From patchwork Mon Jun 1 12:08:14 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: gary guo X-Patchwork-Id: 49324 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f70.google.com (mail-la0-f70.google.com [209.85.215.70]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id F2321218FC for ; Mon, 1 Jun 2015 12:09:16 +0000 (UTC) Received: by labpg10 with SMTP id pg10sf3077422lab.2 for ; Mon, 01 Jun 2015 05:09:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:cc:subject:precedence:reply-to:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version :content-type:content-transfer-encoding:errors-to:x-original-sender :x-original-authentication-results:mailing-list; bh=GFgo4KU/LuA/dz2OH1w8LkjtpvshKCxByTp7OjfNCbg=; b=NEwMvoUay/GF+FM61H18dmFxWuEfB4LRVX/mPWMrLtU6ZCQ2ltH7y8xSQlSXrZu5Ag HEMNgwPt96//zqjB/o1BTu3Xy6J2e2IIHGO2rH9PZ2O7u5zDFtJl3CrqnXMqpyzdFy2u BAcPVCUf7GRkYwpx1Ay6FXgN98Cqod4sb51DoaXN3WWZdwL1/JjlYanUbVDwgKgh5/DP 7+0Li5/p+tgOR8uCBehGGVntqPIhKT3O4jfSQ4+4ZLnqRaWG821VYl3mW2KV3iSN4Lat QQMFEwJbZF6Kb4WYga5aC2FzXCxqV/xzt5Y6cEIJDKSKXwZGYKZG9aOXXAOuBdUMYE2h XGjQ== X-Gm-Message-State: ALoCoQknx7O2CEilII2dQ17H7XNYHkP0YLjYjmMrgHSTVUAZrIdAAkSUetp6JMjiAN3LQRJfyfo3 X-Received: by 10.194.58.164 with SMTP id s4mr4181693wjq.3.1433160555751; Mon, 01 Jun 2015 05:09:15 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.21.230 with SMTP id y6ls680582lae.20.gmail; Mon, 01 Jun 2015 05:09:15 -0700 (PDT) X-Received: by 10.112.140.197 with SMTP id ri5mr5584027lbb.37.1433160555573; Mon, 01 Jun 2015 05:09:15 -0700 (PDT) Received: from mail-la0-f44.google.com (mail-la0-f44.google.com. [209.85.215.44]) by mx.google.com with ESMTPS id u4si12154252lbk.78.2015.06.01.05.09.15 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Jun 2015 05:09:15 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.44 as permitted sender) client-ip=209.85.215.44; Received: by laei3 with SMTP id i3so11924873lae.3 for ; Mon, 01 Jun 2015 05:09:15 -0700 (PDT) X-Received: by 10.152.4.72 with SMTP id i8mr21223329lai.32.1433160555473; Mon, 01 Jun 2015 05:09:15 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp2266325lbb; Mon, 1 Jun 2015 05:09:14 -0700 (PDT) X-Received: by 10.107.136.42 with SMTP id k42mr24914787iod.63.1433160554050; Mon, 01 Jun 2015 05:09:14 -0700 (PDT) Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88]) by mx.google.com with ESMTPS id r6si8127178igh.52.2015.06.01.05.09.13 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 01 Jun 2015 05:09:14 -0700 (PDT) Received-SPF: pass (google.com: domain of edk2-devel-bounces@lists.sourceforge.net designates 216.34.181.88 as permitted sender) client-ip=216.34.181.88; Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YzOWe-0002um-4L; Mon, 01 Jun 2015 12:09:04 +0000 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YzOWc-0002uW-S7 for edk2-devel@lists.sourceforge.net; Mon, 01 Jun 2015 12:09:02 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of linaro.org designates 209.85.192.173 as permitted sender) client-ip=209.85.192.173; envelope-from=heyi.guo@linaro.org; helo=mail-pd0-f173.google.com; Received: from mail-pd0-f173.google.com ([209.85.192.173]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YzOWc-00068o-4p for edk2-devel@lists.sourceforge.net; Mon, 01 Jun 2015 12:09:02 +0000 Received: by pdbqa5 with SMTP id qa5so106369721pdb.0 for ; Mon, 01 Jun 2015 05:08:56 -0700 (PDT) X-Received: by 10.70.87.231 with SMTP id bb7mr39764095pdb.70.1433160536478; Mon, 01 Jun 2015 05:08:56 -0700 (PDT) Received: from localhost.localdomain ([180.150.157.4]) by mx.google.com with ESMTPSA id nb10sm14345131pdb.76.2015.06.01.05.08.53 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 01 Jun 2015 05:08:55 -0700 (PDT) From: Heyi Guo To: lersek@redhat.com Date: Mon, 1 Jun 2015 20:08:14 +0800 Message-Id: <1433160495-10385-3-git-send-email-heyi.guo@linaro.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1433160495-10385-1-git-send-email-heyi.guo@linaro.org> References: <1433160495-10385-1-git-send-email-heyi.guo@linaro.org> X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1YzOWc-00068o-4p Cc: edk2-devel@lists.sourceforge.net, ilias.biris@linaro.org Subject: [edk2] [PATCH 2/3] OvmfPkg: PlatformDxe: Add sanity check for HiiConfigAccess X-BeenThere: edk2-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: edk2-devel@lists.sourceforge.net List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.sourceforge.net X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: heyi.guo@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.44 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 During UEFI SCT, it will throw an exception because "Progress" is passed in with NULL and RouteConfig will try to access the string at *(EFI_STRING *0), i.e. 0xFFFFFFFF14000400. Add sanity check for ExtractConfig and RouteConfig to avoid NULL pointer dereference. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Heyi Guo --- OvmfPkg/PlatformDxe/Platform.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c index 4ec327e..35fabf8 100644 --- a/OvmfPkg/PlatformDxe/Platform.c +++ b/OvmfPkg/PlatformDxe/Platform.c @@ -234,6 +234,11 @@ ExtractConfig ( MAIN_FORM_STATE MainFormState; EFI_STATUS Status; + if (Progress == NULL || Results == NULL) + { + return EFI_INVALID_PARAMETER; + } + DEBUG ((EFI_D_VERBOSE, "%a: Request=\"%s\"\n", __FUNCTION__, Request)); Status = PlatformConfigToFormState (&MainFormState); @@ -327,6 +332,11 @@ RouteConfig ( UINTN BlockSize; EFI_STATUS Status; + if (Configuration == NULL || Progress == NULL) + { + return EFI_INVALID_PARAMETER; + } + DEBUG ((EFI_D_VERBOSE, "%a: Configuration=\"%s\"\n", __FUNCTION__, Configuration));