1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.

Vin Xue posted 1 patch 3 years, 9 months ago
Failed in applying to current master (apply log)
.../SystemFirmwareUpdateDxe.c                 | 39 ++++++++++---------
1 file changed, 21 insertions(+), 18 deletions(-)
[edk2-devel] [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.
Posted by Vin Xue 3 years, 9 months ago 
Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf
pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf
should not be NULL and the NULL pointer dereference case
should be false positive.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Vin Xue <vinxue@outlook.com>
---
 .../SystemFirmwareUpdateDxe.c                 | 39 ++++++++++---------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
index bdb70bdb32..ea795cd7db 100644
--- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
+++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.c
@@ -681,32 +681,35 @@ FindMatchingFmpHandles (
     //

     // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.

     //

-    FmpImageInfoBuf = OriginalFmpImageInfoBuf;

     MatchFound = FALSE;

-    for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {

-      for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {

-        MatchFound = CompareGuid (

-                       &FmpImageInfoBuf->ImageTypeId,

-                       &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId

-                       );

+    if (OriginalFmpImageInfoBuf != NULL) {

+      FmpImageInfoBuf = OriginalFmpImageInfoBuf;

+

+      for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {

+        for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {

+          MatchFound = CompareGuid (

+                        &FmpImageInfoBuf->ImageTypeId,

+                        &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId

+                        );

+          if (MatchFound) {

+            break;

+          }

+        }

         if (MatchFound) {

           break;

         }

+        //

+        // Increment the buffer pointer ahead by the size of the descriptor

+        //

+        FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpImageInfoBuf) + DescriptorSize);

       }

       if (MatchFound) {

-        break;

+        HandleBuffer[*HandleCount] = HandleBuffer[Index];

+        (*HandleCount)++;

       }

-      //

-      // Increment the buffer pointer ahead by the size of the descriptor

-      //

-      FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8 *)FmpImageInfoBuf) + DescriptorSize);

-    }

-    if (MatchFound) {

-      HandleBuffer[*HandleCount] = HandleBuffer[Index];

-      (*HandleCount)++;

-    }

 

-    FreePool (OriginalFmpImageInfoBuf);

+      FreePool (OriginalFmpImageInfoBuf);

+    }

   }

 

   if ((*HandleCount) == 0) {

-- 
2.27.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#62485): https://edk2.groups.io/g/devel/message/62485
Mute This Topic: https://groups.io/mt/75474501/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.
Posted by Yao, Jiewen 3 years, 9 months ago 
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Vin Xue <vinxue@outlook.com>
> Sent: Tuesday, July 14, 2020 10:10 AM
> To: devel@edk2.groups.io
> Cc: Vin Xue <vinxue@outlook.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH] SignedCapsulePkg: Address NULL pointer dereference case.
> 
> Original code GetFmpImageDescriptors for OriginalFmpImageInfoBuf
> pointer, if failed, return a NULL pointer. The OriginalFmpImageInfoBuf
> should not be NULL and the NULL pointer dereference case
> should be false positive.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Vin Xue <vinxue@outlook.com>
> ---
>  .../SystemFirmwareUpdateDxe.c                 | 39 ++++++++++---------
>  1 file changed, 21 insertions(+), 18 deletions(-)
> 
> diff --git
> a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> index bdb70bdb32..ea795cd7db 100644
> ---
> a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> +++
> b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdate
> Dxe.c
> @@ -681,32 +681,35 @@ FindMatchingFmpHandles (
>      //
> 
>      // Loop through the set of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
> 
>      //
> 
> -    FmpImageInfoBuf = OriginalFmpImageInfoBuf;
> 
>      MatchFound = FALSE;
> 
> -    for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
> 
> -      for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++) {
> 
> -        MatchFound = CompareGuid (
> 
> -                       &FmpImageInfoBuf->ImageTypeId,
> 
> -                       &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId
> 
> -                       );
> 
> +    if (OriginalFmpImageInfoBuf != NULL) {
> 
> +      FmpImageInfoBuf = OriginalFmpImageInfoBuf;
> 
> +
> 
> +      for (Index2 = 0; Index2 < FmpImageInfoCount; Index2++) {
> 
> +        for (Index3 = 0; Index3 < mSystemFmpPrivate->DescriptorCount; Index3++)
> {
> 
> +          MatchFound = CompareGuid (
> 
> +                        &FmpImageInfoBuf->ImageTypeId,
> 
> +                        &mSystemFmpPrivate->ImageDescriptor[Index3].ImageTypeId
> 
> +                        );
> 
> +          if (MatchFound) {
> 
> +            break;
> 
> +          }
> 
> +        }
> 
>          if (MatchFound) {
> 
>            break;
> 
>          }
> 
> +        //
> 
> +        // Increment the buffer pointer ahead by the size of the descriptor
> 
> +        //
> 
> +        FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8
> *)FmpImageInfoBuf) + DescriptorSize);
> 
>        }
> 
>        if (MatchFound) {
> 
> -        break;
> 
> +        HandleBuffer[*HandleCount] = HandleBuffer[Index];
> 
> +        (*HandleCount)++;
> 
>        }
> 
> -      //
> 
> -      // Increment the buffer pointer ahead by the size of the descriptor
> 
> -      //
> 
> -      FmpImageInfoBuf = (EFI_FIRMWARE_IMAGE_DESCRIPTOR *)(((UINT8
> *)FmpImageInfoBuf) + DescriptorSize);
> 
> -    }
> 
> -    if (MatchFound) {
> 
> -      HandleBuffer[*HandleCount] = HandleBuffer[Index];
> 
> -      (*HandleCount)++;
> 
> -    }
> 
> 
> 
> -    FreePool (OriginalFmpImageInfoBuf);
> 
> +      FreePool (OriginalFmpImageInfoBuf);
> 
> +    }
> 
>    }
> 
> 
> 
>    if ((*HandleCount) == 0) {
> 
> --
> 2.27.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#62673): https://edk2.groups.io/g/devel/message/62673
Mute This Topic: https://groups.io/mt/75474501/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.