tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

ShellPkg/UefiShellLib: Prevent out-of-bounds access

Browse Source 
If InternalShellStrHexToUint64() is passed a string that starts with 'X'
or 'x' it would try to read the byte before the start of the string
buffer.

Instead check if leading zeroes have been consumed.

Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
This commit is contained in:
Tormod Volden 2024-07-23 23:23:20 +02:00 committed by mergify[bot]
parent 7936ffa1e6
commit ef3a1ef397
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ShellPkg/Library/UefiShellLib/UefiShellLib.c
View File

@ -4009,7 +4009,8 @@ InternalShellStrHexToUint64 (
IN CONST BOOLEAN StopAtSpace
)
{
UINT64 Result;
UINT64 Result;
BOOLEAN LeadingZero;
if ((String == NULL) || (StrSize (String) == 0) || (Value == NULL)) {
return (EFI_INVALID_PARAMETER);
@ -4025,12 +4026,14 @@ InternalShellStrHexToUint64 (
//
// Ignore leading Zeros after the spaces
//
LeadingZero = FALSE;
while (*String == L'0') {
String++;
LeadingZero = TRUE;
}
if (CharToUpper (*String) == L'X') {
if (*(String - 1) != L'0') {
if (!LeadingZero) {
return 0;
}