diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2018-10-30 09:11:57 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2018-10-31 08:57:04 +0800 |
| commit | bfb8c64cbf6a4604b1a69de8e274cce7f0a678dc (patch) | |
| tree | 636635872cc6945b1989b0ae95cbe1ffdcdf7952 | |
| parent | 542b03d0a090d10d39da79a881787cbb013f1754 (diff) | |
| download | edk2-bfb8c64cbf6a4604b1a69de8e274cce7f0a678dc.zip edk2-bfb8c64cbf6a4604b1a69de8e274cce7f0a678dc.tar.gz edk2-bfb8c64cbf6a4604b1a69de8e274cce7f0a678dc.tar.bz2 | |
MdeModulePkg/UdfDxe: Content check for 'File' in ResolveSymlink()
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1279
The content within 'File' is the output data for ResolveSymlink(). This
commit will add checks to ensure the content in 'File' is valid.
Otherwise, possible null pointer dereference issue will occur during the
subsequent usage of the data returned by ResolveSymlink().
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
| -rw-r--r-- | MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c index fed3da1..14b1dea 100644 --- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c @@ -2145,6 +2145,8 @@ ResolveSymlink ( UINT8 CompressionId;
UDF_FILE_INFO PreviousFile;
+ ZeroMem ((VOID *)File, sizeof (UDF_FILE_INFO));
+
//
// Symlink files on UDF volumes do not contain so much data other than
// Path Components which resolves to real filenames, so it's OK to read in
@@ -2288,6 +2290,14 @@ ResolveSymlink ( break;
}
+ //
+ // Check the content in the file info pointed by File.
+ //
+ if ((File->FileEntry == NULL) || (File->FileIdentifierDesc == NULL)) {
+ Status = EFI_VOLUME_CORRUPTED;
+ goto Error_Find_File;
+ }
+
if (CompareMem ((VOID *)&PreviousFile, (VOID *)Parent,
sizeof (UDF_FILE_INFO)) != 0) {
CleanupFileInformation (&PreviousFile);
@@ -2301,6 +2311,13 @@ ResolveSymlink ( //
FreePool (ReadFileInfo.FileData);
+ //
+ // Check the content in the resolved file info.
+ //
+ if ((File->FileEntry == NULL) || (File->FileIdentifierDesc == NULL)) {
+ return EFI_VOLUME_CORRUPTED;
+ }
+
return EFI_SUCCESS;
Error_Find_File:
|