diff options
| author | Yi Li <yi1.li@intel.com> | 2023-12-19 11:17:35 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-19 06:47:46 +0000 |
| commit | 0223bdd4e40975c427616761fb13c9454461b64d (patch) | |
| tree | 5f9fe1081c546d21f6e0a56b00c2f4fc1a8b3510 /FmpDevicePkg/Library | |
| parent | 00bf6890a9c63692215d690b3e00454dbe21b71c (diff) | |
| download | edk2-0223bdd4e40975c427616761fb13c9454461b64d.zip edk2-0223bdd4e40975c427616761fb13c9454461b64d.tar.gz edk2-0223bdd4e40975c427616761fb13c9454461b64d.tar.bz2 | |
FmpDevicePkg: Add DECLARE_LENGTH opcode of dependency expression
To avoid messy parsing of the Depex section of a Capsule, it would
be a lot easier for everyone involved if we preceded the Capsule Depex
Section with a length declaration. It provides simple bounds checking
to avoid having to parse the op-codes, but in the case of a malformed
depex being parsed, avoid other issues which can be messy.
REF: UEFI spec 2.10 Table 23.4
Signed-off-by: Yi Li <yi1.li@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Diffstat (limited to 'FmpDevicePkg/Library')
| -rw-r--r-- | FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c index 76a1ee3..50662e7 100644 --- a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c +++ b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c @@ -234,6 +234,7 @@ EvaluateDependency ( GUID ImageTypeId;
UINT32 Version;
UINT32 LocalLastAttemptStatus;
+ UINT32 DeclaredLength;
LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
@@ -489,6 +490,37 @@ EvaluateDependency ( }
return Element1.Value.Boolean;
+ case EFI_FMP_DEP_DECLARE_LENGTH:
+ if (Iterator + sizeof (UINT32) >= (UINT8 *)Dependencies->Dependencies + DependenciesSize ) {
+ DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH extends beyond end of dependency expression!\n"));
+ LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_BEYOND_DEPEX;
+ goto Error;
+ }
+
+ //
+ // This opcode must be the first one in a dependency expression.
+ //
+ if (Iterator != Dependencies->Dependencies) {
+ DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH is not the first opcode!\n"));
+ LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_NOT_FIRST_OPCODE;
+ goto Error;
+ }
+
+ DeclaredLength = *(UINT32 *)(Iterator + 1);
+ if (DeclaredLength != DependenciesSize) {
+ DEBUG ((DEBUG_ERROR, "EvaluateDependency: DECLARE_LENGTH is not equal to length of dependency expression!\n"));
+ LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_DECLARE_LENGTH_INCORRECT;
+ goto Error;
+ }
+
+ Status = Push (DeclaredLength, VersionType);
+ if (EFI_ERROR (Status)) {
+ LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_PUSH_FAILURE;
+ goto Error;
+ }
+
+ Iterator = Iterator + sizeof (UINT32);
+ break;
default:
DEBUG ((DEBUG_ERROR, "EvaluateDependency: Unknown Opcode - %02x!\n", *Iterator));
LocalLastAttemptStatus = LAST_ATTEMPT_STATUS_DEPENDENCY_LIB_ERROR_UNKNOWN_OPCODE;
@@ -574,6 +606,9 @@ ValidateDependency ( }
return TRUE;
+ case EFI_FMP_DEP_DECLARE_LENGTH:
+ Depex += sizeof (UINT32) + 1;
+ break;
default:
return FALSE;
}
|