tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-07 19:45:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use StrnCat instead of StrCat to avoid target buffer overflow.

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Eric Dong <Eric.Dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15797 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Jeff Fan 2014-08-14 02:00:11 +00:00 committed by vanjeff
parent 74a6d86079
commit a1360fa3de
2 changed files with 12 additions and 7 deletions
IntelFrameworkModulePkg/Universal/BdsDxe
DeviceMngr
DeviceManager.c
MemoryTest.c

8
IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c

@ -1,7 +1,7 @@
/** @file
The platform device manager reference implementation
Copyright (c) 2004 - 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -1260,6 +1260,7 @@ CallDriverHealth (
LIST_ENTRY *Link;
EFI_DEVICE_PATH_PROTOCOL *DriverDevicePath;
BOOLEAN RebootRequired;
UINTN StringSize;
Index = 0;
DriverHealthInfo = NULL;
@ -1341,7 +1342,8 @@ CallDriverHealth (
//
// Assume no line strings is longer than 512 bytes.
//
String = (EFI_STRING) AllocateZeroPool (0x200);
StringSize = 0x200;
String = (EFI_STRING) AllocateZeroPool (StringSize);
ASSERT (String != NULL);
Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle, &DriverName);
@ -1410,7 +1412,7 @@ CallDriverHealth (
}
ASSERT (TmpString != NULL);
StrCat (String, TmpString);
StrnCat (String, TmpString, StringSize / sizeof (CHAR16) - StrLen (String) - 1);
FreePool (TmpString);
Token = HiiSetString (HiiHandle, 0, String, NULL);

11
IntelFrameworkModulePkg/Universal/BdsDxe/MemoryTest.c

@ -1,7 +1,7 @@
/** @file
Perform the platform memory test
Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -230,11 +230,13 @@ BdsMemoryTest (
EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color;
BOOLEAN IsFirstBoot;
UINT32 TempData;
UINTN StrTotalMemorySize;
ReturnStatus = EFI_SUCCESS;
ZeroMem (&Key, sizeof (EFI_INPUT_KEY));
Pos = AllocatePool (128);
StrTotalMemorySize = 128;
Pos = AllocateZeroPool (StrTotalMemorySize);
if (Pos == NULL) {
return ReturnStatus;
@ -322,7 +324,7 @@ BdsMemoryTest (
//
// TmpStr size is 64, StrPercent is reserved to 16.
//
StrCat (StrPercent, TmpStr);
StrnCat (StrPercent, TmpStr, sizeof (StrPercent) / sizeof (CHAR16) - StrLen (StrPercent) - 1);
PrintXY (10, 10, NULL, NULL, StrPercent);
FreePool (TmpStr);
}
@ -382,11 +384,12 @@ Done:
UnicodeValueToString (StrTotalMemory, COMMA_TYPE, TotalMemorySize, 0);
if (StrTotalMemory[0] == L',') {
StrTotalMemory++;
StrTotalMemorySize -= sizeof (CHAR16);
}
TmpStr = GetStringById (STRING_TOKEN (STR_MEM_TEST_COMPLETED));
if (TmpStr != NULL) {
StrCat (StrTotalMemory, TmpStr);
StrnCat (StrTotalMemory, TmpStr, StrTotalMemorySize / sizeof (CHAR16) - StrLen (StrTotalMemory) - 1);
FreePool (TmpStr);
}