tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allocate exact memory size for string buffer to avoid buffer overflow. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15863 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Qiu Shumin 2014-08-21 05:35:25 +00:00 committed by shenshushi
parent acbd7f9f17
commit 231ea883ed
1 changed files with 40 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
View File

@ -1260,11 +1260,13 @@ CallDriverHealth (
LIST_ENTRY *Link; LIST_ENTRY *Link;
EFI_DEVICE_PATH_PROTOCOL *DriverDevicePath; EFI_DEVICE_PATH_PROTOCOL *DriverDevicePath;
BOOLEAN RebootRequired; BOOLEAN RebootRequired;
BOOLEAN IsControllerNameEmpty;
UINTN StringSize; UINTN StringSize;
Index = 0; Index = 0;
DriverHealthInfo = NULL; DriverHealthInfo = NULL;
DriverDevicePath = NULL; DriverDevicePath = NULL;
IsControllerNameEmpty = FALSE;
InitializeListHead (&DriverHealthList); InitializeListHead (&DriverHealthList);
HiiHandle = gDeviceManagerPrivate.DriverHealthHiiHandle; HiiHandle = gDeviceManagerPrivate.DriverHealthHiiHandle;
@ -1337,14 +1339,7 @@ CallDriverHealth (
Link = GetFirstNode (&DriverHealthList); Link = GetFirstNode (&DriverHealthList);
while (!IsNull (&DriverHealthList, Link)) { while (!IsNull (&DriverHealthList, Link)) {
DriverHealthInfo = DEVICE_MANAGER_HEALTH_INFO_FROM_LINK (Link); DriverHealthInfo = DEVICE_MANAGER_HEALTH_INFO_FROM_LINK (Link);
//
// Assume no line strings is longer than 512 bytes.
//
StringSize = 0x200;
String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL);
Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle, &DriverName); Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle, &DriverName);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
@ -1354,11 +1349,7 @@ CallDriverHealth (
DriverDevicePath = DevicePathFromHandle (DriverHealthInfo->DriverHandle); DriverDevicePath = DevicePathFromHandle (DriverHealthInfo->DriverHandle);
DriverName = DevicePathToStr (DriverDevicePath); DriverName = DevicePathToStr (DriverDevicePath);
} }
// StringSize = StrSize (DriverName);
// Add the Driver name & Controller name into FormSetTitle string
//
StrnCat (String, DriverName, StrLen (DriverName));
Status = DriverHealthGetControllerName ( Status = DriverHealthGetControllerName (
DriverHealthInfo->DriverHandle, DriverHealthInfo->DriverHandle,
@ -1368,23 +1359,39 @@ CallDriverHealth (
); );
if (!EFI_ERROR (Status)) { if (!EFI_ERROR (Status)) {
// IsControllerNameEmpty = FALSE;
// Can not get the Controller name, just let it empty. StringSize += StrLen (L" ") * sizeof(CHAR16);
// StringSize += StrLen (ControllerName) * sizeof(CHAR16);
StrnCat (String, L" ", StrLen (L" ")); } else {
StrnCat (String, ControllerName, StrLen (ControllerName)); IsControllerNameEmpty = TRUE;
} }
// //
// Add the message of the Module itself provided after the string item. // Add the message of the Module itself provided after the string item.
// //
if ((DriverHealthInfo->MessageList != NULL) && (DriverHealthInfo->MessageList->StringId != 0)) { if ((DriverHealthInfo->MessageList != NULL) && (DriverHealthInfo->MessageList->StringId != 0)) {
StrnCat (String, L" ", StrLen (L" "));
TmpString = HiiGetString ( TmpString = HiiGetString (
DriverHealthInfo->MessageList->HiiHandle, DriverHealthInfo->MessageList->HiiHandle,
DriverHealthInfo->MessageList->StringId, DriverHealthInfo->MessageList->StringId,
NULL NULL
); );
ASSERT (TmpString != NULL);
StringSize += StrLen (L" ") * sizeof(CHAR16);
StringSize += StrLen (TmpString) * sizeof(CHAR16);
String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL);
StrnCpy (String, DriverName, StringSize / sizeof(CHAR16));
if (!IsControllerNameEmpty) {
StrnCat (String, L" ", StringSize / sizeof(CHAR16) - StrLen(String) - 1);
StrnCat (String, ControllerName, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
}
StrnCat (String, L" ", StringSize / sizeof(CHAR16) - StrLen(String) - 1);
StrnCat (String, TmpString, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
} else { } else {
// //
// Update the string will be displayed base on the driver's health status // Update the string will be displayed base on the driver's health status
@ -1409,10 +1416,22 @@ CallDriverHealth (
TmpString = GetStringById (STRING_TOKEN (STR_DRIVER_HEALTH_HEALTHY)); TmpString = GetStringById (STRING_TOKEN (STR_DRIVER_HEALTH_HEALTHY));
break; break;
} }
ASSERT (TmpString != NULL);
StringSize += StrLen (TmpString) * sizeof(CHAR16);
String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL);
StrnCpy (String, DriverName, StringSize / sizeof(CHAR16));
if (!IsControllerNameEmpty) {
StrnCat (String, L" ", StringSize / sizeof(CHAR16) - StrLen(String) - 1);
StrnCat (String, ControllerName, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
}
StrnCat (String, TmpString, StringSize / sizeof(CHAR16) - StrLen(String) - 1);
} }
ASSERT (TmpString != NULL);
StrnCat (String, TmpString, StringSize / sizeof (CHAR16) - StrLen (String) - 1);
FreePool (TmpString); FreePool (TmpString);
Token = HiiSetString (HiiHandle, 0, String, NULL); Token = HiiSetString (HiiHandle, 0, String, NULL);