sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BaseTools/GenFv: Add/refine boundary checks for strcpy/strcat calls

Browse Source 
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Hao Wu
2017-12-18 09:18:58 +08:00
parent 1bdd9465c1
commit fc42d0e890
1 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
BaseTools/Source/C/GenFv/GenFvInternalLib.c
View File

@ -824,7 +824,11 @@ Returns:
// //
// Construct Map file Name // Construct Map file Name
// //
strcpy (PeMapFileName, FileName); if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
return EFI_ABORTED;
}
strncpy (PeMapFileName, FileName, MAX_LONG_FILE_PATH - 1);
PeMapFileName[MAX_LONG_FILE_PATH - 1] = 0;
// //
// Change '\\' to '/', unified path format. // Change '\\' to '/', unified path format.
@ -861,7 +865,11 @@ Returns:
Cptr --; Cptr --;
} }
*Cptr2 = '\0'; *Cptr2 = '\0';
strcpy (KeyWord, Cptr + 1); if (strlen (Cptr + 1) >= MAX_LINE_LEN) {
return EFI_ABORTED;
}
strncpy (KeyWord, Cptr + 1, MAX_LINE_LEN - 1);
KeyWord[MAX_LINE_LEN - 1] = 0;
*Cptr2 = '.'; *Cptr2 = '.';
// //
@ -3534,7 +3542,12 @@ Returns:
// //
// Construct the original efi file Name // Construct the original efi file Name
// //
strcpy (PeFileName, FileName); if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
return EFI_ABORTED;
}
strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName); Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') { while (*Cptr != '.') {
Cptr --; Cptr --;
@ -3789,7 +3802,12 @@ Returns:
// //
// Construct the original efi file name // Construct the original efi file name
// //
strcpy (PeFileName, FileName); if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
return EFI_ABORTED;
}
strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName); Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') { while (*Cptr != '.') {
Cptr --; Cptr --;