public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: "Xu, Wei6" <wei6.xu@intel.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>, "Wu, Hao A" <hao.a.wu@intel.com>
Subject: Re: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.
Date: Thu, 27 Jun 2019 23:29:35 +0000	[thread overview]
Message-ID: <FF72C7E4248F3C4E9BDF19D4918E90F24DEDFE29@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <20190627162629.16352-1-wei6.xu@intel.com>

Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

-----Original Message-----
From: Xu, Wei6 
Sent: Friday, June 28, 2019 12:26 AM
To: devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check.

Add missing NULL pointer check for CapsuleNameBufStart.
Also add comments to notice that capsule name integrity check assumes the capsule has been validated by IsValidCapsuleHeader().

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
---
 MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
index 66c9be8e1f..3193ca8f4d 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
@@ -23,10 +23,13 @@ IsCapsuleNameCapsule (
 
 /**
   Check the integrity of the capsule name capsule.
   If the capsule is vaild, return the physical address of each capsule name string.
 
+  This routine assumes the capsule has been validated by 
+ IsValidCapsuleHeader(), so  capsule memory overflow is not going to happen in this routine.
+
   @param[in]  CapsuleHeader   Pointer to the capsule header of a capsule name capsule.
   @param[out] CapsuleNameNum  Number of capsule name.
 
   @retval NULL                Capsule name capsule is not valid.
   @retval CapsuleNameBuf      Array of capsule name physical address.
@@ -63,10 +66,13 @@ ValidateCapsuleNameCapsuleIntegrity (
   //
   // If strings are not aligned on a 16-bit boundary, reallocate memory for it.
   //
   if (((UINTN) CapsuleNameBufStart & BIT0) != 0) {
     CapsuleNameBufStart = AllocateCopyPool (CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize, CapsuleNameBufStart);
+    if (CapsuleNameBufStart == NULL) {
+      return NULL;
+    }
   }
 
   CapsuleNameBufEnd = CapsuleNameBufStart + CapsuleHeader->CapsuleImageSize - CapsuleHeader->HeaderSize;
 
   CapsuleNamePtr = CapsuleNameBufStart;
--
2.16.2.windows.1


  reply	other threads:[~2019-06-27 23:29 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-27 16:26 [edk2-devel][Patch] MdeModulePkg/DxeCapsuleLibFmp: Add missing NULL pointer check Xu, Wei6
2019-06-27 23:29 ` Zhang, Chao B [this message]
2019-06-28  0:54 ` Wu, Hao A
2019-06-28  1:06   ` Zhang, Chao B
2019-06-28  1:10     ` Wu, Hao A

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=FF72C7E4248F3C4E9BDF19D4918E90F24DEDFE29@shsmsx102.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox