When you have a difference of 1 between parameter 2 and parameter 4 on StrnCpyS or StrnCatS you can use the non-n version. I noted the first one below, but there are more. This just makes the code easier to read and simpler to maintain.
Reviewed-by: Jaben Carsey <jaben.car...@intel.com> >-----Original Message----- >From: Zhang Lubo [mailto:lubo.zh...@intel.com] >Sent: Tuesday, June 30, 2015 1:26 AM >To: edk2-devel@lists.sourceforge.net >Subject: [edk2] [patch] SecurityPkg:Replace unsafe string functions. > >Replace unsafe string functions with new added safe string functions. > >Contributed-under: TianoCore Contribution Agreement 1.0 >Signed-off-by: Zhang Lubo <lubo.zh...@intel.com> >--- > .../DxeTcgPhysicalPresenceLib.c | 90 +++++++++++----------- > .../DxeTrEEPhysicalPresenceLib.c | 18 ++--- > .../UserProfileManagerDxe/UserProfileModify.c | 6 +- > .../EsalVariableDxeSal/Variable.c | 4 +- > .../VariableAuthenticated/RuntimeDxe/VarCheck.c | 2 +- > .../VariableAuthenticated/RuntimeDxe/Variable.c | 8 +- > .../SecureBootConfigFileExplorer.c | 21 ++--- > .../SecureBootConfigDxe/SecureBootConfigMisc.c | 2 +- > 8 files changed, 77 insertions(+), 74 deletions(-) > >diff --git >a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c >b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c >index 7fbeb0a..5660552 100644 >--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c >+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c >@@ -542,11 +542,11 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); Switch to StrCatS for simplicity. > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DISABLE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE)); >@@ -554,15 +554,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ACTIVATE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE)); >@@ -570,11 +570,11 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEACTIVATE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE)); >@@ -582,15 +582,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_CLEAR: > CautionKey = TRUE; >@@ -599,16 +599,16 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ENABLE_ACTIVATE)); >@@ -616,15 +616,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_DEACTIVATE_DISABLE)); >@@ -632,19 +632,19 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ALLOW_TAKE_OWNERSHIP)); >@@ -652,11 +652,11 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_DISALLOW_TAKE_OWNERSHIP)); >@@ -664,11 +664,11 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON)); >@@ -676,15 +676,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF)); >@@ -692,19 +692,19 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: > CautionKey = TRUE; >@@ -713,15 +713,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_UPGRADE_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_MAINTAIN)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH: > // >@@ -738,23 +738,23 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR_CONT)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_PROVISION)); >@@ -762,15 +762,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: > CautionKey = TRUE; >@@ -779,24 +779,24 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: > CautionKey = TRUE; >@@ -805,19 +805,19 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_MAINTAIN)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: > CautionKey = TRUE; >@@ -826,16 +826,16 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: > CautionKey = TRUE; >@@ -844,23 +844,23 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR_CONT)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > default: > ; >@@ -875,11 +875,11 @@ UserConfirm ( > BufSize -= StrSize (ConfirmText); > UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, > TmpStr2); > > DstStr[80] = L'\0'; > for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { >- StrnCpy(DstStr, ConfirmText + Index, 80); >+ StrnCpyS(DstStr, 81, ConfirmText + Index, 80); > Print (DstStr); > } > > FreePool (TmpStr1); > FreePool (TmpStr2); >diff --git >a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c >b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c >index 9ff9d88..1cc9ed6 100644 >--- >a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c >+++ >b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c >@@ -259,16 +259,16 @@ TrEEUserConfirm ( > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: > CautionKey = TRUE; >@@ -277,24 +277,24 @@ TrEEUserConfirm ( > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >- StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); >- StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); >+ StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen >(ConfirmText) - 1); > FreePool (TmpStr1); > break; > > default: > ; >@@ -309,11 +309,11 @@ TrEEUserConfirm ( > BufSize -= StrSize (ConfirmText); > UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, > TmpStr2); > > DstStr[80] = L'\0'; > for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { >- StrnCpy(DstStr, ConfirmText + Index, 80); >+ StrnCpyS(DstStr, 81, ConfirmText + Index, 80); > Print (DstStr); > } > > FreePool (TmpStr1); > FreePool (TmpStr2); >diff --git >a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c >b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c >index a0eb4af..2fb17e8 100644 >--- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c >+++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c >@@ -343,15 +343,15 @@ AddStr ( > > TmpStr = AllocateZeroPool (StrLength); > ASSERT (TmpStr != NULL); > > if (*Source1 == NULL) { >- StrCpy (TmpStr, Source2);; >+ StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2); > } else { >- StrCpy (TmpStr, *Source1); >+ StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1); > FreePool (*Source1); >- StrCat (TmpStr, Source2); >+ StrCatS (TmpStr, (StrLength - StrSize(Source1) + 2)/ sizeof >(CHAR16),Source2); > } > > *Source1 = TmpStr; > } > >diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c >b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c >index 0b2775d..d28e445 100644 >--- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c >+++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c >@@ -734,11 +734,11 @@ UpdateVariableInfo ( > ASSERT (gVariableInfo != NULL); > > CopyGuid (&gVariableInfo->VendorGuid, VendorGuid); > gVariableInfo->Name = AllocatePool (StrSize (VariableName)); > ASSERT (gVariableInfo->Name != NULL); >- StrCpy (gVariableInfo->Name, VariableName); >+ StrCpyS (gVariableInfo->Name, StrSize (VariableName) / sizeof (CHAR16), >VariableName); > gVariableInfo->Volatile = Volatile; > > gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, > gVariableInfo); > } > >@@ -776,11 +776,11 @@ UpdateVariableInfo ( > ASSERT (Entry->Next != NULL); > > CopyGuid (&Entry->Next->VendorGuid, VendorGuid); > Entry->Next->Name = AllocatePool (StrSize (VariableName)); > ASSERT (Entry->Next->Name != NULL); >- StrCpy (Entry->Next->Name, VariableName); >+ StrCpyS (Entry->Next->Name, StrSize (VariableName) / sizeof (CHAR16), >VariableName); > Entry->Next->Volatile = Volatile; > } > > } > } >diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c >b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c >index 740632f..3c5e9c7 100644 >--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c >+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c >@@ -1158,11 +1158,11 @@ VarCheckVariablePropertySet ( > if (Entry == NULL) { > Status = EFI_OUT_OF_RESOURCES; > goto Done; > } > VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); >- StrnCpy (VariableName, Name, StrLen (Name)); >+ StrnCpyS (VariableName, StrSize (Name) / sizeof (CHAR16), Name, StrLen >(Name)); > CopyGuid (&Entry->Guid, Guid); > CopyMem (&Entry->VariableProperty, VariableProperty, sizeof > (*VariableProperty)); > InsertTailList (&mVarCheckVariableList, &Entry->Link); > } > >diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c >b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c >index 15d0531..436ce2a 100644 >--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c >+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c >@@ -126,11 +126,11 @@ UpdateVariableInfo ( > ASSERT (gVariableInfo != NULL); > > CopyGuid (&gVariableInfo->VendorGuid, VendorGuid); > gVariableInfo->Name = AllocatePool (StrSize (VariableName)); > ASSERT (gVariableInfo->Name != NULL); >- StrCpy (gVariableInfo->Name, VariableName); >+ StrCpyS (gVariableInfo->Name, StrSize (VariableName) / sizeof (CHAR16), >VariableName); > gVariableInfo->Volatile = Volatile; > } > > > for (Entry = gVariableInfo; Entry != NULL; Entry = Entry->Next) { >@@ -162,11 +162,11 @@ UpdateVariableInfo ( > ASSERT (Entry->Next != NULL); > > CopyGuid (&Entry->Next->VendorGuid, VendorGuid); > Entry->Next->Name = AllocatePool (StrSize (VariableName)); > ASSERT (Entry->Next->Name != NULL); >- StrCpy (Entry->Next->Name, VariableName); >+ StrCpyS (Entry->Next->Name, StrSize (VariableName) / sizeof (CHAR16), >VariableName); > Entry->Next->Volatile = Volatile; > } > > } > } >@@ -1092,11 +1092,11 @@ Reclaim ( > goto Done; > } > CopyMem (CurrPtr, (UINT8*) PubKeyHeader, sizeof (VARIABLE_HEADER)); > Variable = (VARIABLE_HEADER*) CurrPtr; > Variable->DataSize = NewPubKeySize; >- StrCpy (GetVariableNamePtr (Variable), GetVariableNamePtr (PubKeyHeader)); >+ StrCpyS (GetVariableNamePtr (Variable), sizeof (VARIABLE_HEADER) / sizeof >(CHAR16), GetVariableNamePtr (PubKeyHeader)); > CopyMem (GetVariableDataPtr (Variable), NewPubKeyStore, NewPubKeySize); > CurrPtr = (UINT8*) GetNextVariablePtr (Variable); > CommonVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable; > if (IsUserVariable (Variable)) { > CommonUserVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable; >@@ -2873,11 +2873,11 @@ VariableLockRequestToLock ( > goto Done; > } > } > > Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); >- StrnCpy (Name, VariableName, StrLen (VariableName)); >+ StrnCpyS (Name, StrSize (VariableName) / sizeof (CHAR16), VariableName, >StrLen (VariableName)); > CopyGuid (&Entry->Guid, VendorGuid); > InsertTailList (&mLockedVariableList, &Entry->Link); > > Done: > ReleaseLockOnlyAtBootTime > (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); >diff --git >a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c >b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c >index 5ca013c..feb4271 100644 >--- >a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c >+++ >b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c >@@ -137,10 +137,11 @@ AppendFileName ( > IN CHAR16 *Str2 > ) > { > UINTN Size1; > UINTN Size2; >+ UINTN SizeTemp; > CHAR16 *Str; > CHAR16 *TmpStr; > CHAR16 *Ptr; > CHAR16 *LastSlash; > >@@ -150,16 +151,18 @@ AppendFileName ( > ASSERT (Str != NULL); > > TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16)); > ASSERT (TmpStr != NULL); > >- StrCat (Str, Str1); >+ StrCatS (Str, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), Str1); >+ SizeTemp = Size1 + Size2 + sizeof (CHAR16); > if (!((*Str == '\\') && (*(Str + 1) == 0))) { >- StrCat (Str, L"\\"); >+ StrCatS (Str, (Size2 + sizeof (CHAR16)) / sizeof (CHAR16), L"\\"); >+ SizeTemp = Size2 + sizeof (CHAR16); > } > >- StrCat (Str, Str2); >+ StrCatS (Str, SizeTemp / sizeof (CHAR16), Str2); > > Ptr = Str; > LastSlash = Str; > while (*Ptr != 0) { > if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '.' && *(Ptr + 3) > == L'\\') { >@@ -168,27 +171,27 @@ AppendFileName ( > // DO NOT convert the .. if it is at the end of the string. This will > // break the .. behavior in changing directories. > // > > // >- // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of >two strings >+ // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy >of two strings > // that overlap. > // >- StrCpy (TmpStr, Ptr + 3); >- StrCpy (LastSlash, TmpStr); >+ StrCpyS (TmpStr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), >Ptr + 3); >+ StrCpyS (LastSlash, (Size1 + Size2 + sizeof (CHAR16)) / sizeof >(CHAR16), TmpStr); > Ptr = LastSlash; > } else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') { > // > // Convert a "\.\" to a "\" > // > > // >- // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of >two strings >+ // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy >of two strings > // that overlap. > // >- StrCpy (TmpStr, Ptr + 2); >- StrCpy (Ptr, TmpStr); >+ StrCpyS (TmpStr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), >Ptr + 2); >+ StrCpyS (Ptr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), >TmpStr); > Ptr = LastSlash; > } else if (*Ptr == '\\') { > LastSlash = Ptr; > } > >diff --git >a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c >b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c >index 13c7c27..735d0ab 100644 >--- >a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c >+++ >b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c >@@ -182,11 +182,11 @@ StringToGuid ( > Buffer = (CHAR16 *) AllocateZeroPool (sizeof (CHAR16) * (StrLen + 1)); > if (Buffer == NULL) { > return EFI_OUT_OF_RESOURCES; > } > >- StrCpy (Buffer, Str); >+ StrCpyS (Buffer, (StrLen + 1), Str); > > // > // Data1 > // > PtrBuffer = Buffer; >-- >1.9.5.msysgit.1 > > > >------------------------------------------------------------------------------ >Don't Limit Your Business. Reach for the Cloud. >GigeNET's Cloud Solutions provide you with the tools and support that >you need to offload your IT needs and focus on growing your business. >Configured For All Businesses. Start Your Cloud Today. >https://www.gigenetcloud.com/ >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
