Current logic don't do the validation for the input namespace, if user input an invalid namespace, system will assert.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <[email protected]> --- .../Universal/HiiDatabaseDxe/ConfigKeywordHandler.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c index 4cf803c..eac7717 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c @@ -2848,12 +2848,21 @@ EfiConfigKeywordHandlerSetData ( // 1. Get NameSpace from NameSpaceId keyword. // Status = ExtractNameSpace (StringPtr, &NameSpace, &NextStringPtr); if (EFI_ERROR (Status)) { *ProgressErr = KEYWORD_HANDLER_MALFORMED_STRING; - return Status; + goto Done; } + // + // 1.1 Check whether the input namespace is valid. + // + if (AsciiStrnCmp(NameSpace, UEFI_CONFIG_LANG, AsciiStrLen (UEFI_CONFIG_LANG)) != 0) { + *ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR; + Status = EFI_INVALID_PARAMETER; + goto Done; + } + StringPtr = NextStringPtr; // // 2. Get possible Device Path info from KeywordString. // @@ -3122,11 +3131,18 @@ EfiConfigKeywordHandlerGetData ( } if (EFI_ERROR (Status)) { *ProgressErr = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND; return Status; } - + // + // 1.1 Check whether the input namespace is valid. + // + if (AsciiStrnCmp(NameSpace, UEFI_CONFIG_LANG, AsciiStrLen (UEFI_CONFIG_LANG)) != 0) { + *ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR; + return EFI_INVALID_PARAMETER; + } + if (KeywordString != NULL) { // // Use temp string to avoid changing input string buffer. // TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString); -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
