sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use StrnCat instead of StrCat to avoid target buffer overflow.

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Eric Dong <Eric.Dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15797 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Jeff Fan
2014-08-14 02:00:11 +00:00
committed by vanjeff
parent 74a6d86079
commit a1360fa3de
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
The platform device manager reference implementation The platform device manager reference implementation
Copyright (c) 2004 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -1260,6 +1260,7 @@ CallDriverHealth (
LIST_ENTRY *Link; LIST_ENTRY *Link;
EFI_DEVICE_PATH_PROTOCOL *DriverDevicePath; EFI_DEVICE_PATH_PROTOCOL *DriverDevicePath;
BOOLEAN RebootRequired; BOOLEAN RebootRequired;
UINTN StringSize;
Index = 0; Index = 0;
DriverHealthInfo = NULL; DriverHealthInfo = NULL;
@ -1341,7 +1342,8 @@ CallDriverHealth (
// //
// Assume no line strings is longer than 512 bytes. // Assume no line strings is longer than 512 bytes.
// //
String = (EFI_STRING) AllocateZeroPool (0x200); StringSize = 0x200;
String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL); ASSERT (String != NULL);
Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle, &DriverName); Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle, &DriverName);
@ -1410,7 +1412,7 @@ CallDriverHealth (
} }
ASSERT (TmpString != NULL); ASSERT (TmpString != NULL);
StrCat (String, TmpString); StrnCat (String, TmpString, StringSize / sizeof (CHAR16) - StrLen (String) - 1);
FreePool (TmpString); FreePool (TmpString);
Token = HiiSetString (HiiHandle, 0, String, NULL); Token = HiiSetString (HiiHandle, 0, String, NULL);

11
IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Perform the platform memory test Perform the platform memory test
Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR> Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -230,11 +230,13 @@ BdsMemoryTest (
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color; EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color;
BOOLEAN IsFirstBoot; BOOLEAN IsFirstBoot;
UINT32 TempData; UINT32 TempData;
UINTN StrTotalMemorySize;
ReturnStatus = EFI_SUCCESS; ReturnStatus = EFI_SUCCESS;
ZeroMem (&Key, sizeof (EFI_INPUT_KEY)); ZeroMem (&Key, sizeof (EFI_INPUT_KEY));
Pos = AllocatePool (128); StrTotalMemorySize = 128;
Pos = AllocateZeroPool (StrTotalMemorySize);
if (Pos == NULL) { if (Pos == NULL) {
return ReturnStatus; return ReturnStatus;
@ -322,7 +324,7 @@ BdsMemoryTest (
// //
// TmpStr size is 64, StrPercent is reserved to 16. // TmpStr size is 64, StrPercent is reserved to 16.
// //
StrCat (StrPercent, TmpStr); StrnCat (StrPercent, TmpStr, sizeof (StrPercent) / sizeof (CHAR16) - StrLen (StrPercent) - 1);
PrintXY (10, 10, NULL, NULL, StrPercent); PrintXY (10, 10, NULL, NULL, StrPercent);
FreePool (TmpStr); FreePool (TmpStr);
} }
@ -382,11 +384,12 @@ Done:
UnicodeValueToString (StrTotalMemory, COMMA_TYPE, TotalMemorySize, 0); UnicodeValueToString (StrTotalMemory, COMMA_TYPE, TotalMemorySize, 0);
if (StrTotalMemory[0] == L',') { if (StrTotalMemory[0] == L',') {
StrTotalMemory++; StrTotalMemory++;
StrTotalMemorySize -= sizeof (CHAR16);
} }
TmpStr = GetStringById (STRING_TOKEN (STR_MEM_TEST_COMPLETED)); TmpStr = GetStringById (STRING_TOKEN (STR_MEM_TEST_COMPLETED));
if (TmpStr != NULL) { if (TmpStr != NULL) {
StrCat (StrTotalMemory, TmpStr); StrnCat (StrTotalMemory, TmpStr, StrTotalMemorySize / sizeof (CHAR16) - StrLen (StrTotalMemory) - 1);
FreePool (TmpStr); FreePool (TmpStr);
} }