tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls 

Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Hao Wu 2017-12-18 08:57:27 +08:00
parent f6401aedca
commit 938cf4b9bd
2 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
BaseTools/Source/C/Common/CommonLib.c
View File

@ -1,7 +1,7 @@
/** @file
Common basic Library Functions
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -638,12 +638,22 @@ Returns:
//
RootPath = getcwd (NULL, 0);
if (RootPath != NULL) {
strcat (mCommonLibFullPath, RootPath);
if (strlen (mCommonLibFullPath) + strlen (RootPath) > MAX_LONG_FILE_PATH - 1) {
Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
free (RootPath);
return NULL;
}
strncat (mCommonLibFullPath, RootPath, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
if (FileName[0] != '\\' && FileName[0] != '/') {
if (strlen (mCommonLibFullPath) + 1 > MAX_LONG_FILE_PATH - 1) {
Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
free (RootPath);
return NULL;
}
//
// Attach directory separator
//
strcat (mCommonLibFullPath, "\\");
strncat (mCommonLibFullPath, "\\", MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
free (RootPath);
}
@ -673,7 +683,7 @@ Returns:
//
if ((PathPointer = strstr (mCommonLibFullPath, ":\\\\")) != NULL) {
*(PathPointer + 2) = '\0';
strcat (mCommonLibFullPath, PathPointer + 3);
strncat (mCommonLibFullPath, PathPointer + 3, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
//
@ -681,7 +691,7 @@ Returns:
//
while ((PathPointer = strstr (mCommonLibFullPath, ".\\")) != NULL) {
*PathPointer = '\0';
strcat (mCommonLibFullPath, PathPointer + 2);
strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
//
@ -689,7 +699,7 @@ Returns:
//
while ((PathPointer = strstr (mCommonLibFullPath, "\\.\\")) != NULL) {
*PathPointer = '\0';
strcat (mCommonLibFullPath, PathPointer + 2);
strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
}
//
@ -706,7 +716,7 @@ Returns:
// Skip one directory
//
*PathPointer = '\0';
strcat (mCommonLibFullPath, NextPointer);
strncat (mCommonLibFullPath, NextPointer, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
} else {
//
// No directory is found. Just break.

9
BaseTools/Source/C/Common/EfiUtilityMsgs.c
View File

@ -1,7 +1,7 @@
/** @file
EFI tools utility functions to display warning, error, and informational messages
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -608,12 +608,9 @@ Returns:
if (UtilityName != NULL) {
if (strlen (UtilityName) >= sizeof (mUtilityName)) {
Error (UtilityName, 0, 0, "application error", "utility name length exceeds internal buffer size");
strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
mUtilityName[sizeof (mUtilityName) - 1] = 0;
return ;
} else {
strcpy (mUtilityName, UtilityName);
}
strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
mUtilityName[sizeof (mUtilityName) - 1] = 0;
} else {
Error (NULL, 0, 0, "application error", "SetUtilityName() called with NULL utility name");
}