From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (NAM02-CY1-obe.outbound.protection.outlook.com [40.92.4.25]) by mx.groups.io with SMTP id smtpd.web11.13686.1596740799773566518 for ; Thu, 06 Aug 2020 12:06:39 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=WZGHXRei; spf=pass (domain: outlook.com, ip: 40.92.4.25, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L2KHdOltm3n4ahxKXko0xxo0If0crv5XD9efRHmZ4jDVMIEMuTkfP74iU68vuRlzjxH5VIQpTilBNAcn3leUCXFmwbsv7Ml8a79bUVrIiCPYxLWvcPb+h4r5dXRB5dukXbZMK/SQGDPih+v1Es8o4/OLKbOrb8aJk1X0f0u3LtzxtVVRtZbFnO6JI9UC9u0Z4a2JieZZIiIHxUIdyCPUJ1ROReQZLB6MUFi8ORhRxx/APjWjzdWSo9c8X1uafsWNRcNVUBurNWbr2buBEYUpA50mJz2hcU1OoVLrvHHayPNdiCNIx26rO1XGrE1d66jKg1kR9n2dZKe+49Qj/UXCTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=369PYHippCKofRwwM1/hefT+JDzfT+ohoiCT+SuKVik=; b=iGBP5x0sleeeCW8w8H6r3I5rqYBL1fvhpgTOQEdP3yO/tbDPsm8tFdl6VtrWomWXjMKDvgFEkS0aFdQS3oOby/GzIC/jkOYDfrD+6fZjTso/VUQSOKpFjOusMwh2pfECV0jeZZVczkc8dNhtido2aiHQjoZUwRObPBL7f8JzPyTMIWSNGM+ZIs4SH4/gGWNuEmBL70ByXgltP3ZDM15JtgSF5qcXfR/RqKpcYxgD0PSU2u7dlzzjf+0tTHqJXkVFPtK00szKbROjKlAeQD/HDBHDAo5tCif8UUbykBqqBlpXdSmgR47XpfeZmYS1Ru8NuPQ0RnkSnq1LGXJGjMSfOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=369PYHippCKofRwwM1/hefT+JDzfT+ohoiCT+SuKVik=; b=WZGHXReiL9HN4/flbLVld3jZOU5JjHApCBX+NXfVSkiVhDjmhgCD6pfEX8mtaMec4GwiK0IpJJk0clhAPQHy60iaYZenBYoUxzW4K+FFAcRBW6DUnTGygFdCSGbRfrZJ69fAaffKN6RAqMmvF/VkI7V+wAHGpr/vW++WAowrphcxSQlqKMCloonu/RqSsutfotEkR+O7tFas+lyXFx78QH9n+G0Qd5pLkXil9Hzv0OLNv1qUZ7jrplROT3i7RDneJmCZBqGWBhjeQwW0qXzmmX6GdCzTrXJJpWaG4XLKIYww2h+ai5B6EBRfk4z6aA2aEOe5Bjdo7FgkncObLVK1Mw== Received: from BL2NAM02FT035.eop-nam02.prod.protection.outlook.com (10.152.76.59) by BL2NAM02HT074.eop-nam02.prod.protection.outlook.com (10.152.77.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19; Thu, 6 Aug 2020 19:06:32 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e46::41) by BL2NAM02FT035.mail.protection.outlook.com (2a01:111:e400:7e46::413) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19 via Frontend Transport; Thu, 6 Aug 2020 19:06:31 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:F2BCECE49CBBFE37E19240BDEB84926A446BA7E745291E2C20E7749282238155;UpperCasedChecksum:E48AD71D90924F894C4737D851320EAB0CF214DD44D0F5AC6EFC615584E8F5E2;SizeAsReceived:7787;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e%7]) with mapi id 15.20.3261.019; Thu, 6 Aug 2020 19:06:31 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Liming Gao , Michael D Kinney , Guomin Jiang , Wei6 Xu Subject: [PATCH v3 7/7] FmpDevicePkg/FmpDxe: Improve function parameter validation Date: Thu, 6 Aug 2020 12:05:42 -0700 Message-ID: X-Mailer: git-send-email 2.27.0.windows.1 In-Reply-To: <20200806190542.959-1-michael.kubacki@outlook.com> References: <20200806190542.959-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MW2PR16CA0055.namprd16.prod.outlook.com (2603:10b6:907:1::32) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200806190542.959-8-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:9:a161:5170:12c:6904) by MW2PR16CA0055.namprd16.prod.outlook.com (2603:10b6:907:1::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.18 via Frontend Transport; Thu, 6 Aug 2020 19:06:31 +0000 X-Mailer: git-send-email 2.27.0.windows.1 X-Microsoft-Original-Message-ID: <20200806190542.959-8-michael.kubacki@outlook.com> X-TMN: [I2QuQ0eTqAh6NDpVLb5lWvx1NEoLUdPQW3uzVsQ8PMprpkMrmmrrgmClhCCFOxz9] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 9b28af1b-640c-4711-8733-08d83a3bd48b X-MS-TrafficTypeDiagnostic: BL2NAM02HT074: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MOEO7DCtDyoNuOrdpGYJ5uSo8KHCee7nYlTuURkmMIGx3Hm/9IPzt4g/WsydgZmbSwRCmaiczWz8FgM3aPL/4OYDhHsmQi6a75JTgNMkyZMMWu+K9hG0vzG39HSqkrXg+XyuL1urTPEqWDE0otH4j2fUqdWk6HZqmFewD4G2qZZb8eWh7HUB+tu/U39LqnuYU6Wv9coyOzkJTk6QyysZaQZO94Nqcr6EVwRZWmu7TNunok87lrxww3ZLQa8fl6aN X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: 9UWjXZiOPgfWONZwrRSmWSq9gWlJub163MZCgPIJ2/09s38xMT/XURwUZbu5r1s5GmEmZC7Th5/RcVknda0QmHrxtajHaRSOGMKyvv17j87LLru6CqulFTLP3gCMALfE1+wJ4pTlQuhQZ6ScDbQrbe09Pp4ygAl3oEHnT4N0BykJJHadnODdDb7dbNobKKclhJzTmkVzQnVYP5n3qH9GKg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9b28af1b-640c-4711-8733-08d83a3bd48b X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2020 19:06:31.7879 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: BL2NAM02FT035.eop-nam02.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT074 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Michael Kubacki REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2869 Makes some minor improvements to function parameter validation in FmpDxe, in particular to externally exposed functions such as those that back EFI_FIRMWARE_MANAGEMENT_PROTOCOL. Cc: Liming Gao Cc: Michael D Kinney Cc: Guomin Jiang Cc: Wei6 Xu Signed-off-by: Michael Kubacki Reviewed-by: Michael D Kinney Reviewed-by: Guomin Jiang Reviewed-by: Wei6 Xu --- FmpDevicePkg/FmpDxe/FmpDxe.c | 51 ++++++++++++++++++-- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.c b/FmpDevicePkg/FmpDxe/FmpDxe.c index a3e342591936..854feec0a162 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.c +++ b/FmpDevicePkg/FmpDxe/FmpDxe.c @@ -278,6 +278,11 @@ PopulateDescriptor ( EFI_STATUS Status; UINT32 DependenciesSize; =20 + if (Private =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): PopulateDescriptor() - Private is NU= LL.\n", mImageIdName)); + return; + } + if (Private->DescriptorPopulated) { return; } @@ -451,6 +456,12 @@ GetTheImageInfo ( =20 Status =3D EFI_SUCCESS; =20 + if (This =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): GetImageInfo() - This is NULL.\n", m= ImageIdName)); + Status =3D EFI_INVALID_PARAMETER; + goto cleanup; + } + // // Retrieve the private context structure // @@ -561,6 +572,12 @@ GetTheImage ( =20 Status =3D EFI_SUCCESS; =20 + if (This =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): GetImage() - This is NULL.\n", mImag= eIdName)); + Status =3D EFI_INVALID_PARAMETER; + goto cleanup; + } + // // Retrieve the private context structure // @@ -615,7 +632,8 @@ GetTheImage ( @param[in] Image Pointer to the image. @param[in] ImageSize Size of the image. @param[in] AdditionalHeaderSize Size of any headers that cannot be ca= lculated by this function. - @param[out] PayloadSize + @param[out] PayloadSize An optional pointer to a UINTN that h= olds the size of the payload + (image size minus headers) =20 @retval !NULL Valid pointer to the header. @retval NULL Structure is bad and pointer cannot be found. @@ -626,7 +644,7 @@ GetFmpHeader ( IN CONST EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, IN CONST UINTN ImageSize, IN CONST UINTN AdditionalHeaderSize, - OUT UINTN *PayloadSize + OUT UINTN *PayloadSize OPTIONAL ) { // @@ -640,7 +658,10 @@ GetFmpHeader ( return NULL; } =20 - *PayloadSize =3D ImageSize - (sizeof (Image->MonotonicCount) + Image->Au= thInfo.Hdr.dwLength + AdditionalHeaderSize); + if (PayloadSize !=3D NULL) { + *PayloadSize =3D ImageSize - (sizeof (Image->MonotonicCount) + Image->= AuthInfo.Hdr.dwLength + AdditionalHeaderSize); + } + return (VOID *)((UINT8 *)Image + sizeof (Image->MonotonicCount) + Image-= >AuthInfo.Hdr.dwLength + AdditionalHeaderSize); } =20 @@ -663,6 +684,11 @@ GetAllHeaderSize ( { UINT32 CalculatedSize; =20 + if (Image =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): GetAllHeaderSize() - Image is NULL.\= n", mImageIdName)); + return 0; + } + CalculatedSize =3D sizeof (Image->MonotonicCount) + AdditionalHeaderSize + Image->AuthInfo.Hdr.dwLength; @@ -743,6 +769,12 @@ CheckTheImage ( return EFI_UNSUPPORTED; } =20 + if (This =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): CheckImage() - This is NULL.\n", mIm= ageIdName)); + Status =3D EFI_INVALID_PARAMETER; + goto cleanup; + } + // // Retrieve the private context structure // @@ -851,7 +883,7 @@ CheckTheImage ( if (ImageIndex !=3D 1) { DEBUG ((DEBUG_ERROR, "FmpDxe(%s): CheckImage() - Image Index Invalid.\= n", mImageIdName)); *ImageUpdatable =3D IMAGE_UPDATABLE_INVALID_TYPE; - Status =3D EFI_SUCCESS; + Status =3D EFI_INVALID_PARAMETER; goto cleanup; } =20 @@ -1026,6 +1058,12 @@ SetTheImage ( return EFI_UNSUPPORTED; } =20 + if (This =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): SetTheImage() - This is NULL.\n", mI= mageIdName)); + Status =3D EFI_INVALID_PARAMETER; + goto cleanup; + } + // // Retrieve the private context structure // @@ -1382,6 +1420,11 @@ FmpDxeLockEventNotify ( EFI_STATUS Status; FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private; =20 + if (Context =3D=3D NULL) { + ASSERT (Context !=3D NULL); + return; + } + Private =3D (FIRMWARE_MANAGEMENT_PRIVATE_DATA *)Context; =20 if (!Private->FmpDeviceLocked) { --=20 2.27.0.windows.1