MdeModulePkg/UdfDxe: Refine boundary checks for file/path name string

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828

The commit refines the boundary checks for file/path name string to
prevent possible buffer overrun.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Acked-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Hao Wu
2017-12-12 16:30:18 +08:00
parent 4df8f5bfa2
commit b9ae1705ad
3 changed files with 110 additions and 15 deletions

View File

@@ -2,6 +2,7 @@
UDF/ECMA-167 file system driver.
Copyright (C) 2014-2017 Paulo Alcantara <pcacjr@zytor.com>
Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
@@ -559,9 +560,16 @@ UdfSetPosition (
/**
Get information about a file.
@attention This is boundary function that may receive untrusted input.
@attention The input is from FileSystem.
The File Set Descriptor is external input, so this routine will do basic
validation for File Set Descriptor and report status.
@param This Protocol instance pointer.
@param InformationType Type of information to return in Buffer.
@param BufferSize On input size of buffer, on output amount of data in buffer.
@param BufferSize On input size of buffer, on output amount of data in
buffer.
@param Buffer The buffer to return data.
@retval EFI_SUCCESS Data was returned.
@@ -571,7 +579,8 @@ UdfSetPosition (
@retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.
@retval EFI_WRITE_PROTECTED The device is write protected.
@retval EFI_ACCESS_DENIED The file was open for read only.
@retval EFI_BUFFER_TOO_SMALL Buffer was too small; required size returned in BufferSize.
@retval EFI_BUFFER_TOO_SMALL Buffer was too small; required size returned in
BufferSize.
**/
EFI_STATUS
@@ -769,21 +778,38 @@ ReadDirectoryEntry (
Get a filename (encoded in OSTA-compressed format) from a File Identifier
Descriptor on an UDF volume.
@attention This is boundary function that may receive untrusted input.
@attention The input is from FileSystem.
The File Identifier Descriptor is external input, so this routine will do
basic validation for File Identifier Descriptor and report status.
@param[in] FileIdentifierDesc File Identifier Descriptor pointer.
@param[in] CharMax The maximum number of FileName Unicode char,
including terminating null char.
@param[out] FileName Decoded filename.
@retval EFI_SUCCESS Filename decoded and read.
@retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.
@retval EFI_BUFFER_TOO_SMALL The string buffer FileName cannot hold the
decoded filename.
**/
EFI_STATUS
GetFileNameFromFid (
IN UDF_FILE_IDENTIFIER_DESCRIPTOR *FileIdentifierDesc,
IN UINTN CharMax,
OUT CHAR16 *FileName
);
/**
Resolve a symlink file on an UDF volume.
@attention This is boundary function that may receive untrusted input.
@attention The input is from FileSystem.
The Path Component is external input, so this routine will do basic
validation for Path Component and report status.
@param[in] BlockIo BlockIo interface.
@param[in] DiskIo DiskIo interface.
@param[in] Volume UDF volume information structure.