Revision: 15797
http://sourceforge.net/p/edk2/code/15797
Author: vanjeff
Date: 2014-08-14 02:00:11 +0000 (Thu, 14 Aug 2014)
Log Message:
-----------
Use StrnCat instead of StrCat to avoid target buffer overflow.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <[email protected]>
Reviewed-by: Eric Dong <[email protected]>
Modified Paths:
--------------
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
Modified:
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
===================================================================
---
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
2014-08-13 08:39:54 UTC (rev 15796)
+++
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
2014-08-14 02:00:11 UTC (rev 15797)
@@ -1,7 +1,7 @@
/** @file
The platform device manager reference implementation
-Copyright (c) 2004 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -1260,6 +1260,7 @@
LIST_ENTRY *Link;
EFI_DEVICE_PATH_PROTOCOL *DriverDevicePath;
BOOLEAN RebootRequired;
+ UINTN StringSize;
Index = 0;
DriverHealthInfo = NULL;
@@ -1341,7 +1342,8 @@
//
// Assume no line strings is longer than 512 bytes.
//
- String = (EFI_STRING) AllocateZeroPool (0x200);
+ StringSize = 0x200;
+ String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL);
Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle,
&DriverName);
@@ -1410,7 +1412,7 @@
}
ASSERT (TmpString != NULL);
- StrCat (String, TmpString);
+ StrnCat (String, TmpString, StringSize / sizeof (CHAR16) - StrLen (String)
- 1);
FreePool (TmpString);
Token = HiiSetString (HiiHandle, 0, String, NULL);
Modified: trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
===================================================================
--- trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
2014-08-13 08:39:54 UTC (rev 15796)
+++ trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
2014-08-14 02:00:11 UTC (rev 15797)
@@ -1,7 +1,7 @@
/** @file
Perform the platform memory test
-Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -230,11 +230,13 @@
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color;
BOOLEAN IsFirstBoot;
UINT32 TempData;
+ UINTN StrTotalMemorySize;
ReturnStatus = EFI_SUCCESS;
ZeroMem (&Key, sizeof (EFI_INPUT_KEY));
- Pos = AllocatePool (128);
+ StrTotalMemorySize = 128;
+ Pos = AllocateZeroPool (StrTotalMemorySize);
if (Pos == NULL) {
return ReturnStatus;
@@ -322,7 +324,7 @@
//
// TmpStr size is 64, StrPercent is reserved to 16.
//
- StrCat (StrPercent, TmpStr);
+ StrnCat (StrPercent, TmpStr, sizeof (StrPercent) / sizeof (CHAR16) -
StrLen (StrPercent) - 1);
PrintXY (10, 10, NULL, NULL, StrPercent);
FreePool (TmpStr);
}
@@ -382,11 +384,12 @@
UnicodeValueToString (StrTotalMemory, COMMA_TYPE, TotalMemorySize, 0);
if (StrTotalMemory[0] == L',') {
StrTotalMemory++;
+ StrTotalMemorySize -= sizeof (CHAR16);
}
TmpStr = GetStringById (STRING_TOKEN (STR_MEM_TEST_COMPLETED));
if (TmpStr != NULL) {
- StrCat (StrTotalMemory, TmpStr);
+ StrnCat (StrTotalMemory, TmpStr, StrTotalMemorySize / sizeof (CHAR16) -
StrLen (StrTotalMemory) - 1);
FreePool (TmpStr);
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
