mirror of https://github.com/acidanthera/audk.git
MdeModulePkg/String.c: Zero memory before free (CVE-2019-14558)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1611 Cc: Liming Gao <liming.gao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
parent
c32be82e99
commit
764e8ba138
|
@ -2,7 +2,7 @@
|
||||||
Implementation for EFI_HII_STRING_PROTOCOL.
|
Implementation for EFI_HII_STRING_PROTOCOL.
|
||||||
|
|
||||||
|
|
||||||
Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2007 - 2020, Intel Corporation. All rights reserved.<BR>
|
||||||
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@ -1006,6 +1006,7 @@ SetStringWorker (
|
||||||
TmpSize
|
TmpSize
|
||||||
);
|
);
|
||||||
|
|
||||||
|
ZeroMem (StringPackage->StringBlock, OldBlockSize);
|
||||||
FreePool (StringPackage->StringBlock);
|
FreePool (StringPackage->StringBlock);
|
||||||
StringPackage->StringBlock = Block;
|
StringPackage->StringBlock = Block;
|
||||||
StringPackage->StringPkgHdr->Header.Length += (UINT32) (BlockSize - OldBlockSize);
|
StringPackage->StringPkgHdr->Header.Length += (UINT32) (BlockSize - OldBlockSize);
|
||||||
|
@ -1039,6 +1040,7 @@ SetStringWorker (
|
||||||
OldBlockSize - (StringTextPtr - StringPackage->StringBlock) - StringSize
|
OldBlockSize - (StringTextPtr - StringPackage->StringBlock) - StringSize
|
||||||
);
|
);
|
||||||
|
|
||||||
|
ZeroMem (StringPackage->StringBlock, OldBlockSize);
|
||||||
FreePool (StringPackage->StringBlock);
|
FreePool (StringPackage->StringBlock);
|
||||||
StringPackage->StringBlock = Block;
|
StringPackage->StringBlock = Block;
|
||||||
StringPackage->StringPkgHdr->Header.Length += (UINT32) (BlockSize - OldBlockSize);
|
StringPackage->StringPkgHdr->Header.Length += (UINT32) (BlockSize - OldBlockSize);
|
||||||
|
@ -1090,6 +1092,7 @@ SetStringWorker (
|
||||||
|
|
||||||
CopyMem (BlockPtr, StringPackage->StringBlock, OldBlockSize);
|
CopyMem (BlockPtr, StringPackage->StringBlock, OldBlockSize);
|
||||||
|
|
||||||
|
ZeroMem (StringPackage->StringBlock, OldBlockSize);
|
||||||
FreePool (StringPackage->StringBlock);
|
FreePool (StringPackage->StringBlock);
|
||||||
StringPackage->StringBlock = Block;
|
StringPackage->StringBlock = Block;
|
||||||
StringPackage->StringPkgHdr->Header.Length += Ext2.Length;
|
StringPackage->StringPkgHdr->Header.Length += Ext2.Length;
|
||||||
|
@ -1275,6 +1278,7 @@ HiiNewString (
|
||||||
// Append a EFI_HII_SIBT_END block to the end.
|
// Append a EFI_HII_SIBT_END block to the end.
|
||||||
//
|
//
|
||||||
*BlockPtr = EFI_HII_SIBT_END;
|
*BlockPtr = EFI_HII_SIBT_END;
|
||||||
|
ZeroMem (StringPackage->StringBlock, OldBlockSize);
|
||||||
FreePool (StringPackage->StringBlock);
|
FreePool (StringPackage->StringBlock);
|
||||||
StringPackage->StringBlock = StringBlock;
|
StringPackage->StringBlock = StringBlock;
|
||||||
StringPackage->StringPkgHdr->Header.Length += Ucs2BlockSize;
|
StringPackage->StringPkgHdr->Header.Length += Ucs2BlockSize;
|
||||||
|
@ -1406,6 +1410,7 @@ HiiNewString (
|
||||||
// Append a EFI_HII_SIBT_END block to the end.
|
// Append a EFI_HII_SIBT_END block to the end.
|
||||||
//
|
//
|
||||||
*BlockPtr = EFI_HII_SIBT_END;
|
*BlockPtr = EFI_HII_SIBT_END;
|
||||||
|
ZeroMem (StringPackage->StringBlock, OldBlockSize);
|
||||||
FreePool (StringPackage->StringBlock);
|
FreePool (StringPackage->StringBlock);
|
||||||
StringPackage->StringBlock = StringBlock;
|
StringPackage->StringBlock = StringBlock;
|
||||||
StringPackage->StringPkgHdr->Header.Length += Ucs2BlockSize;
|
StringPackage->StringPkgHdr->Header.Length += Ucs2BlockSize;
|
||||||
|
@ -1448,6 +1453,7 @@ HiiNewString (
|
||||||
// Append a EFI_HII_SIBT_END block to the end.
|
// Append a EFI_HII_SIBT_END block to the end.
|
||||||
//
|
//
|
||||||
*BlockPtr = EFI_HII_SIBT_END;
|
*BlockPtr = EFI_HII_SIBT_END;
|
||||||
|
ZeroMem (StringPackage->StringBlock, OldBlockSize);
|
||||||
FreePool (StringPackage->StringBlock);
|
FreePool (StringPackage->StringBlock);
|
||||||
StringPackage->StringBlock = StringBlock;
|
StringPackage->StringBlock = StringBlock;
|
||||||
StringPackage->StringPkgHdr->Header.Length += Ucs2FontBlockSize;
|
StringPackage->StringPkgHdr->Header.Length += Ucs2FontBlockSize;
|
||||||
|
@ -1509,6 +1515,7 @@ HiiNewString (
|
||||||
// Append a EFI_HII_SIBT_END block to the end.
|
// Append a EFI_HII_SIBT_END block to the end.
|
||||||
//
|
//
|
||||||
*BlockPtr = EFI_HII_SIBT_END;
|
*BlockPtr = EFI_HII_SIBT_END;
|
||||||
|
ZeroMem (StringPackage->StringBlock, OldBlockSize);
|
||||||
FreePool (StringPackage->StringBlock);
|
FreePool (StringPackage->StringBlock);
|
||||||
StringPackage->StringBlock = StringBlock;
|
StringPackage->StringBlock = StringBlock;
|
||||||
StringPackage->StringPkgHdr->Header.Length += FontBlockSize + Ucs2FontBlockSize;
|
StringPackage->StringPkgHdr->Header.Length += FontBlockSize + Ucs2FontBlockSize;
|
||||||
|
|
Loading…
Reference in New Issue