sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls

Browse Source 
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Hao Wu
2017-12-18 08:57:27 +08:00
parent f6401aedca
commit 938cf4b9bd
2 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
BaseTools/Source/C/Common/EfiUtilityMsgs.c
View File

@ -1,7 +1,7 @@
/** @file
EFI tools utility functions to display warning, error, and informational messages
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -608,12 +608,9 @@ Returns:
if (UtilityName != NULL) {
if (strlen (UtilityName) >= sizeof (mUtilityName)) {
Error (UtilityName, 0, 0, "application error", "utility name length exceeds internal buffer size");
strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
mUtilityName[sizeof (mUtilityName) - 1] = 0;
return ;
} else {
strcpy (mUtilityName, UtilityName);
}
strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
mUtilityName[sizeof (mUtilityName) - 1] = 0;
} else {
Error (NULL, 0, 0, "application error", "SetUtilityName() called with NULL utility name");
}