From 0b37723186ec1525b6caf14b0309fb0ed04084d7 Mon Sep 17 00:00:00 2001 From: Giri Mudusuru Date: Sat, 6 May 2023 18:28:24 +0800 Subject: ShellPkg/UefiShellDebug1CommandsLib: Replace hardcoded SMBIOS strings. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3805 Replace hardcoded SMBIOS Anchor string and size with defines. Fix buffer overflow as described below. Smbios64BitPrintEPSInfo () is coded like: UINT8 Anchor[5]; MemToString (Anchor, SmbiosTable->AnchorString, 5); But the definition of MemToString() Copy Length of Src buffer to Dest buffer, add a NULL termination to Dest buffer. So Anchor needs to be +1 the size of the SMBIOS Anchor string `_SM3_`. Changes from v1 to v2: - Replace doxygen style inline comments Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Andrew Fish Signed-off-by: Giri Mudusuru Reviewed-by: Liming Gao --- .../Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c | 9 +++++---- .../Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) (limited to 'ShellPkg') diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c index 1811cf0c44..a14b79904d 100644 --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c @@ -5,6 +5,7 @@ Copyright (c) 1985 - 2022, American Megatrends International LLC.
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.
(C) Copyright 2015-2019 Hewlett Packard Enterprise Development LP
+ Copyright (c) 2023 Apple Inc. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -135,7 +136,7 @@ SmbiosPrintEPSInfo ( IN UINT8 Option ) { - UINT8 Anchor[5]; + UINT8 Anchor[SMBIOS_ANCHOR_STRING_LENGTH + 1]; // Including terminating NULL character UINT8 InAnchor[6]; if (SmbiosTable == NULL) { @@ -149,7 +150,7 @@ SmbiosPrintEPSInfo ( if (Option >= SHOW_NORMAL) { ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ENTRY_POINT_SIGN), gShellDebug1HiiHandle); - MemToString (Anchor, SmbiosTable->AnchorString, 4); + MemToString (Anchor, SmbiosTable->AnchorString, SMBIOS_ANCHOR_STRING_LENGTH); ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ANCHOR_STR), gShellDebug1HiiHandle, Anchor); ShellPrintHiiEx ( -1, @@ -220,7 +221,7 @@ Smbios64BitPrintEPSInfo ( IN UINT8 Option ) { - UINT8 Anchor[5]; + UINT8 Anchor[SMBIOS_3_0_ANCHOR_STRING_LENGTH + 1]; // Including terminating NULL character if (SmbiosTable == NULL) { ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_SMBIOSTABLE_NULL), gShellDebug1HiiHandle); @@ -234,7 +235,7 @@ Smbios64BitPrintEPSInfo ( if (Option >= SHOW_NORMAL) { ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_64_BIT_ENTRY_POINT_SIGN), gShellDebug1HiiHandle); - MemToString (Anchor, SmbiosTable->AnchorString, 5); + MemToString (Anchor, SmbiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING_LENGTH); ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ANCHOR_STR), gShellDebug1HiiHandle, Anchor); ShellPrintHiiEx ( diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c index e9360beb23..7e7eef3fd8 100644 --- a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c +++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c @@ -3,6 +3,7 @@ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2023 Apple Inc. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -263,7 +264,7 @@ SMBiosView ( return EFI_BAD_BUFFER_SIZE; } - if (CompareMem (SMBiosTable->AnchorString, "_SM_", 4) == 0) { + if (CompareMem (SMBiosTable->AnchorString, SMBIOS_ANCHOR_STRING, SMBIOS_ANCHOR_STRING_LENGTH) == 0) { // // Have got SMBIOS table // @@ -441,7 +442,7 @@ SMBios64View ( return EFI_BAD_BUFFER_SIZE; } - if (CompareMem (SMBiosTable->AnchorString, "_SM3_", 5) == 0) { + if (CompareMem (SMBiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING, SMBIOS_3_0_ANCHOR_STRING_LENGTH) == 0) { // // Have got SMBIOS table // @@ -612,7 +613,7 @@ InitSmbiosTableStatistics ( return EFI_NOT_FOUND; } - if (CompareMem (SMBiosTable->AnchorString, "_SM_", 4) != 0) { + if (CompareMem (SMBiosTable->AnchorString, SMBIOS_ANCHOR_STRING, SMBIOS_ANCHOR_STRING_LENGTH) != 0) { ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_SMBIOSVIEW_SMBIOS_TABLE), gShellDebug1HiiHandle); return EFI_INVALID_PARAMETER; } @@ -753,7 +754,7 @@ InitSmbios64BitTableStatistics ( return EFI_NOT_FOUND; } - if (CompareMem (SMBiosTable->AnchorString, "_SM3_", 5) != 0) { + if (CompareMem (SMBiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING, SMBIOS_3_0_ANCHOR_STRING_LENGTH) != 0) { ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_SMBIOSVIEW_SMBIOS_TABLE), gShellDebug1HiiHandle); return EFI_INVALID_PARAMETER; } -- cgit v1.2.3