Hi While doing the copy and append operation, unsafe string functions don't check the buffer size of the destination so it may cause potential risk of buffer-overflow. Then I used safe string functions( defined in SafeString.c) to replace the unsafe ones. As follows
StrCpy => StrCpyS StrnCpy => StrnCpyS StrCat => StrCatS StrnCat => StrnCats AsciiStrCpy => AsciiStrCpyS AsciiStrnCpy => AsciiStrnCpyS AsciiStrCat => AsciiStrCatS AsciiStrnCat => AsciiStrnCats The safe string functions (StrCpyS/StrnCpyS, StrCatS/StrnCatS, AsciiStrCpyS/AsciiStrnCpyS, AsciiStrCatS/AsciiStrnCatS) require users to pass the max number of destination char as an argument so it can avoid the buffer overflow. The impacted files (about 114)in the following locations ,include NetworkPkg, MdeModulePkg and SecurityPkg. -----Original Message----- From: Carsey, Jaben [mailto:jaben.car...@intel.com] Sent: Tuesday, June 30, 2015 10:51 PM To: edk2-devel@lists.sourceforge.net Subject: Re: [edk2] [patch 2/2] NetworkPkg:Replace unsafe string functions. You have the number 128 added in lots of places. Where is this number from? Should you use a #define or a PCD or something? If the string was made longer, this would be painful to update so many locations. Inline comments also. >-----Original Message----- >From: Zhang Lubo [mailto:lubo.zh...@intel.com] >Sent: Tuesday, June 30, 2015 1:26 AM >To: edk2-devel@lists.sourceforge.net >Subject: [edk2] [patch 2/2] NetworkPkg:Replace unsafe string functions. > >Replace unsafe string functions with new added safe string functions. > >Contributed-under: TianoCore Contribution Agreement 1.0 >Signed-off-by: Zhang Lubo <lubo.zh...@intel.com> >--- > NetworkPkg/Application/IfConfig6/IfConfig6.c | 6 ++-- > NetworkPkg/Application/IpsecConfig/Indexer.c | 2 +- > .../Application/IpsecConfig/PolicyEntryOperation.c | 4 +-- > NetworkPkg/IScsiDxe/IScsiConfig.c | 2 +- > NetworkPkg/IScsiDxe/IScsiDhcp.c | 2 +- > NetworkPkg/IScsiDxe/IScsiDhcp6.c | 2 +- > NetworkPkg/IScsiDxe/IScsiExtScsiPassThru.c | 2 +- > NetworkPkg/Mtftp6Dxe/Mtftp6Support.c | 13 +++++---- > NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c | 32 ++++++++++++---------- > NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c | 6 ++-- > NetworkPkg/UefiPxeBcDxe/PxeBcSupport.h | 6 ++-- > 11 files changed, 44 insertions(+), 33 deletions(-) > >diff --git a/NetworkPkg/Application/IfConfig6/IfConfig6.c >b/NetworkPkg/Application/IfConfig6/IfConfig6.c >index 9e228ca..ded3df5 100644 >--- a/NetworkPkg/Application/IfConfig6/IfConfig6.c >+++ b/NetworkPkg/Application/IfConfig6/IfConfig6.c >@@ -134,11 +134,11 @@ SplitStrToList ( > // > // Copy the CONST string to a local copy. > // > Str = (CHAR16 *) AllocateZeroPool (StrSize (String)); > ASSERT (Str != NULL); >- Str = StrnCpy (Str, String, StrLen (String)); >+ Str = StrnCpyS (Str, StrSize (String) / sizeof (CHAR16), String, StrLen >(String)); Great place for AllocateCopyPool use. > ArgStr = Str; > > // > // init a node for the list head. > // >@@ -1718,11 +1718,11 @@ IfConfig6Initialize ( > ValueStr = ShellCommandLineGetValue (ParamPackage, L"-l"); > if (ValueStr != NULL) { > Str = (CHAR16 *) AllocateZeroPool (StrSize (ValueStr)); > ASSERT (Str != NULL); > >- Str = StrnCpy (Str, ValueStr, StrLen (ValueStr)); >+ Str = StrnCpyS (Str, StrSize (ValueStr) / sizeof (CHAR16), >ValueStr, StrLen (ValueStr)); AllocateCopyPool > Private->IfName = Str; > } > } > // > // To get interface name for the clear option. >@@ -1732,11 +1732,11 @@ IfConfig6Initialize ( > ValueStr = ShellCommandLineGetValue (ParamPackage, L"-r"); > if (ValueStr != NULL) { > Str = (CHAR16 *) AllocateZeroPool (StrSize (ValueStr)); > ASSERT (Str != NULL); > >- Str = StrnCpy (Str, ValueStr, StrLen (ValueStr)); >+ Str = StrnCpyS (Str, StrSize (ValueStr) / sizeof (CHAR16), >ValueStr, StrLen (ValueStr)); AlocateCopyPool > Private->IfName = Str; > } > } > // > // To get interface name and corresponding Args for the set option. >diff --git a/NetworkPkg/Application/IpsecConfig/Indexer.c >b/NetworkPkg/Application/IpsecConfig/Indexer.c >index 9e066b1..fbee27f 100644 >--- a/NetworkPkg/Application/IpsecConfig/Indexer.c >+++ b/NetworkPkg/Application/IpsecConfig/Indexer.c >@@ -233,11 +233,11 @@ ConstructPadIndexer ( > return EFI_INVALID_PARAMETER; > } > > Indexer->PadId.PeerIdValid = TRUE; > ZeroMem (Indexer->PadId.Id.PeerId, MAX_PEERID_LEN); >- StrnCpy ((CHAR16 *) Indexer->PadId.Id.PeerId, ValueStr, ARRAY_SIZE >(Indexer->PadId.Id.PeerId) - 1); >+ StrnCpyS ((CHAR16 *) Indexer->PadId.Id.PeerId, MAX_PEERID_LEN / >+ 2, ValueStr, ARRAY_SIZE (Indexer->PadId.Id.PeerId) - 1); > } > } > > return EFI_SUCCESS; > } >diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c >b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c >index 7e04573..433ab69 100644 >--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c >+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c >@@ -1102,11 +1102,11 @@ CreatePadEntry ( > } > > ValueStr = ShellCommandLineGetValue (ParamPackage, L"--peer-id"); > if (ValueStr != NULL) { > (*PadId)->PeerIdValid = TRUE; >- StrnCpy ((CHAR16 *) (*PadId)->Id.PeerId, ValueStr, ARRAY_SIZE >((*PadId)->Id.PeerId) - 1); >+ StrnCpyS ((CHAR16 *) (*PadId)->Id.PeerId, MAX_PEERID_LEN / 2, >+ ValueStr, ARRAY_SIZE ((*PadId)->Id.PeerId) - 1); > *Mask |= PEER_ID; > } > > ValueStr = ShellCommandLineGetValue (ParamPackage, L"--auth-data"); > if (ValueStr != NULL) { >@@ -1397,11 +1397,11 @@ CombineSpdEntry ( > } > // > // Process Data > // > if ((Mask & NAME) != 0) { >- AsciiStrCpy ((CHAR8 *) OldData->Name, (CHAR8 *) NewData->Name); >+ AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *) >+ NewData->Name); > } > > if ((Mask & PACKET_FLAG) != 0) { > OldData->PackageFlag = NewData->PackageFlag; > } >diff --git a/NetworkPkg/IScsiDxe/IScsiConfig.c >b/NetworkPkg/IScsiDxe/IScsiConfig.c >index 591b522..cb10a39 100644 >--- a/NetworkPkg/IScsiDxe/IScsiConfig.c >+++ b/NetworkPkg/IScsiDxe/IScsiConfig.c >@@ -2391,11 +2391,11 @@ IScsiFormCallback ( > &Key, > L"Invalid iSCSI Name!", > NULL > ); > } else { >- AsciiStrCpy (Private->Current->SessionConfigData.TargetName, >IScsiName); >+ AsciiStrCpyS (Private->Current->SessionConfigData.TargetName, >+ ISCSI_NAME_MAX_SIZE,IScsiName); > } > > break; > > case KEY_DHCP_ENABLE: >diff --git a/NetworkPkg/IScsiDxe/IScsiDhcp.c >b/NetworkPkg/IScsiDxe/IScsiDhcp.c index 3706256..fa2412e 100644 >--- a/NetworkPkg/IScsiDxe/IScsiDhcp.c >+++ b/NetworkPkg/IScsiDxe/IScsiDhcp.c >@@ -173,11 +173,11 @@ IScsiDhcpExtractRootPath ( > Status = IScsiNormalizeName (Field->Str, AsciiStrLen (Field->Str)); > if (EFI_ERROR (Status)) { > goto ON_EXIT; > } > >- AsciiStrCpy (ConfigNvData->TargetName, Field->Str); >+ AsciiStrCpyS (ConfigNvData->TargetName, ISCSI_NAME_MAX_SIZE, >+ Field->Str); > > ON_EXIT: > > FreePool (TmpStr); > >diff --git a/NetworkPkg/IScsiDxe/IScsiDhcp6.c >b/NetworkPkg/IScsiDxe/IScsiDhcp6.c >index 2627a59..a422325 100644 >--- a/NetworkPkg/IScsiDxe/IScsiDhcp6.c >+++ b/NetworkPkg/IScsiDxe/IScsiDhcp6.c >@@ -201,11 +201,11 @@ IScsiDhcp6ExtractRootPath ( > Status = IScsiNormalizeName (Field->Str, AsciiStrLen (Field->Str)); > if (EFI_ERROR (Status)) { > goto ON_EXIT; > } > >- AsciiStrCpy (ConfigNvData->TargetName, Field->Str); >+ AsciiStrCpyS (ConfigNvData->TargetName, ISCSI_NAME_MAX_SIZE, >+ Field->Str); > > ON_EXIT: > > FreePool (TmpStr); > >diff --git a/NetworkPkg/IScsiDxe/IScsiExtScsiPassThru.c >b/NetworkPkg/IScsiDxe/IScsiExtScsiPassThru.c >index c785853..87c6fa8 100644 >--- a/NetworkPkg/IScsiDxe/IScsiExtScsiPassThru.c >+++ b/NetworkPkg/IScsiDxe/IScsiExtScsiPassThru.c >@@ -271,11 +271,11 @@ IScsiExtScsiPassThruBuildDevicePath ( > break; > } > > CopyMem (&Node->Iscsi.Lun, ConfigNvData->BootLun, sizeof (UINT64)); > Node->Iscsi.TargetPortalGroupTag = Session->TargetPortalGroupTag; >- AsciiStrCpy ((CHAR8 *) Node + sizeof (ISCSI_DEVICE_PATH), >ConfigNvData->TargetName); >+ AsciiStrCpyS ((CHAR8 *) Node + sizeof (ISCSI_DEVICE_PATH), >+ AsciiStrLen (ConfigNvData->TargetName) + 1, ConfigNvData- >>TargetName); > > *DevicePath = (EFI_DEVICE_PATH_PROTOCOL *) Node; > > return EFI_SUCCESS; > } >diff --git a/NetworkPkg/Mtftp6Dxe/Mtftp6Support.c >b/NetworkPkg/Mtftp6Dxe/Mtftp6Support.c >index f5b2231..c03eedd 100644 >--- a/NetworkPkg/Mtftp6Dxe/Mtftp6Support.c >+++ b/NetworkPkg/Mtftp6Dxe/Mtftp6Support.c >@@ -510,23 +510,26 @@ Mtftp6SendRequest ( > Packet = (EFI_MTFTP6_PACKET *) NetbufAllocSpace (Nbuf, Len, FALSE); > ASSERT (Packet != NULL); > > Packet->OpCode = HTONS (Operation); > Cur = Packet->Rrq.Filename; >- Cur = (UINT8 *) AsciiStrCpy ((CHAR8 *) Cur, (CHAR8 *) >Token->Filename); >+ Cur = (UINT8 *) AsciiStrCpyS ((CHAR8 *) Cur, Len - 2, (CHAR8 *) >Token->Filename); > Cur += AsciiStrLen ((CHAR8 *) Token->Filename) + 1; >- Cur = (UINT8 *) AsciiStrCpy ((CHAR8 *) Cur, (CHAR8 *) Mode); >+ Cur = (UINT8 *) AsciiStrCpyS ((CHAR8 *) Cur, Len - 2 - >(AsciiStrLen ((CHAR8 *) Token->Filename) + 1), (CHAR8 *) Mode); > Cur += AsciiStrLen ((CHAR8 *) Mode) + 1; >+ Len -= ((UINT32) AsciiStrLen ((CHAR8 *) Token->Filename) + (UINT32) >+ AsciiStrLen ((CHAR8 *) Mode) + 4); > > // > // Copy all the extension options into the packet. > // > for (Index = 0; Index < Token->OptionCount; ++Index) { >- Cur = (UINT8 *) AsciiStrCpy ((CHAR8 *) Cur, (CHAR8 *) >Options[Index].OptionStr); >+ Cur = (UINT8 *) AsciiStrCpyS ((CHAR8 *) Cur, Len, (CHAR8 *) >+ Options[Index].OptionStr); > Cur += AsciiStrLen ((CHAR8 *) Options[Index].OptionStr) + 1; >- Cur = (UINT8 *) AsciiStrCpy ((CHAR8 *) Cur, (CHAR8 *) >Options[Index].ValueStr); >+ Len -= (AsciiStrLen ((CHAR8 *) Options[Index].OptionStr) + 1); >+ Cur = (UINT8 *) AsciiStrCpyS ((CHAR8 *) Cur, Len, (CHAR8 *) >+ Options[Index].ValueStr); > Cur += AsciiStrLen ((CHAR8 *) (CHAR8 *) Options[Index].ValueStr) + > 1; >+ Len -= (AsciiStrLen ((CHAR8 *) (CHAR8 *) Options[Index].ValueStr) >+ + 1); > } > > // > // Save the packet buf for retransmit > // >@@ -582,11 +585,11 @@ Mtftp6SendError ( > } > > TftpError->OpCode = HTONS (EFI_MTFTP6_OPCODE_ERROR); > TftpError->Error.ErrorCode = HTONS (ErrCode); > >- AsciiStrCpy ((CHAR8 *) TftpError->Error.ErrorMessage, (CHAR8 *) >ErrInfo); >+ AsciiStrCpyS ((CHAR8 *) TftpError->Error.ErrorMessage, ARRAY_SIZE >+ (TftpError->Error.ErrorMessage), (CHAR8 *) ErrInfo); > > // > // Save the packet buf for retransmit > // > if (Instance->LastPacket != NULL) { >diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c >b/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c >index 09196c7..3dc77d8 100644 >--- a/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c >+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c >@@ -62,12 +62,13 @@ PxeBcMtftp6CheckPacket ( > // > // Store the tftp error message into mode data and set the received flag. > // > Private->Mode.TftpErrorReceived = TRUE; > Private->Mode.TftpError.ErrorCode = (UINT8) Packet->Error.ErrorCode; >- AsciiStrnCpy ( >+ AsciiStrnCpyS ( > Private->Mode.TftpError.ErrorString, >+ PXE_MTFTP_ERROR_STRING_LENGTH, > (CHAR8 *) Packet->Error.ErrorMessage, > PXE_MTFTP_ERROR_STRING_LENGTH > ); > Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = > '\0'; > } >@@ -149,17 +150,17 @@ PxeBcMtftp6GetFileSize ( > > // > // Build the required options for get info. > // > ReqOpt[0].OptionStr = (UINT8 *) >mMtftpOptions[PXE_MTFTP_OPTION_TSIZE_INDEX]; >- PxeBcUintnToAscDec (0, OptBuf); >+ PxeBcUintnToAscDec (0, OptBuf, 128); How is this related to the Str???? safe string function changes? > ReqOpt[0].ValueStr = OptBuf; > > if (BlockSize != NULL) { > ReqOpt[1].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[1].ValueStr = (UINT8 *) (ReqOpt[0].ValueStr + AsciiStrLen ((CHAR8 > *) ReqOpt[0].ValueStr) + 1); >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[1].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[1].ValueStr, 128 - >+ (AsciiStrLen ((CHAR8 *) ReqOpt[0].ValueStr) + 1)); How is this related to the Str???? safe string function changes? > OptCnt++; > } > > Status = Mtftp6->GetInfo ( > Mtftp6, >@@ -176,12 +177,13 @@ PxeBcMtftp6GetFileSize ( > // > // Store the tftp error message into mode data and set the received > flag. > // > Private->Mode.TftpErrorReceived = TRUE; > Private->Mode.TftpError.ErrorCode = (UINT8) Packet->Error.ErrorCode; >- AsciiStrnCpy ( >+ AsciiStrnCpyS ( > Private->Mode.TftpError.ErrorString, >+ PXE_MTFTP_ERROR_STRING_LENGTH, > (CHAR8 *) Packet->Error.ErrorMessage, > PXE_MTFTP_ERROR_STRING_LENGTH > ); > Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] > = '\0'; > } >@@ -271,11 +273,11 @@ PxeBcMtftp6ReadFile ( > } > > if (BlockSize != NULL) { > ReqOpt[0].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[0].ValueStr = OptBuf; >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr, 128); > OptCnt++; > } > > Token.Event = NULL; > Token.OverrideData = NULL; >@@ -354,11 +356,11 @@ PxeBcMtftp6WriteFile ( > } > > if (BlockSize != NULL) { > ReqOpt[0].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[0].ValueStr = OptBuf; >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr, 128); > OptCnt++; > } > > Token.Event = NULL; > Token.OverrideData = NULL; >@@ -429,11 +431,11 @@ PxeBcMtftp6ReadDirectory ( > } > > if (BlockSize != NULL) { > ReqOpt[0].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[0].ValueStr = OptBuf; >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr, 128); > OptCnt++; > } > > Token.Event = NULL; > Token.OverrideData = NULL; >@@ -506,12 +508,13 @@ PxeBcMtftp4CheckPacket ( > // > // Store the tftp error message into mode data and set the received flag. > // > Private->Mode.TftpErrorReceived = TRUE; > Private->Mode.TftpError.ErrorCode = (UINT8) Packet->Error.ErrorCode; >- AsciiStrnCpy ( >+ AsciiStrnCpyS ( > Private->Mode.TftpError.ErrorString, >+ PXE_MTFTP_ERROR_STRING_LENGTH, > (CHAR8 *) Packet->Error.ErrorMessage, > PXE_MTFTP_ERROR_STRING_LENGTH > ); > Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = > '\0'; > } >@@ -593,17 +596,17 @@ PxeBcMtftp4GetFileSize ( > > // > // Build the required options for get info. > // > ReqOpt[0].OptionStr = (UINT8 *) >mMtftpOptions[PXE_MTFTP_OPTION_TSIZE_INDEX]; >- PxeBcUintnToAscDec (0, OptBuf); >+ PxeBcUintnToAscDec (0, OptBuf, 128); > ReqOpt[0].ValueStr = OptBuf; > > if (BlockSize != NULL) { > ReqOpt[1].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[1].ValueStr = (UINT8 *) (ReqOpt[0].ValueStr + AsciiStrLen ((CHAR8 > *) ReqOpt[0].ValueStr) + 1); >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[1].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[1].ValueStr, 128 - >+ (AsciiStrLen ((CHAR8 *) ReqOpt[0].ValueStr) + 1)); > OptCnt++; > } > > Status = Mtftp4->GetInfo ( > Mtftp4, >@@ -620,12 +623,13 @@ PxeBcMtftp4GetFileSize ( > // > // Store the tftp error message into mode data and set the received > flag. > // > Private->Mode.TftpErrorReceived = TRUE; > Private->Mode.TftpError.ErrorCode = (UINT8) Packet->Error.ErrorCode; >- AsciiStrnCpy ( >+ AsciiStrnCpyS ( > Private->Mode.TftpError.ErrorString, >+ PXE_MTFTP_ERROR_STRING_LENGTH, > (CHAR8 *) Packet->Error.ErrorMessage, > PXE_MTFTP_ERROR_STRING_LENGTH > ); > Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] > = '\0'; > } >@@ -715,11 +719,11 @@ PxeBcMtftp4ReadFile ( > } > > if (BlockSize != NULL) { > ReqOpt[0].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[0].ValueStr = OptBuf; >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr, 128); > OptCnt++; > } > > Token.Event = NULL; > Token.OverrideData = NULL; >@@ -798,11 +802,11 @@ PxeBcMtftp4WriteFile ( > } > > if (BlockSize != NULL) { > ReqOpt[0].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[0].ValueStr = OptBuf; >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr, 128); > OptCnt++; > } > > Token.Event = NULL; > Token.OverrideData = NULL; >@@ -873,11 +877,11 @@ PxeBcMtftp4ReadDirectory ( > } > > if (BlockSize != NULL) { > ReqOpt[0].OptionStr = (UINT8 *) > mMtftpOptions[PXE_MTFTP_OPTION_BLKSIZE_INDEX]; > ReqOpt[0].ValueStr = OptBuf; >- PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr); >+ PxeBcUintnToAscDec (*BlockSize, ReqOpt[0].ValueStr, 128); > OptCnt++; > } > > Token.Event = NULL; > Token.OverrideData = NULL; >diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c >b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c >index 88ae7b6..485b987 100644 >--- a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c >+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c >@@ -1390,18 +1390,20 @@ PxeBcUintnToAscDecWithFormat ( > This function is to convert a UINTN to a ASCII string, and return the > actual length of the buffer. > > @param[in] Number Numeric value to be converted. > @param[in] Buffer The pointer to the buffer for ASCII string. >+ @param[in] BufferSize The maxsize of the buffer. > > @return Length The actual length of the ASCII string. > > **/ > UINTN > PxeBcUintnToAscDec ( > IN UINTN Number, >- IN UINT8 *Buffer >+ IN UINT8 *Buffer, >+ IN UINTN BufferSize > ) > { > UINTN Index; > UINTN Length; > CHAR8 TempStr[64]; >@@ -1413,11 +1415,11 @@ PxeBcUintnToAscDec ( > Index--; > TempStr[Index] = (CHAR8) ('0' + (Number % 10)); > Number = (UINTN) (Number / 10); > } while (Number != 0); > >- AsciiStrCpy ((CHAR8 *) Buffer, &TempStr[Index]); >+ AsciiStrCpyS ((CHAR8 *) Buffer, BufferSize, &TempStr[Index]); > > Length = AsciiStrLen ((CHAR8 *) Buffer); > > return Length; > } >diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.h >b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.h >index fc99fad..0a43aeb 100644 >--- a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.h >+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.h >@@ -446,18 +446,20 @@ PxeBcUintnToAscDecWithFormat ( > This function is to convert a UINTN to a ASCII string, and return the > actual length of the buffer. > > @param[in] Number Numeric value to be converted. > @param[in] Buffer Pointer to the buffer for ASCII string. >- >+ @param[in] BufferSize The maxsize of the buffer. >+ > @return Length The actual length of the ASCII string. > > **/ > UINTN > PxeBcUintnToAscDec ( > IN UINTN Number, >- IN UINT8 *Buffer >+ IN UINT8 *Buffer, >+ IN UINTN BufferSize > ); > > /** > This function is to convert unicode hex number to a UINT8. > >-- >1.9.5.msysgit.1 > > > >----------------------------------------------------------------------- >------- Don't Limit Your Business. Reach for the Cloud. >GigeNET's Cloud Solutions provide you with the tools and support that >you need to offload your IT needs and focus on growing your business. >Configured For All Businesses. Start Your Cloud Today. >https://www.gigenetcloud.com/ >_______________________________________________ >edk2-devel mailing list >edk2-devel@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
