SF.net SVN: edk2:[14393] trunk/edk2/ArmPlatformPkg/Bds/BdsHelper.c

Wed, 29 May 2013 07:57:12 -0700 

Revision: 14393
          http://edk2.svn.sourceforge.net/edk2/?rev=14393&view=rev
Author:   oliviermartin
Date:     2013-05-29 14:56:35 +0000 (Wed, 29 May 2013)
Log Message:
-----------
ArmPlatformPkg/Bds: Fixed potential overflow in EditHIInputStr()

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ryan Harkin <[email protected]>
Signed-off: Olivier Martin <[email protected]>

Modified Paths:
--------------
    trunk/edk2/ArmPlatformPkg/Bds/BdsHelper.c

Modified: trunk/edk2/ArmPlatformPkg/Bds/BdsHelper.c
===================================================================
--- trunk/edk2/ArmPlatformPkg/Bds/BdsHelper.c   2013-05-29 05:30:13 UTC (rev 
14392)
+++ trunk/edk2/ArmPlatformPkg/Bds/BdsHelper.c   2013-05-29 14:56:35 UTC (rev 
14393)
@@ -1,6 +1,6 @@
 /** @file
 *
-*  Copyright (c) 2011-2012, ARM Limited. All rights reserved.
+*  Copyright (c) 2011-2013, ARM Limited. All rights reserved.
 *  
 *  This program and the accompanying materials                          
 *  are licensed and made available under the terms and conditions of the BSD 
License         
@@ -26,9 +26,16 @@
   EFI_INPUT_KEY   Key;
   EFI_STATUS      Status;
 
+  // The command line must be at least one character long
+  ASSERT (MaxCmdLine > 0);
+
   Print (CmdLine);
 
-  for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine; ) {
+  // Ensure the last character of the buffer is the NULL character
+  CmdLine[MaxCmdLine - 1] = '\0';
+
+  // To prevent a buffer overflow, we only allow to enter (MaxCmdLine-1) 
characters
+  for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine-1; ) {
     Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &WaitIndex);
     ASSERT_EFI_ERROR (Status);
 

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to