FatPkg EnhancedFatDxe: Use safe string functions

Unsafe string functions are replaced with safe ones.

Safe string functions will assert if DestMax is not greater than
StrnLenS(Source, DestMax). Therefore, additional assert for checking the
size of source and destination buffers can be removed.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

(based on FatPkg commit 2cb92b4f19b096daf133d6501afa13e5a85062c5)

[jordan.l.justen@intel.com: Use script to relicense to 2-clause BSD]
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Acked-by: Mark Doran <mark.doran@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>

FatPkg/EnhancedFatDxe/DirectoryManage.c

@@ -1,6 +1,6 @@
 /*++
 
-Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials are licensed and made available
 under the terms and conditions of the BSD License which accompanies this
 distribution. The full text of the license may be found at
@@ -116,7 +116,15 @@ Returns:
     // Write LFN directory entry
     //
     SetMem (LfnBuffer, sizeof (CHAR16) * LFN_CHAR_TOTAL * EntryCount, 0xff);
-    StrCpy (LfnBuffer, DirEnt->FileString);
+    Status = StrCpyS (
+               LfnBuffer,
+               sizeof (LfnBuffer) / sizeof (LfnBuffer[0]),
+               DirEnt->FileString
+               );
+    if (EFI_ERROR (Status)) {
+      return Status;
+    }
+
     LfnBufferPointer    = LfnBuffer;
     LfnEntry.Attributes = FAT_ATTRIBUTE_LFN;
     LfnEntry.Type       = 0;
@@ -349,7 +357,11 @@ Returns:
     // Fail to get the long file name from long file name entry,
     // get the file name from short name
     //
-    FatGetFileNameViaCaseFlag (DirEnt, LfnBuffer);
+    FatGetFileNameViaCaseFlag (
+      DirEnt,
+      LfnBuffer,
+      sizeof (LfnBuffer) / sizeof (LfnBuffer[0])
+      );
   }
 
   DirEnt->FileString = AllocateCopyPool (StrSize (LfnBuffer), LfnBuffer);

FatPkg/EnhancedFatDxe/Fat.h

@@ -1241,8 +1241,9 @@ FatSetCaseFlag (
 
 VOID
 FatGetFileNameViaCaseFlag (
-  IN  FAT_DIRENT        *DirEnt,
-  OUT CHAR16            *FileString
+  IN     FAT_DIRENT     *DirEnt,
+  IN OUT CHAR16         *FileString,
+  IN     UINTN          FileStringMax
   );
 
 UINT8

FatPkg/EnhancedFatDxe/FileName.c

@@ -1,6 +1,6 @@
 /*++
 
-Copyright (c) 2005 - 2007, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials are licensed and made available
 under the terms and conditions of the BSD License which accompanies this
 distribution. The full text of the license may be found at
@@ -302,7 +302,6 @@ Returns:
   CHAR16  Buffer[FAT_MAIN_NAME_LEN + 1 + FAT_EXTEND_NAME_LEN + 1];
   UINT8   OutCaseFlag;
 
-  ASSERT (StrSize (Str) <= sizeof (Buffer));
   //
   // Assume the case of input string is mixed
   //
@@ -311,7 +310,7 @@ Returns:
   // Lower case a copy of the string, if it matches the
   // original then the string is lower case
   //
-  StrCpy (Buffer, Str);
+  StrCpyS (Buffer, sizeof (Buffer) / sizeof (Buffer[0]), Str);
   FatStrLwr (Buffer);
   if (StrCmp (Str, Buffer) == 0) {
     OutCaseFlag = InCaseFlag;
@@ -320,7 +319,7 @@ Returns:
   // Upper case a copy of the string, if it matches the
   // original then the string is upper case
   //
-  StrCpy (Buffer, Str);
+  StrCpyS (Buffer, sizeof (Buffer) / sizeof (Buffer[0]), Str);
   FatStrUpr (Buffer);
   if (StrCmp (Str, Buffer) == 0) {
     OutCaseFlag = 0;
@@ -392,8 +391,9 @@ Returns:
 
 VOID
 FatGetFileNameViaCaseFlag (
-  IN  FAT_DIRENT    *DirEnt,
-  OUT CHAR16        *FileString
+  IN     FAT_DIRENT   *DirEnt,
+  IN OUT CHAR16       *FileString,
+  IN     UINTN        FileStringMax
   )
 /*++
 
@@ -425,7 +425,7 @@ Returns:
   FatNameToStr (File8Dot3Name + FAT_MAIN_NAME_LEN, FAT_EXTEND_NAME_LEN, CaseFlag & FAT_CASE_EXT_LOWER, &TempExt[1]);
   if (TempExt[1] != 0) {
     TempExt[0] = L'.';
-    StrCat (FileString, TempExt);
+    StrCatS (FileString, FileStringMax, TempExt);
   }
 }
 

FatPkg/EnhancedFatDxe/Hash.c

@@ -1,6 +1,6 @@
 /*++
 
-Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials are licensed and made available
 under the terms and conditions of the BSD License which accompanies this
 distribution. The full text of the license may be found at
@@ -47,8 +47,12 @@ Returns:
 {
   UINT32  HashValue;
   CHAR16  UpCasedLongFileName[EFI_PATH_STRING_LENGTH];
-  StrnCpy (UpCasedLongFileName, LongNameString, EFI_PATH_STRING_LENGTH - 1);
-  UpCasedLongFileName[EFI_PATH_STRING_LENGTH - 1] = L'\0';
+  StrnCpyS (
+    UpCasedLongFileName,
+    sizeof (UpCasedLongFileName) / sizeof (UpCasedLongFileName[0]),
+    LongNameString,
+    sizeof (UpCasedLongFileName) / sizeof (UpCasedLongFileName[0]) - 1
+    );
   FatStrUpr (UpCasedLongFileName);
   gBS->CalculateCrc32 (UpCasedLongFileName, StrSize (UpCasedLongFileName), &HashValue);
   return (HashValue & HASH_TABLE_MASK);