tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allocate temp buffer to avoid potential change user input string buffer. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18238 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Eric Dong 2015-08-19 12:12:59 +00:00 committed by ydong10
parent 70119d2741
commit 9946c0a93e
1 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
View File

@ -2808,7 +2808,7 @@ EfiConfigKeywordHandlerSetData (
EFI_STATUS Status;
CHAR16 *StringPtr;
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
CHAR16 *NextStringPtr;
CHAR16 *NextStringPtr;
CHAR16 *KeywordData;
EFI_STRING_ID KeywordStringId;
UINT32 RetVal;
@ -2819,6 +2819,7 @@ EfiConfigKeywordHandlerSetData (
CHAR16 *ValueElement;
BOOLEAN ReadOnly;
EFI_STRING InternalProgress;
CHAR16 *TempString;
if (This == NULL || Progress == NULL || ProgressErr == NULL || KeywordString == NULL) {
return EFI_INVALID_PARAMETER;
@ -2827,7 +2828,6 @@ EfiConfigKeywordHandlerSetData (
*Progress = KeywordString;
*ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR;
Status = EFI_SUCCESS;
StringPtr = KeywordString;
MultiConfigResp = NULL;
NameSpace = NULL;
DevicePath = NULL;
@ -2836,6 +2836,13 @@ EfiConfigKeywordHandlerSetData (
ConfigResp = NULL;
KeywordStringId = 0;
//
// Use temp string to avoid changing input string buffer.
//
TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
ASSERT (TempString != NULL);
StringPtr = TempString;
while ((StringPtr != NULL) && (*StringPtr != L'\0')) {
//
// 1. Get NameSpace from NameSpaceId keyword.
@ -2962,6 +2969,8 @@ EfiConfigKeywordHandlerSetData (
*ProgressErr = KEYWORD_HANDLER_NO_ERROR;
Done:
ASSERT (TempString != NULL);
FreePool (TempString);
if (NameSpace != NULL) {
FreePool (NameSpace);
}
@ -3078,6 +3087,7 @@ EfiConfigKeywordHandlerGetData (
BOOLEAN ReadOnly;
CHAR16 *KeywordResp;
CHAR16 *MultiKeywordResp;
CHAR16 *TempString;
if (This == NULL || Progress == NULL || ProgressErr == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
@ -3093,18 +3103,35 @@ EfiConfigKeywordHandlerGetData (
ReadOnly = FALSE;
MultiKeywordResp = NULL;
KeywordStringId = 0;
TempString = NULL;
//
// Use temp string to avoid changing input string buffer.
//
if (NameSpaceId != NULL) {
TempString = AllocateCopyPool (StrSize (NameSpaceId), NameSpaceId);
ASSERT (TempString != NULL);
}
//
// 1. Get NameSpace from NameSpaceId keyword.
//
Status = ExtractNameSpace (NameSpaceId, &NameSpace, NULL);
Status = ExtractNameSpace (TempString, &NameSpace, NULL);
if (TempString != NULL) {
FreePool (TempString);
TempString = NULL;
}
if (EFI_ERROR (Status)) {
*ProgressErr = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND;
return Status;
}
if (KeywordString != NULL) {
StringPtr = KeywordString;
//
// Use temp string to avoid changing input string buffer.
//
TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
ASSERT (TempString != NULL);
StringPtr = TempString;
while (*StringPtr != L'\0') {
//
@ -3225,6 +3252,9 @@ EfiConfigKeywordHandlerGetData (
*ProgressErr = KEYWORD_HANDLER_NO_ERROR;
Done:
if (TempString != NULL) {
FreePool (TempString);
}
if (NameSpace != NULL) {
FreePool (NameSpace);
}