tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

IntelFrameworkModulePkg DeviceMngr: Potential read over memory boundary 

This commit will resolve the issue brought by r17738.

String = AllocateCopyPool (BufferLen, L"MAC:");

The above using of AllocateCopyPool() will read contents out of the scope
of the constant string. Potential risk for the constant string allocated
at the boundary of memory region.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17933 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Hao Wu 2015-07-13 01:24:00 +00:00 committed by hwu1225
parent 577870d560
commit 2673ffb356
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
View File

@ -374,12 +374,13 @@ GetMacAddressString(
// The size is the Number size + ":" size + Vlan size(\XXXX) + End
//
BufferLen = (4 + 2 * HwAddressSize + (HwAddressSize - 1) + 5 + 1) * sizeof (CHAR16);
String = AllocateCopyPool (BufferLen, L"MAC:");
String = AllocateZeroPool (BufferLen);
if (String == NULL) {
return FALSE;
}
*PBuffer = String;
StrCpyS (String, BufferLen / sizeof (CHAR16), L"MAC:");
String += 4;
//