From 938cf4b9bd91167e4de637de3c1e7fa449e9de94 Mon Sep 17 00:00:00 2001
From: Hao Wu <hao.a.wu@intel.com>
Date: Mon, 18 Dec 2017 08:57:27 +0800
Subject: [PATCH] BaseTools/C/Common: Add/refine boundary checks for
 strcpy/strcat calls

Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
 BaseTools/Source/C/Common/CommonLib.c      | 24 +++++++++++++++-------
 BaseTools/Source/C/Common/EfiUtilityMsgs.c |  9 +++-----
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/BaseTools/Source/C/Common/CommonLib.c b/BaseTools/Source/C/Common/CommonLib.c
index 2f0aecf252..4a62bec85e 100644
--- a/BaseTools/Source/C/Common/CommonLib.c
+++ b/BaseTools/Source/C/Common/CommonLib.c
@@ -1,7 +1,7 @@
 /** @file
 Common basic Library Functions
 
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials                          
 are licensed and made available under the terms and conditions of the BSD License         
 which accompanies this distribution.  The full text of the license may be found at        
@@ -638,12 +638,22 @@ Returns:
       //
       RootPath = getcwd (NULL, 0);
       if (RootPath != NULL) {
-        strcat (mCommonLibFullPath, RootPath);
+        if (strlen (mCommonLibFullPath) + strlen (RootPath) > MAX_LONG_FILE_PATH - 1) {
+          Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
+          free (RootPath);
+          return NULL;
+        }
+        strncat (mCommonLibFullPath, RootPath, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
         if (FileName[0] != '\\' && FileName[0] != '/') {
+          if (strlen (mCommonLibFullPath) + 1 > MAX_LONG_FILE_PATH - 1) {
+            Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!");
+            free (RootPath);
+            return NULL;
+          }
           //
           // Attach directory separator
           //
-          strcat (mCommonLibFullPath, "\\");
+          strncat (mCommonLibFullPath, "\\", MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
         }
         free (RootPath);
       }
@@ -673,7 +683,7 @@ Returns:
     //
     if ((PathPointer = strstr (mCommonLibFullPath, ":\\\\")) != NULL) {
       *(PathPointer + 2) = '\0';
-      strcat (mCommonLibFullPath, PathPointer + 3);
+      strncat (mCommonLibFullPath, PathPointer + 3, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
     }
     
     //
@@ -681,7 +691,7 @@ Returns:
     //
     while ((PathPointer = strstr (mCommonLibFullPath, ".\\")) != NULL) {
       *PathPointer = '\0';
-      strcat (mCommonLibFullPath, PathPointer + 2);
+      strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
     }
         
     //
@@ -689,7 +699,7 @@ Returns:
     //
     while ((PathPointer = strstr (mCommonLibFullPath, "\\.\\")) != NULL) {
       *PathPointer = '\0';
-      strcat (mCommonLibFullPath, PathPointer + 2);
+      strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
     }
 
     //
@@ -706,7 +716,7 @@ Returns:
         // Skip one directory
         //
         *PathPointer = '\0';
-        strcat (mCommonLibFullPath, NextPointer);
+        strncat (mCommonLibFullPath, NextPointer, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1);
       } else {
         //
         // No directory is found. Just break.
diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
index 7b4c2310ca..5496a439e2 100644
--- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c
+++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
@@ -1,7 +1,7 @@
 /** @file
 EFI tools utility functions to display warning, error, and informational messages
 
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -608,12 +608,9 @@ Returns:
   if (UtilityName != NULL) {
     if (strlen (UtilityName) >= sizeof (mUtilityName)) {
       Error (UtilityName, 0, 0, "application error", "utility name length exceeds internal buffer size");
-      strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
-      mUtilityName[sizeof (mUtilityName) - 1] = 0;
-      return ;
-    } else {
-      strcpy (mUtilityName, UtilityName);
     }
+    strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1);
+    mUtilityName[sizeof (mUtilityName) - 1] = 0;
   } else {
     Error (NULL, 0, 0, "application error", "SetUtilityName() called with NULL utility name");
   }