add more user input verification to connect and vol commands.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11458 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
jcarsey 2011-03-30 16:36:42 +00:00
parent 16751bb43d
commit 6b825919f1
2 changed files with 26 additions and 2 deletions

View File

@ -348,6 +348,9 @@ ShellCommandRunConnect (
} else if (Param2 != NULL && Handle2 == NULL) {
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_INV_HANDLE), gShellDriver1HiiHandle, Param2);
ShellStatus = SHELL_INVALID_PARAMETER;
} else if (Handle2 != NULL && Handle1 != NULL && EFI_ERROR(gBS->OpenProtocol(Handle2, &gEfiDriverBindingProtocolGuid, NULL, gImageHandle, NULL, EFI_OPEN_PROTOCOL_TEST_PROTOCOL))) {
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_INV_HANDLE), gShellDriver1HiiHandle, Param2);
ShellStatus = SHELL_INVALID_PARAMETER;
} else {
Status = ConvertAndConnectControllers(Handle1, Handle2, ShellCommandLineGetFlag(Package, L"-r"), (BOOLEAN)(Count!=0));
if (EFI_ERROR(Status)) {

View File

@ -44,6 +44,28 @@ HandleVol(
ShellStatus = SHELL_SUCCESS;
if (
StrStr(Name, L"%") != NULL ||
StrStr(Name, L"^") != NULL ||
StrStr(Name, L"*") != NULL ||
StrStr(Name, L"+") != NULL ||
StrStr(Name, L"=") != NULL ||
StrStr(Name, L"[") != NULL ||
StrStr(Name, L"]") != NULL ||
StrStr(Name, L"|") != NULL ||
StrStr(Name, L":") != NULL ||
StrStr(Name, L";") != NULL ||
StrStr(Name, L"\"") != NULL ||
StrStr(Name, L"<") != NULL ||
StrStr(Name, L">") != NULL ||
StrStr(Name, L"?") != NULL ||
StrStr(Name, L"/") != NULL ||
StrStr(Name, L" ") != NULL
){
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_PROBLEM), gShellLevel2HiiHandle, Name);
return (SHELL_INVALID_PARAMETER);
}
Status = gEfiShellProtocol->OpenFileByName(
Path,
&ShellFileHandle,
@ -51,8 +73,7 @@ HandleVol(
if (EFI_ERROR(Status) || ShellFileHandle == NULL) {
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_FILE_OPEN_FAIL), gShellLevel2HiiHandle, Path);
ShellStatus = SHELL_ACCESS_DENIED;
return (ShellStatus);
return (SHELL_ACCESS_DENIED);
}
//