Re: [edk2-devel] [PATCH] ShellPkg/Library: Error handle while CapabilityId is 0xFFFF

Re: [edk2-devel] [PATCH] ShellPkg/Library: Error handle while CapabilityId is 0xFFFF

[Gao, Zhichao]

Hi Ian/Vincent,

It is a bug fix for parsing PCI extended config space. But there is one more place can be enhanced.

if (ExtHdr->NextCapabilityOffset != 0) {

You can see the above condition to check next capability info. But it doesn't check the length. If the value is 0xfff, it would put the ExtHdr outside the extended config space.
Its safe value should be below 0xFFF - EFI_PCIE_CAPABILITY_BASE_OFFSET - sizeof (PCI_EXP_EXT_HDR).

Thanks,
Zhichao

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of IanX
> Kuo
> Sent: Thursday, April 8, 2021 5:50 AM
> To: devel@edk2.groups.io
> Cc: Ke, VincentX <vincentx.ke@intel.com>
> Subject: [edk2-devel] [PATCH] ShellPkg/Library: Error handle while
> CapabilityId is 0xFFFF
> 
> From: VincentX Ke <vincentx.ke@intel.com>
> 
> Bugzilla: 3262 (https://bugzilla.tianocore.org/show_bug.cgi?id=3262)
> 
> Adding error handle while CapabilityId is 0xFFFF
> 
> Signed-off-by: VincentX Ke <vincentx.ke@intel.com>
> ---
>  ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
> b/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
> index a2f04d8db5..cd295bb79b 100644
> --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
> +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
> @@ -5786,7 +5786,7 @@ PciExplainPciExpress (
>    }    ExtHdr = (PCI_EXP_EXT_HDR*)ExtendedConfigSpace;-  while (ExtHdr-
> >CapabilityId != 0 && ExtHdr->CapabilityVersion != 0) {+  while (ExtHdr-
> >CapabilityId != 0 && ExtHdr->CapabilityVersion != 0 && ExtHdr-
> >CapabilityId != 0xFFFF) {     //     // Process this item     //--
> 2.26.2.windows.1
> 
> 
> 
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#72748): https://edk2.groups.io/g/devel/message/72748
> Mute This Topic: https://groups.io/mt/81324192/1768756
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [zhichao.gao@intel.com]
> -=-=-=-=-=-=
> 

[PATCH] ShellPkg/Library: Error handle while CapabilityId is 0xFFFF

[IanX Kuo]

From: VincentX Ke <vincentx.ke@intel.com>

Bugzilla: 3262 (https://bugzilla.tianocore.org/show_bug.cgi?id=3262)

Adding error handle while CapabilityId is 0xFFFF

Signed-off-by: VincentX Ke <vincentx.ke@intel.com>
---
 ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
index a2f04d8db5..cd295bb79b 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/Pci.c
@@ -5786,7 +5786,7 @@ PciExplainPciExpress (
   }
 
   ExtHdr = (PCI_EXP_EXT_HDR*)ExtendedConfigSpace;
-  while (ExtHdr->CapabilityId != 0 && ExtHdr->CapabilityVersion != 0) {
+  while (ExtHdr->CapabilityId != 0 && ExtHdr->CapabilityVersion != 0 && ExtHdr->CapabilityId != 0xFFFF) {
     //
     // Process this item
     //
-- 
2.26.2.windows.1