sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pointer verification (not NULL) and buffer overrun fixes.

Browse Source 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11459 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
jcarsey
2011-03-30 19:33:03 +00:00
parent 6b825919f1
commit 33c031ee20
21 changed files with 338 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ShellPkg/Library/UefiShellDebug1CommandsLib/SetVar.c
View File

@ -154,11 +154,15 @@ ShellCommandRunSetVar (
// arbitrary buffer
//
Buffer = AllocateZeroPool((StrLen(Data) / 2));
for (LoopVar = 0 ; LoopVar < (StrLen(Data) / 2) ; LoopVar++) {
((UINT8*)Buffer)[LoopVar] = (UINT8)(HexCharToUintn(Data[LoopVar*2]) * 16);
((UINT8*)Buffer)[LoopVar] = (UINT8)(((UINT8*)Buffer)[LoopVar] + HexCharToUintn(Data[LoopVar*2+1]));
if (Buffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
} else {
for (LoopVar = 0 ; LoopVar < (StrLen(Data) / 2) ; LoopVar++) {
((UINT8*)Buffer)[LoopVar] = (UINT8)(HexCharToUintn(Data[LoopVar*2]) * 16);
((UINT8*)Buffer)[LoopVar] = (UINT8)(((UINT8*)Buffer)[LoopVar] + HexCharToUintn(Data[LoopVar*2+1]));
}
Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, StrLen(Data) / 2, Buffer);
}
Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, StrLen(Data) / 2, Buffer);
if (EFI_ERROR(Status)) {
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_SETVAR_ERROR_SET), gShellDebug1HiiHandle, &Guid, VariableName, Status);
ShellStatus = SHELL_ACCESS_DENIED;
@ -181,11 +185,13 @@ ShellCommandRunSetVar (
//
Data++;
Buffer = AllocateZeroPool(StrSize(Data) / 2);
AsciiSPrint(Buffer, StrSize(Data) / 2, "%s", Data);
((CHAR8*)Buffer)[AsciiStrLen(Buffer)-1] = CHAR_NULL;
Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, AsciiStrSize(Buffer)-sizeof(CHAR8), Buffer);
if (Buffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
} else {
AsciiSPrint(Buffer, StrSize(Data) / 2, "%s", Data);
((CHAR8*)Buffer)[AsciiStrLen(Buffer)-1] = CHAR_NULL;
Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, AsciiStrSize(Buffer)-sizeof(CHAR8), Buffer);
}
if (EFI_ERROR(Status)) {
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_SETVAR_ERROR_SET), gShellDebug1HiiHandle, &Guid, VariableName, Status);
ShellStatus = SHELL_ACCESS_DENIED;