[edk2] [PATCH 1/1] ArmPlatformPkg/Bds: stop inputting more characters when string is full

Tue, 25 Feb 2014 01:50:30 -0800 

If EditHIInputStr() is called, say with a MaxCmdLine of 2, the user is
currently allowed to enter 2 characters.

If the second character is a carriage return/line feed, this is
substituted with a NULL and the function returns.

If the second character is a regular character, the loop terminated and
the function returns.  However, the buffer has not been NULL terminated.

This patch prevents the user from entering a regular character as the
final character and ensures that the only way out of the input is by
pressing ESC or ENTER (or equivalent).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ryan Harkin <ryan.har...@linaro.org>
---
 ArmPlatformPkg/Bds/BdsHelper.c |    8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/ArmPlatformPkg/Bds/BdsHelper.c b/ArmPlatformPkg/Bds/BdsHelper.c
index 3142d85..7f0ef42 100644
--- a/ArmPlatformPkg/Bds/BdsHelper.c
+++ b/ArmPlatformPkg/Bds/BdsHelper.c
@@ -35,7 +35,7 @@ EditHIInputStr (
   Print (CmdLine);
 
   // To prevent a buffer overflow, we only allow to enter (MaxCmdLine-1) 
characters
-  for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine - 1; ) {
+  for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine; ) {
     Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &WaitIndex);
     ASSERT_EFI_ERROR (Status);
 
@@ -62,7 +62,7 @@ EditHIInputStr (
       }
     } else if ((Key.ScanCode == SCAN_ESC) || (Char == 0x1B) || (Char == 0x0)) {
       return EFI_INVALID_PARAMETER;
-    } else {
+    } else if (CmdLineIndex < (MaxCmdLine-1)) {
       CmdLine[CmdLineIndex++] = Key.UnicodeChar;
       Print (L"%c", Key.UnicodeChar);
     }
@@ -187,9 +187,7 @@ GetHIInputBoolean (
 
   while(1) {
     Print (L"[y/n] ");
-    // Set MaxCmdLine to 3 to give space for carriage return (when the user
-    // hits enter) and terminal '\0'.
-    Status = GetHIInputStr (CmdBoolean, 3);
+    Status = GetHIInputStr (CmdBoolean, 2);
     if (EFI_ERROR(Status)) {
       return Status;
     } else if ((CmdBoolean[0] == L'y') || (CmdBoolean[0] == L'Y')) {
-- 
1.7.9.5


------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to