summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorQiu Shumin <shumin.qiu@intel.com>2015-05-11 01:44:35 +0000
committershenshushi <shenshushi@Edk2>2015-05-11 01:44:35 +0000
commitdb906063a71d8ddd90c2883d57bdea2c305fad6f (patch)
tree1552012177f583a83f3c4e7a7ea81ad6090dc746
parent1e834a6f30e755ff470c2b7bd4db97d9ee841ed0 (diff)
downloadedk2-db906063a71d8ddd90c2883d57bdea2c305fad6f.tar.gz
edk2-db906063a71d8ddd90c2883d57bdea2c305fad6f.tar.bz2
edk2-db906063a71d8ddd90c2883d57bdea2c305fad6f.zip
ShellPkg: Fix buffer overflow issue in 'map' command.
This patch replace 'StrnCat' with 'StrnCatS' to avoid the buffer overflow in 'map.c'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qiu Shumin <shumin.qiu@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17387 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r--ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c b/ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c
index 087daac54e..a41a5f1cf6 100644
--- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c
+++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c
@@ -2,7 +2,7 @@
Main file for map shell level 2 command.
(C) Copyright 2013-2015 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -224,6 +224,8 @@ MappingListHasType(
)
{
CHAR16 *NewSpecific;
+ RETURN_STATUS Status;
+
//
// specific has priority
//
@@ -233,7 +235,11 @@ MappingListHasType(
return FALSE;
}
if (NewSpecific[StrLen(NewSpecific)-1] != L':') {
- StrnCat(NewSpecific, L":", 2);
+ Status = StrnCatS(NewSpecific, (StrSize(Specific) + sizeof(CHAR16))/sizeof(CHAR16), L":", StrLen(L":"));
+ if (EFI_ERROR (Status)) {
+ FreePool(NewSpecific);
+ return FALSE;
+ }
}
if (SearchList(MapList, NewSpecific, NULL, TRUE, FALSE, L";")) {
@@ -875,13 +881,18 @@ AddMappingFromMapping(
CONST EFI_DEVICE_PATH_PROTOCOL *DevPath;
EFI_STATUS Status;
CHAR16 *NewSName;
+ RETURN_STATUS StrRetStatus;
NewSName = AllocateCopyPool(StrSize(SName) + sizeof(CHAR16), SName);
if (NewSName == NULL) {
return (SHELL_OUT_OF_RESOURCES);
}
if (NewSName[StrLen(NewSName)-1] != L':') {
- StrnCat(NewSName, L":", 2);
+ StrRetStatus = StrnCatS(NewSName, (StrSize(SName) + sizeof(CHAR16))/sizeof(CHAR16), L":", StrLen(L":"));
+ if (EFI_ERROR(StrRetStatus)) {
+ FreePool(NewSName);
+ return ((SHELL_STATUS) (StrRetStatus & (~MAX_BIT)));
+ }
}
if (!IsNumberLetterOnly(NewSName, StrLen(NewSName)-1)) {
@@ -927,13 +938,18 @@ AddMappingFromHandle(
EFI_DEVICE_PATH_PROTOCOL *DevPath;
EFI_STATUS Status;
CHAR16 *NewSName;
+ RETURN_STATUS StrRetStatus;
NewSName = AllocateCopyPool(StrSize(SName) + sizeof(CHAR16), SName);
if (NewSName == NULL) {
return (SHELL_OUT_OF_RESOURCES);
}
if (NewSName[StrLen(NewSName)-1] != L':') {
- StrnCat(NewSName, L":", 2);
+ StrRetStatus = StrnCatS(NewSName, (StrSize(SName) + sizeof(CHAR16))/sizeof(CHAR16), L":", StrLen(L":"));
+ if (EFI_ERROR(StrRetStatus)) {
+ FreePool(NewSName);
+ return ((SHELL_STATUS) (StrRetStatus & (~MAX_BIT)));
+ }
}
if (!IsNumberLetterOnly(NewSName, StrLen(NewSName)-1)) {