DeviceManager.c

shenshushi Wed, 20 Aug 2014 22:35:58 -0700

Revision: 15863
          http://sourceforge.net/p/edk2/code/15863
Author:   shenshushi
Date:     2014-08-21 05:35:25 +0000 (Thu, 21 Aug 2014)
Log Message:
-----------
Allocate exact memory size for string buffer to avoid buffer overflow.


Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <[email protected]>
Reviewed-by: Ni Ruiyu <[email protected]>

Modified Paths:
--------------
    
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c

Modified: 
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
===================================================================
--- 
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c  
    2014-08-21 05:26:25 UTC (rev 15862)
+++ 
trunk/edk2/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c  
    2014-08-21 05:35:25 UTC (rev 15863)
@@ -1260,11 +1260,13 @@
   LIST_ENTRY                  *Link;
   EFI_DEVICE_PATH_PROTOCOL    *DriverDevicePath;
   BOOLEAN                     RebootRequired;
+  BOOLEAN                     IsControllerNameEmpty;
   UINTN                       StringSize;
 
   Index               = 0;
   DriverHealthInfo    = NULL;  
   DriverDevicePath    = NULL;
+  IsControllerNameEmpty = FALSE;
   InitializeListHead (&DriverHealthList);
 
   HiiHandle = gDeviceManagerPrivate.DriverHealthHiiHandle;
@@ -1337,14 +1339,7 @@
   Link = GetFirstNode (&DriverHealthList);
 
   while (!IsNull (&DriverHealthList, Link)) {   
-    DriverHealthInfo = DEVICE_MANAGER_HEALTH_INFO_FROM_LINK (Link);
-    
-    //
-    // Assume no line strings is longer than 512 bytes.
-    //
-    StringSize = 0x200;
-    String = (EFI_STRING) AllocateZeroPool (StringSize);
-    ASSERT (String != NULL);
+    DriverHealthInfo = DEVICE_MANAGER_HEALTH_INFO_FROM_LINK (Link);    
 
     Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle, 
&DriverName);
     if (EFI_ERROR (Status)) {
@@ -1354,12 +1349,8 @@
       DriverDevicePath = DevicePathFromHandle (DriverHealthInfo->DriverHandle);
       DriverName       = DevicePathToStr (DriverDevicePath);
     }
-    //
-    // Add the Driver name & Controller name into FormSetTitle string
-    // 
-    StrnCat (String, DriverName, StrLen (DriverName));
+    StringSize = StrSize (DriverName);
 
-
     Status = DriverHealthGetControllerName (
                DriverHealthInfo->DriverHandle, 
                DriverHealthInfo->ControllerHandle, 
@@ -1368,23 +1359,39 @@
                );
 
     if (!EFI_ERROR (Status)) {
-      //
-      // Can not get the Controller name, just let it empty.
-      //
-      StrnCat (String, L"    ", StrLen (L"    "));
-      StrnCat (String, ControllerName, StrLen (ControllerName));   
+      IsControllerNameEmpty = FALSE;
+      StringSize += StrLen (L"    ") * sizeof(CHAR16);
+      StringSize += StrLen (ControllerName) * sizeof(CHAR16);
+    } else {
+      IsControllerNameEmpty = TRUE;
     }
    
     //
     // Add the message of the Module itself provided after the string item.
     //
     if ((DriverHealthInfo->MessageList != NULL) && 
(DriverHealthInfo->MessageList->StringId != 0)) {
-       StrnCat (String, L"    ", StrLen (L"    "));
        TmpString = HiiGetString (
                      DriverHealthInfo->MessageList->HiiHandle, 
                      DriverHealthInfo->MessageList->StringId, 
                      NULL
                      );
+       ASSERT (TmpString != NULL);
+       
+       StringSize += StrLen (L"    ") * sizeof(CHAR16);
+       StringSize += StrLen (TmpString) * sizeof(CHAR16);
+
+       String = (EFI_STRING) AllocateZeroPool (StringSize);
+       ASSERT (String != NULL);
+       
+       StrnCpy (String, DriverName, StringSize / sizeof(CHAR16));
+       if (!IsControllerNameEmpty) {
+        StrnCat (String, L"    ", StringSize / sizeof(CHAR16) - StrLen(String) 
- 1);
+        StrnCat (String, ControllerName, StringSize / sizeof(CHAR16) - 
StrLen(String) - 1);
+       }
+
+       StrnCat (String, L"    ", StringSize / sizeof(CHAR16) - StrLen(String) 
- 1);
+       StrnCat (String, TmpString, StringSize / sizeof(CHAR16) - 
StrLen(String) - 1);
+       
     } else {
       //
       // Update the string will be displayed base on the driver's health status
@@ -1409,10 +1416,22 @@
         TmpString = GetStringById (STRING_TOKEN (STR_DRIVER_HEALTH_HEALTHY));
         break;
       }
+      ASSERT (TmpString != NULL);
+
+      StringSize += StrLen (TmpString) * sizeof(CHAR16);
+
+      String = (EFI_STRING) AllocateZeroPool (StringSize);
+      ASSERT (String != NULL);
+      
+      StrnCpy (String, DriverName, StringSize / sizeof(CHAR16));
+      if (!IsControllerNameEmpty) {
+        StrnCat (String, L"    ", StringSize / sizeof(CHAR16) - StrLen(String) 
- 1);
+        StrnCat (String, ControllerName, StringSize / sizeof(CHAR16) - 
StrLen(String) - 1);
+      }
+
+      StrnCat (String, TmpString, StringSize / sizeof(CHAR16) - StrLen(String) 
- 1);
     }
 
-    ASSERT (TmpString != NULL);
-    StrnCat (String, TmpString, StringSize / sizeof (CHAR16) - StrLen (String) 
- 1);
     FreePool (TmpString);
 
     Token = HiiSetString (HiiHandle, 0, String, NULL);

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

SF.net SVN: edk2:[15863] trunk/edk2/IntelFrameworkModulePkg/Universal/ BdsDxe/DeviceMngr/DeviceManager.c

Reply via email to