Changes compared with v1:
Commit messages are modified for easy understanding.
Cover letter for patch v1:
Commit r17732 to r17739 used safe string functions to replace the old ones
in IntelFrameworkModulePkg. However, these changes broght the following
two issues:
1. AllocateCopyPool (AllocationSize, Buffer)
Some usage of AllocateCopyPool() will read contents out of the scope
of 'Buffer'. Potential risk when 'Buffer' is allocated at the boundary of
memory region.
2. Some replacement of StrnCpy/StrnCat with StrCpyS/StrCatS functions
These changes will cause ASSERT when buffer overflow occurs, the
patches will use StrnCpyS/StrnCatS instead to resolve this issue.
Hao Wu (5):
IntelFrameworkModulePkg GenericBdsLib: Potential read over memory
boudary
IntelFrameworkModulePkg BdsDxe: Fix ASSERT in BdsMemoryTest
IntelFrameworkModulePkg BootMaint: Fix potential read over memory
boundary
IntelFrameworkModulePkg BootMngr: Fix potential read over memory
boundary
IntelFrameworkModulePkg DeviceMngr: Potential read over memory
boundary
.../Library/GenericBdsLib/BdsMisc.c | 20 ++++++++++++--------
.../Universal/BdsDxe/BootMaint/BootOption.c | 3 ++-
.../Universal/BdsDxe/BootMngr/BootManager.c | 3 ++-
.../Universal/BdsDxe/DeviceMngr/DeviceManager.c | 3 ++-
.../Universal/BdsDxe/MemoryTest.c | 14 ++++++++++++--
5 files changed, 30 insertions(+), 13 deletions(-)
--
1.9.5.msysgit.0
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
