[edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
@ 2019-06-27 16:26 Xu, Wei6
  2019-06-27 23:29 ` Zhang, Chao B
  2019-06-28  0:54 ` Wu, Hao A
  0 siblings, 2 replies; 5+ messages in thread
From: Xu, Wei6 @ 2019-06-27 16:26 UTC (permalink / raw)
  To: devel; +Cc: Jian J Wang, Hao A Wu, Chao B Zhang

Add missing NULL pointer check for CapsuleNameBufStart.
Also add comments to notice that capsule name integrity check assumes
the capsule has been validated by IsValidCapsuleHeader().

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
---
 MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
index 66c9be8e1f..3193ca8f4d 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
@@ -23,10 +23,13 @@ IsCapsuleNameCapsule (
 
 /**
   Check the integrity of the capsule name capsule.
   If the capsule is vaild, return the physical address of each capsule name string.
 
+  This routine assumes the capsule has been validated by IsValidCapsuleHeader(), so
+  capsule memory overflow is not going to happen in this routine.
+
   @param[in]  CapsuleHeader   Pointer to the capsule header of a capsule name capsule.
   @param[out] CapsuleNameNum  Number of capsule name.
 
   @retval NULL                Capsule name capsule is not valid.
   @retval CapsuleNameBuf      Array of capsule name physical address.
@@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity (
   //
   // If strings are not aligned on a 16-bit boundary, reallocate memory for it.
   //
   if (((UINTN) CapsuleNameBufStart & BIT0) != 0) {
     CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart);
+    if (CapsuleNameBufStart == NULL) {
+      return NULL;
+    }
   }
 
   CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize;
 
   CapsuleNamePtr = CapsuleNameBufStart;
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
  2019-06-27 16:26 [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check Xu, Wei6
@ 2019-06-27 23:29 ` Zhang, Chao B
  2019-06-28  0:54 ` Wu, Hao A
  1 sibling, 0 replies; 5+ messages in thread
From: Zhang, Chao B @ 2019-06-27 23:29 UTC (permalink / raw)
  To: Xu, Wei6, devel@edk2.groups.io; +Cc: Wang, Jian J, Wu, Hao A

Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

-----Original Message-----
From: Xu, Wei6 
Sent: Friday, June 28, 2019 12:26 AM
To: devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.

Add missing NULL pointer check for CapsuleNameBufStart.
Also add comments to notice that capsule name integrity check assumes the capsule has been validated by IsValidCapsuleHeader().

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
---
 MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
index 66c9be8e1f..3193ca8f4d 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
@@ -23,10 +23,13 @@ IsCapsuleNameCapsule (
 
 /**
   Check the integrity of the capsule name capsule.
   If the capsule is vaild, return the physical address of each capsule name string.
 
+  This routine assumes the capsule has been validated by 
+ IsValidCapsuleHeader(), so  capsule memory overflow is not going to happen in this routine.
+
   @param[in]  CapsuleHeader   Pointer to the capsule header of a capsule name capsule.
   @param[out] CapsuleNameNum  Number of capsule name.
 
   @retval NULL                Capsule name capsule is not valid.
   @retval CapsuleNameBuf      Array of capsule name physical address.
@@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity (
   //
   // If strings are not aligned on a 16-bit boundary, reallocate memory for it.
   //
   if (((UINTN) CapsuleNameBufStart & BIT0) != 0) {
     CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart);
+    if (CapsuleNameBufStart == NULL) {
+      return NULL;
+    }
   }
 
   CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize;
 
   CapsuleNamePtr = CapsuleNameBufStart;
--
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
  2019-06-27 16:26 [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check Xu, Wei6
  2019-06-27 23:29 ` Zhang, Chao B
@ 2019-06-28  0:54 ` Wu, Hao A
  2019-06-28  1:06   ` Zhang, Chao B
  1 sibling, 1 reply; 5+ messages in thread
From: Wu, Hao A @ 2019-06-28  0:54 UTC (permalink / raw)
  To: Xu, Wei6, devel@edk2.groups.io; +Cc: Wang, Jian J, Zhang, Chao B

> -----Original Message-----
> From: Xu, Wei6
> Sent: Friday, June 28, 2019 12:26 AM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B
> Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add
> missing NULL pointer check.
> 
> Add missing NULL pointer check for CapsuleNameBufStart.
> Also add comments to notice that capsule name integrity check assumes
> the capsule has been validated by IsValidCapsuleHeader().


The patch is doing 2 things. Please help to split it into 2 commits.

With this handled,
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu


> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Chao B Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
> ---
>  MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> index 66c9be8e1f..3193ca8f4d 100644
> --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> @@ -23,10 +23,13 @@ IsCapsuleNameCapsule (
> 
>  /**
>    Check the integrity of the capsule name capsule.
>    If the capsule is vaild, return the physical address of each capsule name
> string.
> 
> +  This routine assumes the capsule has been validated by
> IsValidCapsuleHeader(), so
> +  capsule memory overflow is not going to happen in this routine.
> +
>    @param[in]  CapsuleHeader   Pointer to the capsule header of a capsule
> name capsule.
>    @param[out] CapsuleNameNum  Number of capsule name.
> 
>    @retval NULL                Capsule name capsule is not valid.
>    @retval CapsuleNameBuf      Array of capsule name physical address.
> @@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity (
>    //
>    // If strings are not aligned on a 16-bit boundary, reallocate memory for it.
>    //
>    if (((UINTN) CapsuleNameBufStart & BIT0) != 0) {
>      CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader-
> >CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart);
> +    if (CapsuleNameBufStart == NULL) {
> +      return NULL;
> +    }
>    }
> 
>    CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader-
> >CapsuleImageSize - CapsuleHeader->HeaderSize;
> 
>    CapsuleNamePtr = CapsuleNameBufStart;
> --
> 2.16.2.windows.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
  2019-06-28  0:54 ` Wu, Hao A
@ 2019-06-28  1:06   ` Zhang, Chao B
  2019-06-28  1:10     ` Wu, Hao A
  0 siblings, 1 reply; 5+ messages in thread
From: Zhang, Chao B @ 2019-06-28  1:06 UTC (permalink / raw)
  To: Wu, Hao A, Xu, Wei6, devel@edk2.groups.io; +Cc: Wang, Jian J

[-- Attachment #1: Type: text/plain, Size: 3138 bytes --]

HI Hao:
   I think the patch is to complete the security check both in info and code logic to ValidateCapsuleNameCapsuleIntegrity .
It is OK to keep it in one patch.


From: Wu, Hao A
Sent: Friday, June 28, 2019 8:54 AM
To: Xu, Wei6 <wei6.xu@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: RE: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.

> -----Original Message-----
> From: Xu, Wei6
> Sent: Friday, June 28, 2019 12:26 AM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B
> Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add
> missing NULL pointer check.
>
> Add missing NULL pointer check for CapsuleNameBufStart.
> Also add comments to notice that capsule name integrity check assumes
> the capsule has been validated by IsValidCapsuleHeader().


The patch is doing 2 things. Please help to split it into 2 commits.

With this handled,
Reviewed-by: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>

Best Regards,
Hao Wu


>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
> Cc: Chao B Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Wei6 Xu <wei6.xu@intel.com<mailto:wei6.xu@intel.com>>
> ---
>  MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> index 66c9be8e1f..3193ca8f4d 100644
> --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> @@ -23,10 +23,13 @@ IsCapsuleNameCapsule (
>
>  /**
>    Check the integrity of the capsule name capsule.
>    If the capsule is vaild, return the physical address of each capsule name
> string.
>
> +  This routine assumes the capsule has been validated by
> IsValidCapsuleHeader(), so
> +  capsule memory overflow is not going to happen in this routine.
> +
>    @param[in]  CapsuleHeader   Pointer to the capsule header of a capsule
> name capsule.
>    @param[out] CapsuleNameNum  Number of capsule name.
>
>    @retval NULL                Capsule name capsule is not valid.
>    @retval CapsuleNameBuf      Array of capsule name physical address.
> @@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity (
>    //
>    // If strings are not aligned on a 16-bit boundary, reallocate memory for it.
>    //
>    if (((UINTN) CapsuleNameBufStart & BIT0) != 0) {
>      CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader-
> >CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart);
> +    if (CapsuleNameBufStart == NULL) {
> +      return NULL;
> +    }
>    }
>
>    CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader-
> >CapsuleImageSize - CapsuleHeader->HeaderSize;
>
>    CapsuleNamePtr = CapsuleNameBufStart;
> --
> 2.16.2.windows.1

[-- Attachment #2: Type: text/html, Size: 11129 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
  2019-06-28  1:06   ` Zhang, Chao B
@ 2019-06-28  1:10     ` Wu, Hao A
  0 siblings, 0 replies; 5+ messages in thread
From: Wu, Hao A @ 2019-06-28  1:10 UTC (permalink / raw)
  To: Zhang, Chao B, Xu, Wei6, devel@edk2.groups.io; +Cc: Wang, Jian J

[-- Attachment #1: Type: text/plain, Size: 3394 bytes --]

Okay.

Best Regards,
Hao Wu

From: Zhang, Chao B
Sent: Friday, June 28, 2019 9:07 AM
To: Wu, Hao A; Xu, Wei6; devel@edk2.groups.io
Cc: Wang, Jian J
Subject: RE: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.

HI Hao:
   I think the patch is to complete the security check both in info and code logic to ValidateCapsuleNameCapsuleIntegrity .
It is OK to keep it in one patch.


From: Wu, Hao A
Sent: Friday, June 28, 2019 8:54 AM
To: Xu, Wei6 <wei6.xu@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: RE: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.

> -----Original Message-----
> From: Xu, Wei6
> Sent: Friday, June 28, 2019 12:26 AM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B
> Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add
> missing NULL pointer check.
>
> Add missing NULL pointer check for CapsuleNameBufStart.
> Also add comments to notice that capsule name integrity check assumes
> the capsule has been validated by IsValidCapsuleHeader().


The patch is doing 2 things. Please help to split it into 2 commits.

With this handled,
Reviewed-by: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>

Best Regards,
Hao Wu


>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
> Cc: Chao B Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Wei6 Xu <wei6.xu@intel.com<mailto:wei6.xu@intel.com>>
> ---
>  MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> index 66c9be8e1f..3193ca8f4d 100644
> --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> @@ -23,10 +23,13 @@ IsCapsuleNameCapsule (
>
>  /**
>    Check the integrity of the capsule name capsule.
>    If the capsule is vaild, return the physical address of each capsule name
> string.
>
> +  This routine assumes the capsule has been validated by
> IsValidCapsuleHeader(), so
> +  capsule memory overflow is not going to happen in this routine.
> +
>    @param[in]  CapsuleHeader   Pointer to the capsule header of a capsule
> name capsule.
>    @param[out] CapsuleNameNum  Number of capsule name.
>
>    @retval NULL                Capsule name capsule is not valid.
>    @retval CapsuleNameBuf      Array of capsule name physical address.
> @@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity (
>    //
>    // If strings are not aligned on a 16-bit boundary, reallocate memory for it.
>    //
>    if (((UINTN) CapsuleNameBufStart & BIT0) != 0) {
>      CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader-
> >CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart);
> +    if (CapsuleNameBufStart == NULL) {
> +      return NULL;
> +    }
>    }
>
>    CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader-
> >CapsuleImageSize - CapsuleHeader->HeaderSize;
>
>    CapsuleNamePtr = CapsuleNameBufStart;
> --
> 2.16.2.windows.1

[-- Attachment #2: Type: text/html, Size: 32147 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-06-28  1:10 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-27 16:26 [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check Xu, Wei6
2019-06-27 23:29 ` Zhang, Chao B
2019-06-28  0:54 ` Wu, Hao A
2019-06-28  1:06   ` Zhang, Chao B
2019-06-28  1:10     ` Wu, Hao A

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox