Skip to content

Commit

Permalink
Additional CodeQL Fixes (#358)
Browse files Browse the repository at this point in the history
Various fixes

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

Build and boot changes on QemuQ35Pkg to EFI shell.

N/A
  • Loading branch information
TaylorBeebe authored and kenlautner committed Oct 18, 2023
1 parent 994ea54 commit 2eaa4fc
Show file tree
Hide file tree
Showing 12 changed files with 121 additions and 40 deletions.
6 changes: 6 additions & 0 deletions MdeModulePkg/Core/Dxe/Mem/Pool.c
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,12 @@ CoreAllocatePoolI (
NoPages = EFI_SIZE_TO_PAGES (Size) + EFI_SIZE_TO_PAGES (Granularity) - 1;
NoPages &= ~(UINTN)(EFI_SIZE_TO_PAGES (Granularity) - 1);
Head = CoreAllocatePoolPagesI (PoolType, NoPages, Granularity, NeedGuard);
// MU_CHANGE [BEGIN] - CodeQL change
if (Head == NULL) {
return NULL;
}

// MU_CHANGE [END] - CodeQL change
if (NeedGuard) {
Head = AdjustPoolHeadA ((EFI_PHYSICAL_ADDRESS)(UINTN)Head, NoPages, Size);
}
Expand Down
59 changes: 31 additions & 28 deletions NetworkPkg/Ip6Dxe/Ip6Input.c
Original file line number Diff line number Diff line change
Expand Up @@ -1314,24 +1314,25 @@ Ip6InstanceFrameAcceptable (
// Check whether the protocol is acceptable.
//
ExtHdrs = NetbufGetByte (Packet, 0, NULL);

if (!Ip6IsExtsValid (
IpInstance->Service,
Packet,
&Head->NextHeader,
ExtHdrs,
(UINT32)Head->PayloadLength,
TRUE,
NULL,
&Proto,
NULL,
NULL,
NULL
))
// MU_CHANGE [BEGIN] - CodeQL change
if ((ExtHdrs == NULL) || !Ip6IsExtsValid (
IpInstance->Service,
Packet,
&Head->NextHeader,
ExtHdrs,
(UINT32)Head->PayloadLength,
TRUE,
NULL,
&Proto,
NULL,
NULL,
NULL
))
{
return FALSE;
}

// MU_CHANGE [END] - CodeQL change
//
// The upper layer driver may want to receive the ICMPv6 error packet
// invoked by its packet, like UDP.
Expand All @@ -1349,23 +1350,25 @@ Ip6InstanceFrameAcceptable (
//
ErrMsgPayloadLen = NTOHS (Icmp.IpHead.PayloadLength);
ErrMsgPayload = NetbufGetByte (Packet, sizeof (Icmp), NULL);

if (!Ip6IsExtsValid (
NULL,
NULL,
&Icmp.IpHead.NextHeader,
ErrMsgPayload,
ErrMsgPayloadLen,
TRUE,
NULL,
&Proto,
NULL,
NULL,
NULL
))
// MU_CHANGE [BEGIN] - CodeQL change
if ((ErrMsgPayload == NULL) || !Ip6IsExtsValid (
NULL,
NULL,
&Icmp.IpHead.NextHeader,
ErrMsgPayload,
ErrMsgPayloadLen,
TRUE,
NULL,
&Proto,
NULL,
NULL,
NULL
))
{
return FALSE;
}

// MU_CHANGE [END] - CodeQL change
}
}

Expand Down
9 changes: 8 additions & 1 deletion NetworkPkg/Ip6Dxe/Ip6Mld.c
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,14 @@ Ip6SendMldReport (
// Fill a IPv6 Router Alert option in a Hop-by-Hop Options Header
//
Options = NetbufAllocSpace (Packet, (UINT32)OptionLen, FALSE);
ASSERT (Options != NULL);
// MU_CHANGE [BEGIN] - CodeQL change
if (Options == NULL) {
ASSERT (Options != NULL);
NetbufFree (Packet);
return EFI_OUT_OF_RESOURCES;
}

// MU_CHANGE [END] - CodeQL change
Status = Ip6FillHopByHop (Options, &OptionLen, IP6_ICMP);
if (EFI_ERROR (Status)) {
NetbufFree (Packet);
Expand Down
15 changes: 13 additions & 2 deletions NetworkPkg/Ip6Dxe/Ip6Nd.c
Original file line number Diff line number Diff line change
Expand Up @@ -1554,7 +1554,13 @@ Ip6ProcessNeighborSolicit (
OptionLen = (UINT16)(Head->PayloadLength - IP6_ND_LENGTH);
if (OptionLen != 0) {
Option = NetbufGetByte (Packet, IP6_ND_LENGTH, NULL);
ASSERT (Option != NULL);
// MU_CHANGE [BEGIN] - CodeQL change
if (Option == NULL) {
ASSERT (Option != NULL);
goto Exit;
}

// MU_CHANGE [END] - CodeQL change

//
// All included options should have a length that is greater than zero.
Expand Down Expand Up @@ -2043,8 +2049,13 @@ Ip6ProcessRouterAdvertise (
OptionLen = (UINT16)(Head->PayloadLength - IP6_RA_LENGTH);
if (OptionLen != 0) {
Option = NetbufGetByte (Packet, IP6_RA_LENGTH, NULL);
ASSERT (Option != NULL);
// MU_CHANGE [BEGIN] - CodeQL change
if (Option == NULL) {
ASSERT (Option != NULL);
goto Exit;
}

// MU_CHANGE [END] - CodeQL change
if (!Ip6IsNDOptionValid (Option, OptionLen)) {
goto Exit;
}
Expand Down
13 changes: 10 additions & 3 deletions ShellPkg/Application/Shell/ShellManParser.c
Original file line number Diff line number Diff line change
Expand Up @@ -549,6 +549,7 @@ ManFileFindTitleSection (
returned help text.
@retval EFI_INVALID_PARAMETER HelpText is NULL.
@retval EFI_INVALID_PARAMETER ManFileName is invalid.
@retval EFI_INVALID_PARAMETER Command is invalid. // MU_CHANGE: CodeQL change
@retval EFI_NOT_FOUND There is no help text available for Command.
**/
EFI_STATUS
Expand Down Expand Up @@ -633,13 +634,19 @@ ProcessManFile (
FileDevPath = FileDevicePath (NULL, TempString);
// MU_CHANGE [START] - CodeQL change
if (FileDevPath == NULL) {
Status = EFI_INVALID_PARAMETER;
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}

// MU_CHANGE [END] - CodeQL change
DevPath = AppendDevicePath (ShellInfoObject.ImageDevPath, FileDevPath);
Status = InternalOpenFileDevicePath (DevPath, &FileHandle, EFI_FILE_MODE_READ, 0);

if (DevPath == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}

// MU_CHANGE [END] - CodeQL change
Status = InternalOpenFileDevicePath (DevPath, &FileHandle, EFI_FILE_MODE_READ, 0);
SHELL_FREE_NON_NULL (FileDevPath);
SHELL_FREE_NON_NULL (DevPath);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1442,6 +1442,14 @@ BcfgDisplayDump (
if (LoadOption->FilePathListLength != 0) {
FilePathList = (UINT8 *)Description + DescriptionSize;
DevPathString = ConvertDevicePathToText (FilePathList, TRUE, FALSE);
// MU_CHANGE [BEGIN] - CodeQL change
if (DevPathString == NULL) {
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_GEN_NO_MEM), gShellBcfgHiiHandle, L"bcfg");
++Errors;
goto Cleanup;
}

// MU_CHANGE [END] - CodeQL change
}

OptionalDataOffset = sizeof *LoadOption + DescriptionSize +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1378,7 +1378,12 @@ MainCommandDisplayHelp (
//
for (CurrentLine = 0; 0 != MainMenuHelpInfo[CurrentLine]; CurrentLine++) {
InfoString = HiiGetString (gShellDebug1HiiHandle, MainMenuHelpInfo[CurrentLine], NULL);
ShellPrintEx (0, CurrentLine+1, L"%E%s%N", InfoString);
// MU_CHANGE [BEGIN] - CodeQL change
if (InfoString != NULL) {
ShellPrintEx (0, CurrentLine+1, L"%E%s%N", InfoString);
}

// MU_CHANGE [END] - CodeQL change
}

//
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,12 @@ HMainCommandDisplayHelp (
,
NULL
);
ShellPrintEx (0, CurrentLine+1, L"%E%s%N", InfoString);
// MU_CHANGE [BEGIN] - CodeQL change
if (InfoString != NULL) {
ShellPrintEx (0, CurrentLine+1, L"%E%s%N", InfoString);
}

// MU_CHANGE [END] - CodeQL change
}

//
Expand Down
14 changes: 14 additions & 0 deletions ShellPkg/Library/UefiShellDriver1CommandsLib/DrvCfg.c
Original file line number Diff line number Diff line change
Expand Up @@ -473,6 +473,20 @@ ConfigFromFile (
// print out an error.
//
TempDevPathString = ConvertDevicePathToText ((EFI_DEVICE_PATH_PROTOCOL *)(((CHAR8 *)PackageHeader) + sizeof (EFI_HII_PACKAGE_HEADER)), TRUE, TRUE);
// MU_CHANGE [BEGIN] - CodeQL change
if (TempDevPathString == NULL) {
ShellPrintHiiEx (
-1,
-1,
NULL,
STRING_TOKEN (STR_GEN_OUT_MEM),
gShellDriver1HiiHandle,
L"drvcfg"
);
return (SHELL_OUT_OF_RESOURCES);
}

// MU_CHANGE [END] - CodeQL change
ShellPrintHiiEx (
-1,
-1,
Expand Down
13 changes: 11 additions & 2 deletions ShellPkg/Library/UefiShellDriver1CommandsLib/OpenInfo.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ STATIC CONST CHAR16 StringUnknown[] = L"Unknown ";
@retval EFI_SUCCESS The operation was successful.
@retval EFI_INVALID_PARAMETER TheHandle was NULL.
@retval EFI_OUT_OF_RESOURCES A memory allocation failed. // MU_CHANGE: CodeQL change
**/
EFI_STATUS
TraverseHandleDatabase (
Expand Down Expand Up @@ -102,7 +103,14 @@ TraverseHandleDatabase (
break;
}

HandleIndex = ConvertHandleToHandleIndex (OpenInfo[OpenInfoIndex].AgentHandle);
HandleIndex = ConvertHandleToHandleIndex (OpenInfo[OpenInfoIndex].AgentHandle);
// MU_CHANGE [BEGIN] - CodeQL change
if (HandleIndex == 0) {
FreePool (OpenInfo);
FreePool (ProtocolGuidArray);
return EFI_OUT_OF_RESOURCES;
}

Name = GetStringNameFromHandle (OpenInfo[OpenInfoIndex].AgentHandle, NULL);
ControllerIndex = ConvertHandleToHandleIndex (OpenInfo[OpenInfoIndex].ControllerHandle);
if (ControllerIndex != 0) {
Expand All @@ -118,7 +126,7 @@ TraverseHandleDatabase (
OpenTypeString,
Name
);
} else {
} else if (Name != NULL) {
ShellPrintHiiEx (
-1,
-1,
Expand All @@ -133,6 +141,7 @@ TraverseHandleDatabase (
}
}

// MU_CHANGE [END] - CodeQL change
FreePool (OpenInfo);
}
}
Expand Down
6 changes: 6 additions & 0 deletions ShellPkg/Library/UefiShellDriver1CommandsLib/Unload.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ DumpLoadedImageProtocolInfo (
CHAR16 *TheString;

TheString = GetProtocolInformationDump (TheHandle, &gEfiLoadedImageProtocolGuid, TRUE);
// MU_CHANGE [BEGIN] - CodeQL change
if (TheString == NULL) {
return (EFI_INVALID_PARAMETER);
}

// MU_CHANGE [END] - CodeQL change

ShellPrintEx (-1, -1, L"%s", TheString);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ DoesCacheExist (
IN UNIT_TEST_FRAMEWORK_HANDLE FrameworkHandle
)
{
CHAR16 *FileName;
CHAR16 *FileName = NULL; // MU_CHANGE: Use file name and path instead of device path
EFI_STATUS Status;
SHELL_FILE_HANDLE FileHandle;

Expand Down Expand Up @@ -363,7 +363,7 @@ LoadUnitTestCache (
)
{
EFI_STATUS Status;
CHAR16 *FileName;
CHAR16 *FileName; // MU_CHANGE: Use file name and path instead of device path
SHELL_FILE_HANDLE FileHandle;
BOOLEAN IsFileOpened;
UINT64 LargeFileSize;
Expand Down

0 comments on commit 2eaa4fc

Please sign in to comment.