Refine code to make it more safely.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15590 6f19259b-4bc3-4df7-8a09-765794883524

2 files changed, 11 insertions, 7 deletions

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 9f2bd68..0a48ce1 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -770,22 +770,22 @@ AddImageExeInfo (
   //

   // Update new item's information.

   //

-  WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action);

-  WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize);

+  WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action);

+  WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize);

 

   if (Name != NULL) {

-    CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name, NameStringLen);

+    CopyMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), Name, NameStringLen);

   } else {

-    ZeroMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), sizeof (CHAR16));

+    ZeroMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), sizeof (CHAR16));

   }

   CopyMem (

-    (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen,

+    (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen,

     DevicePath,

     DevicePathSize

     );

   if (Signature != NULL) {

     CopyMem (

-      (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen + DevicePathSize,

+      (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen + DevicePathSize,

       Signature,

       SignatureSize

       );

diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
index 38f4626..45d5cfe 100644
--- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
@@ -2,7 +2,7 @@
   Implement authentication services for the authenticated variable

   service in UEFI2.2.

 

-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>

 This program and the accompanying materials 

 are licensed and made available under the terms and conditions of the BSD License 

 which accompanies this distribution.  The full text of the license may be found at 

@@ -48,6 +48,8 @@ AutenticatedVariableServiceInitialize (
   VARIABLE_HEADER         VariableHeader;

   BOOLEAN                 Valid;

 

+  ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER));

+

   mVariableModuleGlobal->AuthenticatedVariableGuid[Physical] = &gEfiAuthenticatedVariableGuid;

   mVariableModuleGlobal->CertRsa2048Sha256Guid[Physical]     = &gEfiCertRsa2048Sha256Guid;

   mVariableModuleGlobal->ImageSecurityDatabaseGuid[Physical] = &gEfiImageSecurityDatabaseGuid;

@@ -484,6 +486,7 @@ ProcessVarWithPk (
   BOOLEAN                     Valid;

 

   OldPkList = NULL;

+  ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER));

 

   if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) {

     //

@@ -623,6 +626,7 @@ ProcessVarWithKek (
   BOOLEAN                         Valid;

 

   KekList = NULL;

+  ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER));

 

   if (mPlatformMode == USER_MODE) {

     if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {