[edk2] [Patch 1/2] Allocate temp buffer to avoid potential change user input string buffer.

Eric Dong Tue, 18 Aug 2015 20:06:59 -0700

Current logic will directly change user input string buffer which may cause 
ASSERT if user input string buffer is a constant string buffer. Now update 
logic to allocate a temp buffer to let code to update at run-time.


Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.d...@intel.com>
Reviewed-by: Liming Gao <liming....@intel.com>
---
 .../HiiDatabaseDxe/ConfigKeywordHandler.c          | 38 +++++++++++++++++++---
 1 file changed, 34 insertions(+), 4 deletions(-)

diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c 
b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
index 529e90f..4cf803c 100644
--- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
+++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
@@ -2806,38 +2806,45 @@ EfiConfigKeywordHandlerSetData (
 {
   CHAR8                               *NameSpace;
   EFI_STATUS                          Status;
   CHAR16                              *StringPtr;
   EFI_DEVICE_PATH_PROTOCOL            *DevicePath;
-  CHAR16                              *NextStringPtr;  
+  CHAR16                              *NextStringPtr;
   CHAR16                              *KeywordData;
   EFI_STRING_ID                       KeywordStringId;
   UINT32                              RetVal;
   HII_DATABASE_RECORD                 *DataBaseRecord;
   UINT8                               *OpCode;
   CHAR16                              *ConfigResp;
   CHAR16                              *MultiConfigResp;
   CHAR16                              *ValueElement;
   BOOLEAN                             ReadOnly;
   EFI_STRING                          InternalProgress;
+  CHAR16                              *TempString;
 
   if (This == NULL || Progress == NULL || ProgressErr == NULL || KeywordString 
== NULL) {
     return EFI_INVALID_PARAMETER;
   }
 
   *Progress    = KeywordString;
   *ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR;
   Status       = EFI_SUCCESS;
-  StringPtr    = KeywordString;
   MultiConfigResp = NULL;
   NameSpace       = NULL;
   DevicePath      = NULL;
   KeywordData     = NULL;
   ValueElement    = NULL;
   ConfigResp      = NULL;
   KeywordStringId = 0;
 
+  //
+  // Use temp string to avoid changing input string buffer.
+  //
+  TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
+  ASSERT (TempString != NULL);
+  StringPtr = TempString;
+
   while ((StringPtr != NULL) && (*StringPtr != L'\0')) {
     //
     // 1. Get NameSpace from NameSpaceId keyword.
     //
     Status = ExtractNameSpace (StringPtr, &NameSpace, &NextStringPtr);
@@ -2960,10 +2967,12 @@ EfiConfigKeywordHandlerSetData (
   }
   
   *ProgressErr = KEYWORD_HANDLER_NO_ERROR;
 
 Done:
+  ASSERT (TempString != NULL);
+  FreePool (TempString);
   if (NameSpace != NULL) {
     FreePool (NameSpace);
   }
   if (DevicePath != NULL) {
     FreePool (DevicePath);
@@ -3076,10 +3085,11 @@ EfiConfigKeywordHandlerGetData (
   CHAR16                              *ValueElement;
   UINT32                              RetVal;
   BOOLEAN                             ReadOnly;
   CHAR16                              *KeywordResp;
   CHAR16                              *MultiKeywordResp;
+  CHAR16                              *TempString;
 
   if (This == NULL || Progress == NULL || ProgressErr == NULL || Results == 
NULL) {
     return EFI_INVALID_PARAMETER;
   }
 
@@ -3091,22 +3101,39 @@ EfiConfigKeywordHandlerGetData (
   ConfigRequest= NULL;
   StringPtr    = KeywordString;
   ReadOnly     = FALSE;
   MultiKeywordResp = NULL;
   KeywordStringId  = 0;
+  TempString   = NULL;
 
   //
+  // Use temp string to avoid changing input string buffer.
+  //
+  if (NameSpaceId != NULL) {
+    TempString = AllocateCopyPool (StrSize (NameSpaceId), NameSpaceId);
+    ASSERT (TempString != NULL);
+  }
+  //
   // 1. Get NameSpace from NameSpaceId keyword.
   //
-  Status = ExtractNameSpace (NameSpaceId, &NameSpace, NULL);
+  Status = ExtractNameSpace (TempString, &NameSpace, NULL);
+  if (TempString != NULL) {
+    FreePool (TempString);
+    TempString = NULL;
+  }
   if (EFI_ERROR (Status)) {
     *ProgressErr = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND;
     return Status;
   }
 
   if (KeywordString != NULL) {
-    StringPtr = KeywordString;
+    //
+    // Use temp string to avoid changing input string buffer.
+    //
+    TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
+    ASSERT (TempString != NULL);
+    StringPtr = TempString;
 
     while (*StringPtr != L'\0') {
       //
       // 2. Get possible Device Path info from KeywordString.
       //
@@ -3223,10 +3250,13 @@ EfiConfigKeywordHandlerGetData (
   }
 
   *ProgressErr = KEYWORD_HANDLER_NO_ERROR;
 
 Done:
+  if (TempString != NULL) {
+    FreePool (TempString);
+  }
   if (NameSpace != NULL) {
     FreePool (NameSpace);
   }
   if (DevicePath != NULL) {
     FreePool (DevicePath);
-- 
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [Patch 1/2] Allocate temp buffer to avoid potential change user input string buffer.

Reply via email to