From nobody Tue May 13 16:42:39 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1532600240775367.44991917338984; Thu, 26 Jul 2018 03:17:20 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D4FC9210C2830; Thu, 26 Jul 2018 03:17:09 -0700 (PDT) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C4B88210C2832 for ; Thu, 26 Jul 2018 03:17:07 -0700 (PDT) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jul 2018 03:17:07 -0700 Received: from shwdeopenpsi068.ccr.corp.intel.com ([10.239.158.46]) by fmsmga002.fm.intel.com with ESMTP; 26 Jul 2018 03:17:06 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,404,1526367600"; d="scan'208";a="70521149" From: Star Zeng To: edk2-devel@lists.01.org Date: Thu, 26 Jul 2018 18:16:55 +0800 Message-Id: <1532600215-67392-7-git-send-email-star.zeng@intel.com> X-Mailer: git-send-email 2.7.0.windows.1 In-Reply-To: <1532600215-67392-1-git-send-email-star.zeng@intel.com> References: <1532600215-67392-1-git-send-email-star.zeng@intel.com> Subject: [edk2] [PATCH 6/6] MdeModulePkg CapsuleApp: Check capsule header for -D and -N options X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael D Kinney , Jiewen Yao , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Then meaningful error message can be shown when the input image is unexpected. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng --- MdeModulePkg/Application/CapsuleApp/CapsuleApp.c | 101 ++++++++++++++----= ---- MdeModulePkg/Application/CapsuleApp/CapsuleDump.c | 23 +++++ 2 files changed, 90 insertions(+), 34 deletions(-) diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c b/MdeModulePk= g/Application/CapsuleApp/CapsuleApp.c index 2967b0d1dd18..894da2f2d9d5 100644 --- a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c @@ -363,6 +363,60 @@ GetEsrtFwType ( } =20 /** + Validate if it is valid capsule header + + This function assumes the caller provided correct CapsuleHeader pointer + and CapsuleSize. + + This function validates the fields in EFI_CAPSULE_HEADER. + + @param[in] CapsuleHeader Points to a capsule header. + @param[in] CapsuleSize Size of the whole capsule image. + +**/ +BOOLEAN +IsValidCapsuleHeader ( + IN EFI_CAPSULE_HEADER *CapsuleHeader, + IN UINT64 CapsuleSize + ) +{ + if (CapsuleSize < sizeof (EFI_CAPSULE_HEADER)) { + return FALSE; + } + if (CapsuleHeader->CapsuleImageSize !=3D CapsuleSize) { + return FALSE; + } + if (CapsuleHeader->HeaderSize > CapsuleHeader->CapsuleImageSize) { + return FALSE; + } + if (CapsuleHeader->HeaderSize < sizeof (EFI_CAPSULE_HEADER)) { + return FALSE; + } + + return TRUE; +} + +/** + Return if this CapsuleGuid is a FMP capsule GUID or not. + + @param[in] CapsuleGuid A pointer to EFI_GUID + + @retval TRUE It is a FMP capsule GUID. + @retval FALSE It is not a FMP capsule GUID. +**/ +BOOLEAN +IsFmpCapsuleGuid ( + IN EFI_GUID *CapsuleGuid + ) +{ + if (CompareGuid(&gEfiFmpCapsuleGuid, CapsuleGuid)) { + return TRUE; + } + + return FALSE; +} + +/** Append a capsule header on top of current image. This function follows Windows UEFI Firmware Update Platform document. =20 @@ -407,15 +461,28 @@ CreateNestedFmp ( Print(L"CapsuleApp: Capsule image (%s) is not found.\n", CapsuleName); goto Done; } + if (!IsValidCapsuleHeader (CapsuleBuffer, FileSize)) { + Print(L"CapsuleApp: Capsule image (%s) is not a valid capsule.\n", Cap= suleName); + Status =3D EFI_INVALID_PARAMETER; + goto Done; + } + + if (!IsFmpCapsuleGuid (&((EFI_CAPSULE_HEADER *) CapsuleBuffer)->CapsuleG= uid)) { + Print(L"CapsuleApp: Capsule image (%s) is not a FMP capsule.\n", Capsu= leName); + Status =3D EFI_INVALID_PARAMETER; + goto Done; + } =20 ImageTypeId =3D GetCapsuleImageTypeId(CapsuleBuffer); if (ImageTypeId =3D=3D NULL) { Print(L"CapsuleApp: Capsule ImageTypeId is not found.\n"); + Status =3D EFI_INVALID_PARAMETER; goto Done; } FwType =3D GetEsrtFwType(ImageTypeId); if ((FwType !=3D ESRT_FW_TYPE_SYSTEMFIRMWARE) && (FwType !=3D ESRT_FW_TY= PE_DEVICEFIRMWARE)) { Print(L"CapsuleApp: Capsule FwType is invalid.\n"); + Status =3D EFI_INVALID_PARAMETER; goto Done; } =20 @@ -725,40 +792,6 @@ CleanGatherList ( } =20 /** - Validate if it is valid capsule header - - This function assumes the caller provided correct CapsuleHeader pointer - and CapsuleSize. - - This function validates the fields in EFI_CAPSULE_HEADER. - - @param[in] CapsuleHeader Points to a capsule header. - @param[in] CapsuleSize Size of the whole capsule image. - -**/ -BOOLEAN -IsValidCapsuleHeader ( - IN EFI_CAPSULE_HEADER *CapsuleHeader, - IN UINT64 CapsuleSize - ) -{ - if (CapsuleSize < sizeof (EFI_CAPSULE_HEADER)) { - return FALSE; - } - if (CapsuleHeader->CapsuleImageSize !=3D CapsuleSize) { - return FALSE; - } - if (CapsuleHeader->HeaderSize > CapsuleHeader->CapsuleImageSize) { - return FALSE; - } - if (CapsuleHeader->HeaderSize < sizeof (EFI_CAPSULE_HEADER)) { - return FALSE; - } - - return TRUE; -} - -/** Print APP usage. **/ VOID diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModuleP= kg/Application/CapsuleApp/CapsuleDump.c index 11bf2e1d4530..45c3ecd050ab 100644 --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c @@ -62,6 +62,24 @@ WriteFileFromBuffer ( ); =20 /** + Validate if it is valid capsule header + + This function assumes the caller provided correct CapsuleHeader pointer + and CapsuleSize. + + This function validates the fields in EFI_CAPSULE_HEADER. + + @param[in] CapsuleHeader Points to a capsule header. + @param[in] CapsuleSize Size of the whole capsule image. + +**/ +BOOLEAN +IsValidCapsuleHeader ( + IN EFI_CAPSULE_HEADER *CapsuleHeader, + IN UINT64 CapsuleSize + ); + +/** Dump UX capsule information. =20 @param[in] CapsuleHeader The UX capsule header @@ -248,6 +266,11 @@ DumpCapsule ( Print(L"CapsuleApp: Capsule (%s) is not found.\n", CapsuleName); goto Done; } + if (!IsValidCapsuleHeader (Buffer, FileSize)) { + Print(L"CapsuleApp: Capsule image (%s) is not a valid capsule.\n", Cap= suleName); + Status =3D EFI_INVALID_PARAMETER; + goto Done; + } =20 CapsuleHeader =3D Buffer; if (CompareGuid(&CapsuleHeader->CapsuleGuid, &gWindowsUxCapsuleGuid)) { --=20 2.7.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel