Changes compared with v1:

Commit messages are modified for easy understanding.

Cover letter for patch v1:

Commit r17732 to r17739 used safe string functions to replace the old ones
in IntelFrameworkModulePkg. However, these changes broght the following
two issues:

1. AllocateCopyPool (AllocationSize, Buffer)

Some usage of AllocateCopyPool() will read contents out of the scope
of 'Buffer'. Potential risk when 'Buffer' is allocated at the boundary of
memory region.

2. Some replacement of StrnCpy/StrnCat with StrCpyS/StrCatS functions

These changes will cause ASSERT when buffer overflow occurs, the
patches will use StrnCpyS/StrnCatS instead to resolve this issue.

Hao Wu (5):
  IntelFrameworkModulePkg GenericBdsLib: Potential read over memory
    boudary
  IntelFrameworkModulePkg BdsDxe: Fix ASSERT in BdsMemoryTest
  IntelFrameworkModulePkg BootMaint: Fix potential read over memory
    boundary
  IntelFrameworkModulePkg BootMngr: Fix potential read over memory
    boundary
  IntelFrameworkModulePkg DeviceMngr: Potential read over memory
    boundary

 .../Library/GenericBdsLib/BdsMisc.c                  | 20 ++++++++++++--------
 .../Universal/BdsDxe/BootMaint/BootOption.c          |  3 ++-
 .../Universal/BdsDxe/BootMngr/BootManager.c          |  3 ++-
 .../Universal/BdsDxe/DeviceMngr/DeviceManager.c      |  3 ++-
 .../Universal/BdsDxe/MemoryTest.c                    | 14 ++++++++++++--
 5 files changed, 30 insertions(+), 13 deletions(-)

-- 
1.9.5.msysgit.0


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to