sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls

Browse Source 
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Hao Wu
2017-12-18 08:57:27 +08:00
parent f6401aedca
commit 938cf4b9bd
2 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
BaseTools/Source/C/Common/CommonLib.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Common basic Library Functions Common basic Library Functions
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -638,12 +638,22 @@ Returns:
// //
RootPath = getcwd (NULL, 0); RootPath = getcwd (NULL, 0);
if (RootPath != NULL) { if (RootPath != NULL) {
strcat (mCommonLibFullPath, RootPath); if (strlen (mCommonLibFullPath) + strlen (RootPath) > MAX_LONG_FILE_PATH - 1) {
Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
free (RootPath);
return NULL;
}
strncat (mCommonLibFullPath, RootPath, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
if (FileName[0] != '\\' && FileName[0] != '/') { if (FileName[0] != '\\' && FileName[0] != '/') {
if (strlen (mCommonLibFullPath) + 1 > MAX_LONG_FILE_PATH - 1) {
Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
free (RootPath);
return NULL;
}
// //
// Attach directory separator // Attach directory separator
// //
strcat (mCommonLibFullPath, "\\"); strncat (mCommonLibFullPath, "\\", MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
} }
free (RootPath); free (RootPath);
} }
@ -673,7 +683,7 @@ Returns:
// //
if ((PathPointer = strstr (mCommonLibFullPath, ":\\\\")) != NULL) { if ((PathPointer = strstr (mCommonLibFullPath, ":\\\\")) != NULL) {
*(PathPointer + 2) = '\0'; *(PathPointer + 2) = '\0';
strcat (mCommonLibFullPath, PathPointer + 3); strncat (mCommonLibFullPath, PathPointer + 3, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
} }
// //
@ -681,7 +691,7 @@ Returns:
// //
while ((PathPointer = strstr (mCommonLibFullPath, ".\\")) != NULL) { while ((PathPointer = strstr (mCommonLibFullPath, ".\\")) != NULL) {
*PathPointer = '\0'; *PathPointer = '\0';
strcat (mCommonLibFullPath, PathPointer + 2); strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
} }
// //
@ -689,7 +699,7 @@ Returns:
// //
while ((PathPointer = strstr (mCommonLibFullPath, "\\.\\")) != NULL) { while ((PathPointer = strstr (mCommonLibFullPath, "\\.\\")) != NULL) {
*PathPointer = '\0'; *PathPointer = '\0';
strcat (mCommonLibFullPath, PathPointer + 2); strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
} }
// //
@ -706,7 +716,7 @@ Returns:
// Skip one directory // Skip one directory
// //
*PathPointer = '\0'; *PathPointer = '\0';
strcat (mCommonLibFullPath, NextPointer); strncat (mCommonLibFullPath, NextPointer, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
} else { } else {
// //
// No directory is found. Just break. // No directory is found. Just break.

9
BaseTools/Source/C/Common/EfiUtilityMsgs.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
EFI tools utility functions to display warning, error, and informational messages EFI tools utility functions to display warning, error, and informational messages
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -608,12 +608,9 @@ Returns:
if (UtilityName != NULL) { if (UtilityName != NULL) {
if (strlen (UtilityName) >= sizeof (mUtilityName)) { if (strlen (UtilityName) >= sizeof (mUtilityName)) {
Error (UtilityName, 0, 0, "application error", "utility name length exceeds internal buffer size"); Error (UtilityName, 0, 0, "application error", "utility name length exceeds internal buffer size");
strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
mUtilityName[sizeof (mUtilityName) - 1] = 0;
return ;
} else {
strcpy (mUtilityName, UtilityName);
} }
strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
mUtilityName[sizeof (mUtilityName) - 1] = 0;
} else { } else {
Error (NULL, 0, 0, "application error", "SetUtilityName() called with NULL utility name"); Error (NULL, 0, 0, "application error", "SetUtilityName() called with NULL utility name");
} }