. Null-terminator is not found in the first VariableNameSize bytes of
   the input VariableName buffer.

This patch is to update comments for GetNextVariableName to follow them.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 MdePkg/Include/Uefi/UefiSpec.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/Uefi/UefiSpec.h b/MdePkg/Include/Uefi/UefiSpec.h
index eb662a35503c..d39412748258 100644
--- a/MdePkg/Include/Uefi/UefiSpec.h
+++ b/MdePkg/Include/Uefi/UefiSpec.h
@@ -661,7 +661,8 @@ EFI_STATUS
 /**
   Enumerates the current variable names.
 
-  @param[in, out]  VariableNameSize The size of the VariableName buffer.
+  @param[in, out]  VariableNameSize The size of the VariableName buffer. The size must be large
+                                    enough to fit input string supplied in VariableName buffer.
   @param[in, out]  VariableName     On input, supplies the last VariableName that was returned
                                     by GetNextVariableName(). On output, returns the Nullterminated
                                     string of the current variable.
@@ -672,9 +673,14 @@ EFI_STATUS
   @retval EFI_SUCCESS           The function completed successfully.
   @retval EFI_NOT_FOUND         The next variable was not found.
   @retval EFI_BUFFER_TOO_SMALL  The VariableNameSize is too small for the result.
+                                VariableNameSize has been updated with the size needed to complete the request.
   @retval EFI_INVALID_PARAMETER VariableNameSize is NULL.
   @retval EFI_INVALID_PARAMETER VariableName is NULL.
   @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER The input values of VariableName and VendorGuid are not a name and
+                                GUID of an existing variable.
+  @retval EFI_INVALID_PARAMETER Null-terminator is not found in the first VariableNameSize bytes of
+                                the input VariableName buffer.
   @retval EFI_DEVICE_ERROR      The variable could not be retrieved due to a hardware error.
 
 **/
-- 
2.7.0.windows.1

[PATCH V3 2/3] MdeModulePkg Variable: Update GetNextVariableName to follow UEFI 2.7

[Star Zeng]

"The size must be large enough to fit input string supplied in
VariableName buffer" is added in the description for VariableNameSize.
And two cases of EFI_INVALID_PARAMETER are added.
1. The input values of VariableName and VendorGuid are not a name and
   GUID of an existing variable.
2. Null-terminator is not found in the first VariableNameSize bytes of
   the input VariableName buffer.

This patch is to update code to follow them.

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 .../Universal/Variable/EmuRuntimeDxe/EmuVariable.c | 41 ++++++++++++++---
 .../Variable/EmuRuntimeDxe/InitVariable.c          | 24 ++++++----
 .../Universal/Variable/EmuRuntimeDxe/Variable.h    | 15 ++++---
 .../Universal/Variable/RuntimeDxe/Variable.c       | 51 +++++++++++++++++++---
 .../Universal/Variable/RuntimeDxe/Variable.h       | 25 ++++++++---
 5 files changed, 124 insertions(+), 32 deletions(-)

diff --git a/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/EmuVariable.c b/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/EmuVariable.c
index 27ea1496a044..6dee2b6add4b 100644
--- a/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/EmuVariable.c
+++ b/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/EmuVariable.c
@@ -3,7 +3,7 @@
   Emulation Variable services operate on the runtime volatile memory.
   The nonvolatile variable space doesn't exist.
 
-Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -1233,18 +1233,23 @@ Done:
 
   This code Finds the Next available variable.
 
-  @param  VariableNameSize       Size of the variable.
+  @param  VariableNameSize       The size of the VariableName buffer. The size must be large enough to fit input
+                                 string supplied in VariableName buffer.
   @param  VariableName           On input, supplies the last VariableName that was returned by GetNextVariableName().
                                  On output, returns the Null-terminated Unicode string of the current variable.
   @param  VendorGuid             On input, supplies the last VendorGuid that was returned by GetNextVariableName().
-                                 On output, returns the VendorGuid of the current variable.  
+                                 On output, returns the VendorGuid of the current variable.
   @param  Global                 Pointer to VARIABLE_GLOBAL structure.
 
-  @retval EFI_SUCCESS            The function completed successfully. 
+  @retval EFI_SUCCESS            The function completed successfully.
   @retval EFI_NOT_FOUND          The next variable was not found.
-  @retval EFI_BUFFER_TOO_SMALL   VariableNameSize is too small for the result. 
+  @retval EFI_BUFFER_TOO_SMALL   The VariableNameSize is too small for the result.
                                  VariableNameSize has been updated with the size needed to complete the request.
   @retval EFI_INVALID_PARAMETER  VariableNameSize or VariableName or VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER  The input values of VariableName and VendorGuid are not a name and
+                                 GUID of an existing variable.
+  @retval EFI_INVALID_PARAMETER  Null-terminator is not found in the first VariableNameSize bytes of
+                                 the input VariableName buffer.
 
 **/
 EFI_STATUS
@@ -1259,16 +1264,42 @@ EmuGetNextVariableName (
   VARIABLE_POINTER_TRACK  Variable;
   UINTN                   VarNameSize;
   EFI_STATUS              Status;
+  UINTN                   MaxLen;
 
   if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
     return EFI_INVALID_PARAMETER;
   }
 
+  //
+  // Calculate the possible maximum length of name string, including the Null terminator.
+  //
+  MaxLen = *VariableNameSize / sizeof (CHAR16);
+  if ((MaxLen == 0) || (StrnLenS (VariableName, MaxLen) == MaxLen)) {
+    //
+    // Null-terminator is not found in the first VariableNameSize bytes of the input VariableName buffer,
+    // follow spec to return EFI_INVALID_PARAMETER.
+    //
+    return EFI_INVALID_PARAMETER;
+  }
+
   AcquireLockOnlyAtBootTime(&Global->VariableServicesLock);
 
   Status = FindVariable (VariableName, VendorGuid, &Variable, Global);
 
   if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
+    //
+    // For VariableName is an empty string, FindVariable() will try to find and return
+    // the first qualified variable, and if FindVariable() returns error (EFI_NOT_FOUND)
+    // as no any variable is found, still go to return the error (EFI_NOT_FOUND).
+    //
+    if (VariableName[0] != 0) {
+      //
+      // For VariableName is not an empty string, and FindVariable() returns error as
+      // VariableName and VendorGuid are not a name and GUID of an existing variable,
+      // there is no way to get next variable, follow spec to return EFI_INVALID_PARAMETER.
+      //
+      Status = EFI_INVALID_PARAMETER;
+    }
     goto Done;
   }
 
diff --git a/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/InitVariable.c b/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/InitVariable.c
index 1feedc07c332..309a4b8dbfeb 100644
--- a/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/InitVariable.c
+++ b/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/InitVariable.c
@@ -60,14 +60,22 @@ RuntimeServiceGetVariable (
 
   This code Finds the Next available variable.
 
-  @param VariableNameSize           Size of the variable name
-  @param VariableName               Pointer to variable name
-  @param VendorGuid                 Variable Vendor Guid
-
-  @return EFI_INVALID_PARAMETER     Invalid parameter
-  @return EFI_SUCCESS               Find the specified variable
-  @return EFI_NOT_FOUND             Not found
-  @return EFI_BUFFER_TO_SMALL       DataSize is too small for the result
+  @param  VariableNameSize       The size of the VariableName buffer. The size must be large enough to fit input
+                                 string supplied in VariableName buffer.
+  @param  VariableName           On input, supplies the last VariableName that was returned by GetNextVariableName().
+                                 On output, returns the Null-terminated Unicode string of the current variable.
+  @param  VendorGuid             On input, supplies the last VendorGuid that was returned by GetNextVariableName().
+                                 On output, returns the VendorGuid of the current variable.
+
+  @retval EFI_SUCCESS            The function completed successfully.
+  @retval EFI_NOT_FOUND          The next variable was not found.
+  @retval EFI_BUFFER_TOO_SMALL   The VariableNameSize is too small for the result.
+                                 VariableNameSize has been updated with the size needed to complete the request.
+  @retval EFI_INVALID_PARAMETER  VariableNameSize or VariableName or VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER  The input values of VariableName and VendorGuid are not a name and
+                                 GUID of an existing variable.
+  @retval EFI_INVALID_PARAMETER  Null-terminator is not found in the first VariableNameSize bytes of
+                                 the input VariableName buffer.
 
 **/
 EFI_STATUS
diff --git a/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/Variable.h
index 81a45681a231..985f56791909 100644
--- a/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/Variable.h
+++ b/MdeModulePkg/Universal/Variable/EmuRuntimeDxe/Variable.h
@@ -3,7 +3,7 @@
   The internal header file includes the common header files, defines
   internal structure and functions used by EmuVariable module.
 
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -173,18 +173,23 @@ EmuGetVariable (
 
   This code finds the next available variable.
 
-  @param  VariableNameSize       Size of the variable.
+  @param  VariableNameSize       The size of the VariableName buffer. The size must be large enough to fit input
+                                 string supplied in VariableName buffer.
   @param  VariableName           On input, supplies the last VariableName that was returned by GetNextVariableName().
                                  On output, returns the Null-terminated Unicode string of the current variable.
   @param  VendorGuid             On input, supplies the last VendorGuid that was returned by GetNextVariableName().
-                                 On output, returns the VendorGuid of the current variable.  
+                                 On output, returns the VendorGuid of the current variable.
   @param  Global                 Pointer to VARIABLE_GLOBAL structure.
 
-  @retval EFI_SUCCESS            The function completed successfully. 
+  @retval EFI_SUCCESS            The function completed successfully.
   @retval EFI_NOT_FOUND          The next variable was not found.
-  @retval EFI_BUFFER_TOO_SMALL   VariableNameSize is too small for the result. 
+  @retval EFI_BUFFER_TOO_SMALL   The VariableNameSize is too small for the result.
                                  VariableNameSize has been updated with the size needed to complete the request.
   @retval EFI_INVALID_PARAMETER  VariableNameSize or VariableName or VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER  The input values of VariableName and VendorGuid are not a name and
+                                 GUID of an existing variable.
+  @retval EFI_INVALID_PARAMETER  Null-terminator is not found in the first VariableNameSize bytes of
+                                 the input VariableName buffer.
 
 **/
 EFI_STATUS
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index 0a325de1659d..71a6fd209364 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -2905,8 +2905,11 @@ Done:
   @param[in]  VendorGuid    Variable Vendor Guid.
   @param[out] VariablePtr   Pointer to variable header address.
 
-  @return EFI_SUCCESS       Find the specified variable.
-  @return EFI_NOT_FOUND     Not found.
+  @retval EFI_SUCCESS           The function completed successfully.
+  @retval EFI_NOT_FOUND         The next variable was not found.
+  @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER The input values of VariableName and VendorGuid are not a name and
+                                GUID of an existing variable.
 
 **/
 EFI_STATUS
@@ -2926,6 +2929,19 @@ VariableServiceGetNextVariableInternal (
 
   Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
   if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
+    //
+    // For VariableName is an empty string, FindVariable() will try to find and return
+    // the first qualified variable, and if FindVariable() returns error (EFI_NOT_FOUND)
+    // as no any variable is found, still go to return the error (EFI_NOT_FOUND).
+    //
+    if (VariableName[0] != 0) {
+      //
+      // For VariableName is not an empty string, and FindVariable() returns error as
+      // VariableName and VendorGuid are not a name and GUID of an existing variable,
+      // there is no way to get next variable, follow spec to return EFI_INVALID_PARAMETER.
+      //
+      Status = EFI_INVALID_PARAMETER;
+    }
     goto Done;
   }
 
@@ -3046,14 +3062,22 @@ Done:
   Caution: This function may receive untrusted input.
   This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
 
-  @param VariableNameSize           Size of the variable name.
+  @param VariableNameSize           The size of the VariableName buffer. The size must be large
+                                    enough to fit input string supplied in VariableName buffer.
   @param VariableName               Pointer to variable name.
   @param VendorGuid                 Variable Vendor Guid.
 
-  @return EFI_INVALID_PARAMETER     Invalid parameter.
-  @return EFI_SUCCESS               Find the specified variable.
-  @return EFI_NOT_FOUND             Not found.
-  @return EFI_BUFFER_TO_SMALL       DataSize is too small for the result.
+  @retval EFI_SUCCESS               The function completed successfully.
+  @retval EFI_NOT_FOUND             The next variable was not found.
+  @retval EFI_BUFFER_TOO_SMALL      The VariableNameSize is too small for the result.
+                                    VariableNameSize has been updated with the size needed to complete the request.
+  @retval EFI_INVALID_PARAMETER     VariableNameSize is NULL.
+  @retval EFI_INVALID_PARAMETER     VariableName is NULL.
+  @retval EFI_INVALID_PARAMETER     VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER     The input values of VariableName and VendorGuid are not a name and
+                                    GUID of an existing variable.
+  @retval EFI_INVALID_PARAMETER     Null-terminator is not found in the first VariableNameSize bytes of
+                                    the input VariableName buffer.
 
 **/
 EFI_STATUS
@@ -3065,6 +3089,7 @@ VariableServiceGetNextVariableName (
   )
 {
   EFI_STATUS              Status;
+  UINTN                   MaxLen;
   UINTN                   VarNameSize;
   VARIABLE_HEADER         *VariablePtr;
 
@@ -3072,6 +3097,18 @@ VariableServiceGetNextVariableName (
     return EFI_INVALID_PARAMETER;
   }
 
+  //
+  // Calculate the possible maximum length of name string, including the Null terminator.
+  //
+  MaxLen = *VariableNameSize / sizeof (CHAR16);
+  if ((MaxLen == 0) || (StrnLenS (VariableName, MaxLen) == MaxLen)) {
+    //
+    // Null-terminator is not found in the first VariableNameSize bytes of the input VariableName buffer,
+    // follow spec to return EFI_INVALID_PARAMETER.
+    //
+    return EFI_INVALID_PARAMETER;
+  }
+
   AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
 
   Status = VariableServiceGetNextVariableInternal (VariableName, VendorGuid, &VariablePtr);
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
index cd0d9568158a..8b1b1332b3da 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
@@ -543,8 +543,11 @@ VariableServiceGetVariable (
   @param[in] VendorGuid     Variable Vendor Guid.
   @param[out] VariablePtr   Pointer to variable header address.
 
-  @return EFI_SUCCESS       Find the specified variable.
-  @return EFI_NOT_FOUND     Not found.
+  @retval EFI_SUCCESS           The function completed successfully.
+  @retval EFI_NOT_FOUND         The next variable was not found.
+  @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER The input values of VariableName and VendorGuid are not a name and
+                                GUID of an existing variable.
 
 **/
 EFI_STATUS
@@ -562,14 +565,22 @@ VariableServiceGetNextVariableInternal (
   Caution: This function may receive untrusted input.
   This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
 
-  @param VariableNameSize           Size of the variable name.
+  @param VariableNameSize           The size of the VariableName buffer. The size must be large
+                                    enough to fit input string supplied in VariableName buffer.
   @param VariableName               Pointer to variable name.
   @param VendorGuid                 Variable Vendor Guid.
 
-  @return EFI_INVALID_PARAMETER     Invalid parameter.
-  @return EFI_SUCCESS               Find the specified variable.
-  @return EFI_NOT_FOUND             Not found.
-  @return EFI_BUFFER_TO_SMALL       DataSize is too small for the result.
+  @retval EFI_SUCCESS               The function completed successfully.
+  @retval EFI_NOT_FOUND             The next variable was not found.
+  @retval EFI_BUFFER_TOO_SMALL      The VariableNameSize is too small for the result.
+                                    VariableNameSize has been updated with the size needed to complete the request.
+  @retval EFI_INVALID_PARAMETER     VariableNameSize is NULL.
+  @retval EFI_INVALID_PARAMETER     VariableName is NULL.
+  @retval EFI_INVALID_PARAMETER     VendorGuid is NULL.
+  @retval EFI_INVALID_PARAMETER     The input values of VariableName and VendorGuid are not a name and
+                                    GUID of an existing variable.
+  @retval EFI_INVALID_PARAMETER     Null-terminator is not found in the first VariableNameSize bytes of
+                                    the input VariableName buffer.
 
 **/
 EFI_STATUS
-- 
2.7.0.windows.1

[PATCH V3 3/3] DuetPkg FsVariable: Update GetNextVariableName to follow UEFI 2.7

[Star Zeng]

"The size must be large enough to fit input string supplied in
VariableName buffer" is added in the description for VariableNameSize.
And two cases of EFI_INVALID_PARAMETER are added.
1. The input values of VariableName and VendorGuid are not a name and
   GUID of an existing variable.
2. Null-terminator is not found in the first VariableNameSize bytes of
   the input VariableName buffer.

This patch is to update code to follow them.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 DuetPkg/FSVariable/FSVariable.c | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/DuetPkg/FSVariable/FSVariable.c b/DuetPkg/FSVariable/FSVariable.c
index 34b79305c871..5feeade10d2f 100644
--- a/DuetPkg/FSVariable/FSVariable.c
+++ b/DuetPkg/FSVariable/FSVariable.c
@@ -6,7 +6,7 @@ disk. They can be changed by user. BIOS is not able to protoect those.
 Duet trusts all meta data from disk. If variable code, variable metadata and variable
 data is modified in inproper way, the behavior is undefined.
 
-Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -1387,7 +1387,8 @@ Routine Description:
 
 Arguments:
 
-  VariableNameSize            Size of the variable
+  VariableNameSize            The size of the VariableName buffer. The size must be large
+                              enough to fit input string supplied in VariableName buffer.
   VariableName                Pointer to variable name
   VendorGuid                  Variable Vendor Guid
 
@@ -1400,14 +1401,40 @@ Returns:
   VARIABLE_POINTER_TRACK  Variable;
   UINTN                   VarNameSize;
   EFI_STATUS              Status;
+  UINTN                   MaxLen;
 
   if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
     return EFI_INVALID_PARAMETER;
   }
 
+  //
+  // Calculate the possible maximum length of name string, including the Null terminator.
+  //
+  MaxLen = *VariableNameSize / sizeof (CHAR16);
+  if ((MaxLen == 0) || (StrnLenS (VariableName, MaxLen) == MaxLen)) {
+    //
+    // Null-terminator is not found in the first VariableNameSize bytes of the input VariableName buffer,
+    // follow spec to return EFI_INVALID_PARAMETER.
+    //
+    return EFI_INVALID_PARAMETER;
+  }
+
   Status = FindVariable (VariableName, VendorGuid, &Variable);
 
   if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
+    //
+    // For VariableName is an empty string, FindVariable() will try to find and return
+    // the first qualified variable, and if FindVariable() returns error (EFI_NOT_FOUND)
+    // as no any variable is found, still go to return the error (EFI_NOT_FOUND).
+    //
+    if (VariableName[0] != 0) {
+      //
+      // For VariableName is not an empty string, and FindVariable() returns error as
+      // VariableName and VendorGuid are not a name and GUID of an existing variable,
+      // there is no way to get next variable, follow spec to return EFI_INVALID_PARAMETER.
+      //
+      Status = EFI_INVALID_PARAMETER;
+    }
     return Status;
   }
 
-- 
2.7.0.windows.1

Re: [PATCH V3 3/3] DuetPkg FsVariable: Update GetNextVariableName to follow UEFI 2.7

[Ni, Ruiyu]

Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

Thanks/Ray

> -----Original Message-----
> From: Zeng, Star
> Sent: Monday, June 26, 2017 5:21 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star <star.zeng@intel.com>; Gao, Liming <liming.gao@intel.com>;
> Ni, Ruiyu <ruiyu.ni@intel.com>
> Subject: [PATCH V3 3/3] DuetPkg FsVariable: Update GetNextVariableName
> to follow UEFI 2.7
> 
> "The size must be large enough to fit input string supplied in VariableName
> buffer" is added in the description for VariableNameSize.
> And two cases of EFI_INVALID_PARAMETER are added.
> 1. The input values of VariableName and VendorGuid are not a name and
>    GUID of an existing variable.
> 2. Null-terminator is not found in the first VariableNameSize bytes of
>    the input VariableName buffer.
> 
> This patch is to update code to follow them.
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Star Zeng <star.zeng@intel.com>
> Reviewed-by: Liming Gao <liming.gao@intel.com>
> ---
>  DuetPkg/FSVariable/FSVariable.c | 31
> +++++++++++++++++++++++++++++--
>  1 file changed, 29 insertions(+), 2 deletions(-)
> 
> diff --git a/DuetPkg/FSVariable/FSVariable.c
> b/DuetPkg/FSVariable/FSVariable.c index 34b79305c871..5feeade10d2f
> 100644
> --- a/DuetPkg/FSVariable/FSVariable.c
> +++ b/DuetPkg/FSVariable/FSVariable.c
> @@ -6,7 +6,7 @@ disk. They can be changed by user. BIOS is not able to
> protoect those.
>  Duet trusts all meta data from disk. If variable code, variable metadata and
> variable  data is modified in inproper way, the behavior is undefined.
> 
> -Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials  are licensed and made
> available under the terms and conditions of the BSD License  which
> accompanies this distribution.  The full text of the license may be found at
> @@ -1387,7 +1387,8 @@ Routine Description:
> 
>  Arguments:
> 
> -  VariableNameSize            Size of the variable
> +  VariableNameSize            The size of the VariableName buffer. The size
> must be large
> +                              enough to fit input string supplied in VariableName buffer.
>    VariableName                Pointer to variable name
>    VendorGuid                  Variable Vendor Guid
> 
> @@ -1400,14 +1401,40 @@ Returns:
>    VARIABLE_POINTER_TRACK  Variable;
>    UINTN                   VarNameSize;
>    EFI_STATUS              Status;
> +  UINTN                   MaxLen;
> 
>    if (VariableNameSize == NULL || VariableName == NULL || VendorGuid ==
> NULL) {
>      return EFI_INVALID_PARAMETER;
>    }
> 
> +  //
> +  // Calculate the possible maximum length of name string, including the Null
> terminator.
> +  //
> +  MaxLen = *VariableNameSize / sizeof (CHAR16);  if ((MaxLen == 0) ||
> + (StrnLenS (VariableName, MaxLen) == MaxLen)) {
> +    //
> +    // Null-terminator is not found in the first VariableNameSize bytes of the
> input VariableName buffer,
> +    // follow spec to return EFI_INVALID_PARAMETER.
> +    //
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
>    Status = FindVariable (VariableName, VendorGuid, &Variable);
> 
>    if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
> +    //
> +    // For VariableName is an empty string, FindVariable() will try to find and
> return
> +    // the first qualified variable, and if FindVariable() returns error
> (EFI_NOT_FOUND)
> +    // as no any variable is found, still go to return the error
> (EFI_NOT_FOUND).
> +    //
> +    if (VariableName[0] != 0) {
> +      //
> +      // For VariableName is not an empty string, and FindVariable() returns
> error as
> +      // VariableName and VendorGuid are not a name and GUID of an
> existing variable,
> +      // there is no way to get next variable, follow spec to return
> EFI_INVALID_PARAMETER.
> +      //
> +      Status = EFI_INVALID_PARAMETER;
> +    }
>      return Status;
>    }
> 
> --
> 2.7.0.windows.1