Commit r17732 to r17739 used safe string functions to replace the old ones in IntelFrameworkModulePkg. However, these changes broght the following two issues:
1. AllocateCopyPool (AllocationSize, Buffer) Some usage of AllocateCopyPool() will read contents out of the scope of 'Buffer'. Potential risk when 'Buffer' is allocated at the boundary of memory region. 2. Some replacement of StrnCpy/StrnCat with StrCpyS/StrCatS functions These changes will cause ASSERT when buffer overflow occurs, the patches will use StrnCpyS/StrnCatS instead to resolve this issue. Hao Wu (5): IntelFrameworkModulePkg GenericBdsLib: Resolve issue brought by r17733 IntelFrameworkModulePkg BdsDxe: Resolve issue brought by r17735 IntelFrameworkModulePkg BootMaint: Resolve issue brought by r17736 IntelFrameworkModulePkg BootMngr: Resolve issue brought by r17737 IntelFrameworkModulePkg DeviceMngr: Resolve issue brought by r17738 .../Library/GenericBdsLib/BdsMisc.c | 20 ++++++++++++-------- .../Universal/BdsDxe/BootMaint/BootOption.c | 3 ++- .../Universal/BdsDxe/BootMngr/BootManager.c | 3 ++- .../Universal/BdsDxe/DeviceMngr/DeviceManager.c | 3 ++- .../Universal/BdsDxe/MemoryTest.c | 14 ++++++++++++-- 5 files changed, 30 insertions(+), 13 deletions(-) -- 1.9.5.msysgit.0 ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
