diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2017-09-19 10:22:21 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2017-09-21 14:06:06 +0800 |
| commit | 8c3e4688e0d8e6c218a98855d98976ce46dbb29e (patch) | |
| tree | bcf35740f31be8f429fff65f214e362c903c2778 /ShellPkg/Application | |
| parent | 14dde9e903bb9a719ebb8f3381da72b19509bc36 (diff) | |
| download | edk2-8c3e4688e0d8e6c218a98855d98976ce46dbb29e.tar.gz edk2-8c3e4688e0d8e6c218a98855d98976ce46dbb29e.tar.bz2 edk2-8c3e4688e0d8e6c218a98855d98976ce46dbb29e.zip | |
ShellPkg/Shell: Avoid reading content beyond string boundary
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=690
Within function EfiShellGetDevicePathFromFilePath(), when the input
parameter 'Path' string is like:
"FS0:"
It is possible for the below statement:
"if (*(Path+StrLen(MapName)+1) == CHAR_NULL) {"
to read the content 1 byte beyond the string boundary (both 'Path' and
'MapName' will be FS0: in this case).
This commit adds additional checks to avoid this.
Cc: Steven Shi <steven.shi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Diffstat (limited to 'ShellPkg/Application')
| -rw-r--r-- | ShellPkg/Application/Shell/ShellProtocol.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ShellPkg/Application/Shell/ShellProtocol.c b/ShellPkg/Application/Shell/ShellProtocol.c index 40e5e653ae..5e34b8dad1 100644 --- a/ShellPkg/Application/Shell/ShellProtocol.c +++ b/ShellPkg/Application/Shell/ShellProtocol.c @@ -598,7 +598,8 @@ EfiShellGetDevicePathFromFilePath( //
// build the full device path
//
- if (*(Path+StrLen(MapName)+1) == CHAR_NULL) {
+ if ((*(Path+StrLen(MapName)) != CHAR_NULL) &&
+ (*(Path+StrLen(MapName)+1) == CHAR_NULL)) {
DevicePathForReturn = FileDevicePath(Handle, L"\\");
} else {
DevicePathForReturn = FileDevicePath(Handle, Path+StrLen(MapName));
|