tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls 

Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Hao Wu 2017-12-18 09:16:00 +08:00
parent 3e1497334e
commit 52e8c56838
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
BaseTools/Source/C/EfiRom/EfiRom.c
View File

@ -96,7 +96,13 @@ Returns:
//
if (!mOptions.OutFileName[0]) {
if (mOptions.FileList != NULL) {
strcpy (mOptions.OutFileName, mOptions.FileList->FileName);
if (strlen (mOptions.FileList->FileName) >= MAX_PATH) {
Status = STATUS_ERROR;
Error (NULL, 0, 2000, "Invalid parameter", "Input file name is too long - %s.", mOptions.FileList->FileName);
goto BailOut;
}
strncpy (mOptions.OutFileName, mOptions.FileList->FileName, MAX_PATH - 1);
mOptions.OutFileName[MAX_PATH - 1] = 0;
//
// Find the last . on the line and replace the filename extension with
// the default