sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg OpalPasswordDxe: Fix buffer overflow issue.

Browse Source 
In current code, PSID is processed as string and the length is 0x20.
Current code only reserved 0x20 length buffer for it, no extra buffer
for the '\0'. When driver call UnicodeStrToAsciiStrS to convert PSID,
it search the '\0' for the end. So extra dirty data saved in PSID
info which caused PSID revert action failed. This patch reserved
extra 1 byte data for the '\0'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Dong, Eric
2016-08-02 19:32:30 +08:00
committed by Star Zeng
parent a6d594c5fa
commit 4636e4426a
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
View File

@@ -595,12 +595,15 @@ HiiPsidRevert(
OPAL_DISK *OpalDisk;
TCG_RESULT Ret;
OPAL_SESSION Session;
UINT8 TmpBuf[PSID_CHARACTER_STRING_END_LENGTH];
Ret = TcgResultFailure;
OpalHiiGetBrowserData();
UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)Psid.Psid, PSID_CHARACTER_LENGTH);
ZeroMem (TmpBuf, sizeof (TmpBuf));
UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH);
CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH);
OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex);
if (OpalDisk != NULL) {