tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ShellPkg/UefiShellDebug1CommandsLib: Replace hardcoded SMBIOS strings. 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3805

Replace hardcoded SMBIOS Anchor string and size with defines.

Fix buffer overflow as described below.

Smbios64BitPrintEPSInfo () is coded like:
UINT8  Anchor[5];

MemToString (Anchor, SmbiosTable->AnchorString, 5);

But the definition of MemToString()
  Copy Length of Src buffer to Dest buffer,
  add a NULL termination to Dest buffer.

So Anchor needs to be +1 the size of the SMBIOS Anchor string `_SM3_`.

Changes from v1 to v2:
 - Replace doxygen style inline comments

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Andrew Fish <afish@apple.com>
Signed-off-by: Giri Mudusuru <girim@apple.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
This commit is contained in:
Giri Mudusuru 2023-05-06 18:28:24 +08:00 committed by mergify[bot]
parent 2d4c76f783
commit 0b37723186
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c
View File

@ -5,6 +5,7 @@
Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
(C) Copyright 2015-2019 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) 2023 Apple Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@ -135,7 +136,7 @@ SmbiosPrintEPSInfo (
IN UINT8 Option
)
{
UINT8 Anchor[5];
UINT8 Anchor[SMBIOS_ANCHOR_STRING_LENGTH + 1]; // Including terminating NULL character
UINT8 InAnchor[6];
if (SmbiosTable == NULL) {
@ -149,7 +150,7 @@ SmbiosPrintEPSInfo (
if (Option >= SHOW_NORMAL) {
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ENTRY_POINT_SIGN), gShellDebug1HiiHandle);
MemToString (Anchor, SmbiosTable->AnchorString, 4);
MemToString (Anchor, SmbiosTable->AnchorString, SMBIOS_ANCHOR_STRING_LENGTH);
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ANCHOR_STR), gShellDebug1HiiHandle, Anchor);
ShellPrintHiiEx (
-1,
@ -220,7 +221,7 @@ Smbios64BitPrintEPSInfo (
IN UINT8 Option
)
{
UINT8 Anchor[5];
UINT8 Anchor[SMBIOS_3_0_ANCHOR_STRING_LENGTH + 1]; // Including terminating NULL character
if (SmbiosTable == NULL) {
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_SMBIOSTABLE_NULL), gShellDebug1HiiHandle);
@ -234,7 +235,7 @@ Smbios64BitPrintEPSInfo (
if (Option >= SHOW_NORMAL) {
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_64_BIT_ENTRY_POINT_SIGN), gShellDebug1HiiHandle);
MemToString (Anchor, SmbiosTable->AnchorString, 5);
MemToString (Anchor, SmbiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING_LENGTH);
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ANCHOR_STR), gShellDebug1HiiHandle, Anchor);
ShellPrintHiiEx (

9
ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c
View File

@ -3,6 +3,7 @@
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2023 Apple Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@ -263,7 +264,7 @@ SMBiosView (
return EFI_BAD_BUFFER_SIZE;
}
if (CompareMem (SMBiosTable->AnchorString, "_SM_", 4) == 0) {
if (CompareMem (SMBiosTable->AnchorString, SMBIOS_ANCHOR_STRING, SMBIOS_ANCHOR_STRING_LENGTH) == 0) {
//
// Have got SMBIOS table
//
@ -441,7 +442,7 @@ SMBios64View (
return EFI_BAD_BUFFER_SIZE;
}
if (CompareMem (SMBiosTable->AnchorString, "_SM3_", 5) == 0) {
if (CompareMem (SMBiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING, SMBIOS_3_0_ANCHOR_STRING_LENGTH) == 0) {
//
// Have got SMBIOS table
//
@ -612,7 +613,7 @@ InitSmbiosTableStatistics (
return EFI_NOT_FOUND;
}
if (CompareMem (SMBiosTable->AnchorString, "_SM_", 4) != 0) {
if (CompareMem (SMBiosTable->AnchorString, SMBIOS_ANCHOR_STRING, SMBIOS_ANCHOR_STRING_LENGTH) != 0) {
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_SMBIOSVIEW_SMBIOS_TABLE), gShellDebug1HiiHandle);
return EFI_INVALID_PARAMETER;
}
@ -753,7 +754,7 @@ InitSmbios64BitTableStatistics (
return EFI_NOT_FOUND;
}
if (CompareMem (SMBiosTable->AnchorString, "_SM3_", 5) != 0) {
if (CompareMem (SMBiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING, SMBIOS_3_0_ANCHOR_STRING_LENGTH) != 0) {
ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_SMBIOSVIEW_SMBIOS_TABLE), gShellDebug1HiiHandle);
return EFI_INVALID_PARAMETER;
}