MdePkg/BaseLib: Avoid reading content beyond string boundary

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=705 As mentioned in the above Bugzilla link by Steven, within the function PathCleanUpDirectories(), when executing command: "cd ." under Shell, the input parameter 'Path' string will have string length less than 2. Hence, it is possible for the below statement: "if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {" to read contents before the string boundary. This commit adds additional checks to avoid this. Cc: Steven Shi <steven.shi@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2017-09-19 11:01:56 +08:00 · 2017-09-19 11:01:56 +08:00 · 9fdf31789a
parent 8c3e4688e0
commit 9fdf31789a
1 changed files with 2 additions and 2 deletions
--- a/MdePkg/Library/BaseLib/FilePaths.c
+++ b/MdePkg/Library/BaseLib/FilePaths.c
@ -1,7 +1,7 @@
 /** @file
  Defines file-path manipulation functions.

-  Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
@ -91,7 +91,7 @@ PathCleanUpDirectories(
  while ((TempString = StrStr (Path, L"\\.\\")) != NULL) {
    CopyMem (TempString, TempString + 2, StrSize (TempString + 2));
  }
-  if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {
+  if ((StrLen (Path) >= 2) && (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0)) {
    Path[StrLen (Path) - 1] = CHAR_NULL;
  }