tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdePkg: ensure SafeString length functions don't access beyond MaxSize 

The StrnLenS and AsciiStrnLenS functions, when presented with a string
with no terminating NULL in the first MaxSize characters will check
the character at String[MaxSize] before checking if Length < MaxSize.
(They return the correct value, but have accessed beyond the stated
limit in the process.)

Flip the order of the tests to prevent this behaviour.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17936 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Leif Lindholm 2015-07-13 11:35:28 +00:00 committed by lgao4
parent 6bc4e42f9d
commit 2ad9cf37a4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MdePkg/Library/BaseLib/SafeString.c
View File

@ -141,7 +141,7 @@ StrnLenS (
// String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
// be accessed by StrnLenS.
//
for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
;
}
return Length;
@ -551,7 +551,7 @@ AsciiStrnLenS (
// String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
// be accessed by AsciiStrnLenS.
//
for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
;
}
return Length;