MdePkg/BaseLib: Avoid reading content beyond string boundary

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=705

As mentioned in the above Bugzilla link by Steven, within the function
PathCleanUpDirectories(), when executing command:
"cd ."

under Shell, the input parameter 'Path' string will have string length
less than 2. Hence, it is possible for the below statement:
"if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {"

to read contents before the string boundary.

This commit adds additional checks to avoid this.

Cc: Steven Shi <steven.shi@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/MdePkg/Library/BaseLib/FilePaths.c b/MdePkg/Library/BaseLib/FilePaths.c
index 203045ccdc..d6f3758ecb 100644
--- a/MdePkg/Library/BaseLib/FilePaths.c
+++ b/MdePkg/Library/BaseLib/FilePaths.c
@@ -1,7 +1,7 @@
 /** @file

   Defines file-path manipulation functions.

 

-  Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>

   This program and the accompanying materials

   are licensed and made available under the terms and conditions of the BSD License

   which accompanies this distribution.  The full text of the license may be found at

@@ -91,7 +91,7 @@ PathCleanUpDirectories(
   while ((TempString = StrStr (Path, L"\\.\\")) != NULL) {

     CopyMem (TempString, TempString + 2, StrSize (TempString + 2));

   }

-  if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {

+  if ((StrLen (Path) >= 2) && (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0)) {

     Path[StrLen (Path) - 1] = CHAR_NULL;

   }