From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.116]) by mx.groups.io with SMTP id smtpd.web10.521.1617993233576192717 for ; Fri, 09 Apr 2021 11:33:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=e6HXbfYJ; spf=pass (domain: microsoft.com, ip: 40.107.93.116, mailfrom: bret.barkelew@microsoft.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=It6exGmK/kSNZPN+IIX1Be+z2xY/J4CQDpSAAIh2t3xfiJLjG8oczVUdCDZvnqlItkMqkAMsPu6817mY0gek78x8WIm4RP9+H6Vx3SQBrsOCLU5guF7PWpOUJ4RfbPaGU6hHu0nQEt7y8qeoPReC21ZuZKTDpLWwI3WFigiLPVOV0pgeHA2Vxe4C5QCTDgWVUDktVj7WktV6B1D4vDMTGN7ReufPJMulZIvZDXDGHl15FndenTwBUZ0Jp67h/bR4Hy+G3AoRDoK7JBCd7ttsy0j4hL+OkyIwcjjG0Gk5UJ/mb4rn732WGLRmiaubn7CzUejnEaTUgHiNZFi4v0aKOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5ltx7QC6TdFZ5c1ykMrUH8VVf6h6CUsm2+MpQGYVTZI=; b=niT6xSU+ywq/HcV193l2jorm6fX/XEwYFS76GG1Ytpfx1mIv9rPJNjc6PnZU9rn+lfDvyt+pxG05e7c1qyaJpca3+WMdRe3C6xdmZ6kmBXiw8LCH0ZtZC1lvUk/1w44H/+siJlRedkYs6TBIQHBL6UhOGq9/+d2pCRBUpTUL7nieohwh7PZNhsHas1zDpu3eVKyLHoke4eOpjV+Gs3d/37Pctz2305nTHW2r5+A/OhSjIJ2vmBEztu4a3dauPSEU5K11av9bqiGA/nmNSAbw6FIGLoPtpHQmLRuUsQixjVLbm7otNGzz+mJ1Ig+WiJ0jDdDy6Ub9LMoFqA+KuqZ+2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5ltx7QC6TdFZ5c1ykMrUH8VVf6h6CUsm2+MpQGYVTZI=; b=e6HXbfYJmgpidez515F6o8nZJdH85XW/AZdVnao/LcPjzAzKpKHvH9hpRZO2kC4YOaf2l+stu8TfviIpCAgXTIF3L8JMVfBbptc1nOW61c3VspZYKEsyeL9JUIN/xMGNNbZCGSP47hMh8ucrVGBlBRFgvJT1vOAtAgsCW4YK2LM= Received: from MW4PR21MB1907.namprd21.prod.outlook.com (2603:10b6:303:71::8) by MW4PR21MB1923.namprd21.prod.outlook.com (2603:10b6:303:7c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.1; Fri, 9 Apr 2021 18:33:51 +0000 Received: from MW4PR21MB1907.namprd21.prod.outlook.com ([fe80::adcb:b821:ee26:3348]) by MW4PR21MB1907.namprd21.prod.outlook.com ([fe80::adcb:b821:ee26:3348%7]) with mapi id 15.20.4042.010; Fri, 9 Apr 2021 18:33:44 +0000 From: "Bret Barkelew" To: "devel@edk2.groups.io" , "bret@corthon.com" , Liming Gao CC: Jian J Wang , Hao A Wu Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Initialize temp variable in VarCheckPolicyLib Thread-Topic: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Initialize temp variable in VarCheckPolicyLib Thread-Index: AQHXLW27H8ITNXy5uEOyeH+6sXmKc6qsgtN3 Date: Fri, 9 Apr 2021 18:33:44 +0000 Message-ID: References: <20210409182511.620-1-bret.barkelew@microsoft.com> In-Reply-To: <20210409182511.620-1-bret.barkelew@microsoft.com> Accept-Language: en-US X-Mentions: gaoliming@byosoft.com.cn X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-04-09T18:33:31.5205989Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [174.21.70.23] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b7303b3c-9762-4229-7040-08d8fb8601f1 x-ms-traffictypediagnostic: MW4PR21MB1923: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3383; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: H1Fb37vulm7aUx1I1Zr9uFdAM3BGj35olnGE2PPM7/w8aysdnEo4dDXGVwtAnt49k4W4vlpjuzbG3mkAmia4N7V15uhnMV+ctWHNIC1iHYJtiufGmyRWimfnnm6vjhuhjauPxhRrKEkFsvuwGpq37KC5QMrAKzMeiGGQQR/F3WCVbuQ0JxszDv2B9VXTXuekCTYkvoAKPdTG5OQzmVlfI0RtQo46lsYOZHJPATtXzc/TXGUC+R81yOqsTpNdMbfe6KSTrbmNk4y34NnaMtdo6H/fxZ5iciMN4ImGF4xGpQRQcsPUtdcWDTeZhv0m/xKJz8nFkwBMoPTGG4GxAaUOamrVo990uND4vY1n1o+tVm3gD/jJCtLvj8NT/gi7CWzaH0gAM+uWfdbVlB2NTutokbsjIABxDwtdWKNKAhdMUsg0MgtBipbj5jPF5Ppnk6NE294cQPpniWcODA4CM7jE+jP2xbjbW2hfEbk1vNo3dm7c27tbcKav+MP0MeaFbdSoJ/rIc2Ar4he0UX2HnLqUdo/jVNu1YQSKzB/dlEdAFpLuKaGAHyz3Cw+ulLacrCAGQoaAfGz1hI3Vti35ooUO3JjLxyIhBCcSUJnSycGd1vvAlg2rV8PGLAxHBnx1hqPY0n4WdxTNebrf0fY64x8wgpLqUyqLzW6DWvuq7APZ91SgIOt9eeDzLFYSA/jQS4+qspt3A5bU4FEX3wZ8KaWeU6RZMOi2MNMCruzh/Z2KztAlDJlngOeiXGN9v8D5g4mA x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR21MB1907.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(39860400002)(396003)(346002)(376002)(86362001)(7696005)(55016002)(8990500004)(54906003)(8936002)(82950400001)(82960400001)(9686003)(83380400001)(38100700001)(5660300002)(966005)(10290500003)(33656002)(66476007)(64756008)(66556008)(186003)(4326008)(71200400001)(66946007)(166002)(478600001)(76116006)(316002)(53546011)(26005)(52536014)(2906002)(8676002)(110136005)(66446008)(6506007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?5Tcp1lvLvYYq4LQZ8Zoh7VBA94XarCQn813R1GbtemxeGCtpfbB0/0nqrObP?= =?us-ascii?Q?PZRBZydZNd6xP29rMPpPhL26eDGy/CnPY3wKysEP3CMSouZBhV1hzYIlw8BS?= =?us-ascii?Q?iEfOJIAaoqpJFbWMzQHhRe/ObJDLNy6iCOOzZ4DoDWPCybtb7tFhnGMZVdNj?= =?us-ascii?Q?M2+FdUurix+zArAEpTvEJl/PPvS+ljR1biFF1JGi3UBOa3ITtMhsUFHdI27T?= =?us-ascii?Q?DP7MsB9QlU0VvprGzsZydcUq3+oBCaLn3vmXeQiWe1iZhW9pSUhMnRKoAZus?= =?us-ascii?Q?phEHLu0/aXBb7F3Syrz5kOao8sNSzUljbQbBSAgBpuhiMiDsJWbMgTyIIwFJ?= =?us-ascii?Q?b3Tf04epUPbfELEXbFA01oQKItLhXUdVHKCxCKQl6R0uv219RP/priL7KpMl?= =?us-ascii?Q?/aX49AkO2EkczDieHEQ7Mwfe54/46jDQEWSGfvyEt6CZkiW2prokulYs/9Y4?= =?us-ascii?Q?pxJfUVbkOGL5RquUlfuRsCZir6qSi6vVGzhnTlw3oXHXnHJq46jiEqslrakL?= =?us-ascii?Q?Hbe3pzZ+HRn90KnblVNJ+nYEvpJKpEOZT0a8BjFeG+SLmKesMRzguUqo3gK/?= =?us-ascii?Q?aXJet4XcSfX1K5uqGy2SWC2DFbmQ9TUtmbvoIr/GIuoUuAZV8mvLDvk0RKJa?= =?us-ascii?Q?CJSzHuk8o/JFjK8SMafW2LKpASZ+/ZuQh4aNjFDJNLlxzfNsqDFNNKU0RyHG?= =?us-ascii?Q?AtrHu7/hwXX9THIl2zveXVI/8Xu9H/sTAwe2nqslHMW2lPoWXk0jpUuxxapP?= =?us-ascii?Q?sU2Xl1QFP51YeAmXd4aBa1iHhD/Y9xhAIf3Pwi8D/yJ6H3z61pekkGtKMk4R?= =?us-ascii?Q?bea6kyl9QlTz8KWjcD9yozUSlXHk0IFjqmpBIr03a8aObWw+DwVr/J+P/zOd?= =?us-ascii?Q?Q1BJpDnVBK179P6y01cMHQRwCe7HDpR+eIuussgvXcN9xa4NDW4O8YIRoQnT?= =?us-ascii?Q?DUsjlS4Jvw1wZeaCjiPDErgucxlR7IJNj2oESrMA6bT+QL5EBTB06sMgqGFr?= =?us-ascii?Q?WOXl4Awqm3+eDAIVBkFm4X3maQ2Cp8R2VtXchsfXB2HLcx3aUYr9s4yJBb/q?= =?us-ascii?Q?Rs1voiIfT5Gabp3SajBgDgqU+5FdUMc10DfiYXd5ibb6fc1o7flsX+d1m7WY?= =?us-ascii?Q?q6GPHh/7mpNmQK3hoYRSlT5ozTNQv+7m8bKm3audlHmRpWVXTdSERcztPj8e?= =?us-ascii?Q?h4WREE+zgNNjOOmtb4JHOBgzgF/siJuJA9jjHKuL0jOnKMyE2pWWvXZf4Inu?= =?us-ascii?Q?2lSk0BEEzI6gfTnzojFM0Q8JA0iNdShnxZUGg2ulLcbEh0SX59D+fhpcNRFu?= =?us-ascii?Q?EVDyk22zDZ4T4FCbdcYs6mwJ72XRppIYuNA/ZVwh398bOQ=3D=3D?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR21MB1907.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b7303b3c-9762-4229-7040-08d8fb8601f1 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2021 18:33:44.8091 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JdJVGroFQ6ok4z9uOB95DwtYlPvTUrHFixk4Y+0H9abNBZON66Pvi6JrVhzHzoUTFPkf21RtUXMjN+EafQGXPw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR21MB1923 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MW4PR21MB1907388A849FDA2BD5ED6A58EF739MW4PR21MB1907namp_" --_000_MW4PR21MB1907388A849FDA2BD5ED6A58EF739MW4PR21MB1907namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable + @Liming Gao - Bret From: Bret Barkelew via groups.io Sent: Friday, April 9, 2021 11:25 AM To: devel@edk2.groups.io Cc: Jian J Wang; Hao A Wu Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Initialize t= emp variable in VarCheckPolicyLib DumpVariablePolicy() will return EFI_INVALID_PARAMETER if the Buffer pointer is NULL and the indirect Size is anything but 0. Since this TempSize was not being initialized it is very likely that this sequence would not return the total buffer size as expected. Bugzilla: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2= F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3310&data=3D04%7C01%7C= Bret.Barkelew%40microsoft.com%7C3d2f574a01a048aed60708d8fb84dcbb%7C72f988bf= 86f141af91ab2d7cd011db47%7C1%7C0%7C637535895350828079%7CUnknown%7CTWFpbGZsb= 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C100= 0&sdata=3Dj6KmN6jcwoGJlunjspLawLJtYqCwGWw18pXNZVMNdC8%3D&reserved= =3D0 Cc: Jian J Wang Cc: Hao A Wu Signed-off-by: Bret Barkelew --- MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/= MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c index 14e1904e96d3..e50edb4ffc5a 100644 --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c @@ -216,6 +216,7 @@ VarCheckPolicyLibMmiHandler ( DumpParamsOut->TotalSize =3D 0; DumpParamsOut->PageSize =3D 0; DumpParamsOut->HasMore =3D FALSE; + TempSize =3D 0; SubCommandStatus =3D DumpVariablePolicy (NULL, &TempSize); if (SubCommandStatus =3D=3D EFI_BUFFER_TOO_SMALL && TempSize > 0)= { mCurrentPaginationCommand =3D VAR_CHECK_POLICY_COMMAND_DUMP; -- 2.28.0.windows.1 --_000_MW4PR21MB1907388A849FDA2BD5ED6A58EF739MW4PR21MB1907namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

+ @Liming Gao

 

- Bret

 

From: Bret Barkelew via groups.io=
Sent: Friday, April 9, 2021 11:25 AM
To: devel@edk2.groups.io
Cc: Jian J Wang; Hao A Wu
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Initi= alize temp variable in VarCheckPolicyLib

 

DumpVariablePolicy()= will return EFI_INVALID_PARAMETER if the Buffer
pointer is NULL and the indirect Size is anything but 0. Since this
TempSize was not being initialized it is very likely that this sequence would not return the total buffer size as expected.

Bugzilla: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzil= la.tianocore.org%2Fshow_bug.cgi%3Fid%3D3310&amp;data=3D04%7C01%7CBret.B= arkelew%40microsoft.com%7C3d2f574a01a048aed60708d8fb84dcbb%7C72f988bf86f141= af91ab2d7cd011db47%7C1%7C0%7C637535895350828079%7CUnknown%7CTWFpbGZsb3d8eyJ= WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&= amp;sdata=3Dj6KmN6jcwoGJlunjspLawLJtYqCwGWw18pXNZVMNdC8%3D&amp;reserved= = =3D0

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
---
 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/= MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
index 14e1904e96d3..e50edb4ffc5a 100644
--- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
@@ -216,6 +216,7 @@ VarCheckPolicyLibMmiHandler (
         DumpParamsOut->TotalSi= ze =3D 0;
         DumpParamsOut->PageSiz= e =3D 0;
         DumpParamsOut->HasMore= =3D FALSE;
+        TempSize =3D 0;
         SubCommandStatus =3D Dump= VariablePolicy (NULL, &TempSize);
         if (SubCommandStatus =3D= =3D EFI_BUFFER_TOO_SMALL && TempSize > 0) {
           mCurrentPagin= ationCommand =3D VAR_CHECK_POLICY_COMMAND_DUMP;
--
2.28.0.windows.1





 

--_000_MW4PR21MB1907388A849FDA2BD5ED6A58EF739MW4PR21MB1907namp_--