It was found through code review. Use safe string functions (StrCpyS, StrCatS...) can avoid potential buffer overflow. I will update the commit message.
-Shumin -----Original Message----- From: edk2-devel [mailto:[email protected]] On Behalf Of Leif Lindholm Sent: Wednesday, October 14, 2015 10:26 PM To: Qiu, Shumin Cc: Carsey, Jaben; [email protected] Subject: Re: [edk2] [PATCH] ShellPkg: Use safe string functions to refine Tftp.c code. On Wed, Oct 14, 2015 at 01:00:15PM +0800, Qiu Shumin wrote: > Cc: Jaben Carsey <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Qiu Shumin <[email protected]> Could we have a commit message, please? Does this resolve an observed problem, or was it found through code review? Regards, Leif > --- > ShellPkg/Library/UefiShellTftpCommandLib/Tftp.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/ShellPkg/Library/UefiShellTftpCommandLib/Tftp.c > b/ShellPkg/Library/UefiShellTftpCommandLib/Tftp.c > index 4bb21aa..02099fe 100644 > --- a/ShellPkg/Library/UefiShellTftpCommandLib/Tftp.c > +++ b/ShellPkg/Library/UefiShellTftpCommandLib/Tftp.c > @@ -955,6 +955,7 @@ CheckPacket ( > UINTN Index; > UINTN LastStep; > UINTN Step; > + EFI_STATUS Status; > > if ((NTOHS (Packet->OpCode)) != EFI_MTFTP4_OPCODE_DATA) { > return EFI_SUCCESS; > @@ -984,7 +985,10 @@ CheckPacket ( > > ShellPrintEx (-1, -1, L"%s", mTftpProgressDelete); > > - StrCpy (Progress, mTftpProgressFrame); > + Status = StrCpyS (Progress, TFTP_PROGRESS_MESSAGE_SIZE, > + mTftpProgressFrame); if (EFI_ERROR(Status)) { > + return Status; > + } > for (Index = 1; Index < Step; Index++) { > Progress[Index] = L'='; > } > -- > 1.9.5.msysgit.1 > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
