tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 16:14:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

MdePkg/BaseLib: Avoid reading content beyond string boundary

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=705

As mentioned in the above Bugzilla link by Steven, within the function
PathCleanUpDirectories(), when executing command:
"cd ."

under Shell, the input parameter 'Path' string will have string length
less than 2. Hence, it is possible for the below statement:
"if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {"

to read contents before the string boundary.

This commit adds additional checks to avoid this.

Cc: Steven Shi <steven.shi@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
This commit is contained in:
Hao Wu 2017-09-19 11:01:56 +08:00
parent 8c3e4688e0
commit 9fdf31789a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MdePkg/Library/BaseLib/FilePaths.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Defines file-path manipulation functions. Defines file-path manipulation functions.
Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -91,7 +91,7 @@ PathCleanUpDirectories(
while ((TempString = StrStr (Path, L"\\.\\")) != NULL) { while ((TempString = StrStr (Path, L"\\.\\")) != NULL) {
CopyMem (TempString, TempString + 2, StrSize (TempString + 2)); CopyMem (TempString, TempString + 2, StrSize (TempString + 2));
} }
if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) { if ((StrLen (Path) >= 2) && (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0)) {
Path[StrLen (Path) - 1] = CHAR_NULL; Path[StrLen (Path) - 1] = CHAR_NULL;
} }