tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

BaseTools/GenFv: Add/refine boundary checks for strcpy/strcat calls

Browse Source 
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Hao Wu 2017-12-18 09:18:58 +08:00
parent 1bdd9465c1
commit fc42d0e890
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
BaseTools/Source/C/GenFv/GenFvInternalLib.c
View File

@ -824,7 +824,11 @@ Returns:
//
// Construct Map file Name
//
strcpy (PeMapFileName, FileName);
if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
return EFI_ABORTED;
}
strncpy (PeMapFileName, FileName, MAX_LONG_FILE_PATH - 1);
PeMapFileName[MAX_LONG_FILE_PATH - 1] = 0;
//
// Change '\\' to '/', unified path format.
@ -861,7 +865,11 @@ Returns:
Cptr --;
}
*Cptr2 = '\0';
strcpy (KeyWord, Cptr + 1);
if (strlen (Cptr + 1) >= MAX_LINE_LEN) {
return EFI_ABORTED;
}
strncpy (KeyWord, Cptr + 1, MAX_LINE_LEN - 1);
KeyWord[MAX_LINE_LEN - 1] = 0;
*Cptr2 = '.';
//
@ -3534,7 +3542,12 @@ Returns:
//
// Construct the original efi file Name
//
strcpy (PeFileName, FileName);
if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
return EFI_ABORTED;
}
strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') {
Cptr --;
@ -3789,7 +3802,12 @@ Returns:
//
// Construct the original efi file name
//
strcpy (PeFileName, FileName);
if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
return EFI_ABORTED;
}
strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') {
Cptr --;