diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2017-12-18 09:18:58 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2017-12-25 09:54:30 +0800 |
| commit | fc42d0e89002af2d23f83edb5b64d9a56e825922 (patch) | |
| tree | 60a69285aaa574090b803f44d2b7940f585c6858 /BaseTools | |
| parent | 1bdd9465c12e53246e88dc91cd22879ceb269f5c (diff) | |
| download | edk2-fc42d0e89002af2d23f83edb5b64d9a56e825922.zip edk2-fc42d0e89002af2d23f83edb5b64d9a56e825922.tar.gz edk2-fc42d0e89002af2d23f83edb5b64d9a56e825922.tar.bz2 | |
BaseTools/GenFv: Add/refine boundary checks for strcpy/strcat calls
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'BaseTools')
| -rw-r--r-- | BaseTools/Source/C/GenFv/GenFvInternalLib.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/BaseTools/Source/C/GenFv/GenFvInternalLib.c b/BaseTools/Source/C/GenFv/GenFvInternalLib.c index 2b80e79..fc1a760 100644 --- a/BaseTools/Source/C/GenFv/GenFvInternalLib.c +++ b/BaseTools/Source/C/GenFv/GenFvInternalLib.c @@ -824,7 +824,11 @@ Returns: //
// Construct Map file Name
//
- strcpy (PeMapFileName, FileName);
+ if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
+ return EFI_ABORTED;
+ }
+ strncpy (PeMapFileName, FileName, MAX_LONG_FILE_PATH - 1);
+ PeMapFileName[MAX_LONG_FILE_PATH - 1] = 0;
//
// Change '\\' to '/', unified path format.
@@ -861,7 +865,11 @@ Returns: Cptr --;
}
*Cptr2 = '\0';
- strcpy (KeyWord, Cptr + 1);
+ if (strlen (Cptr + 1) >= MAX_LINE_LEN) {
+ return EFI_ABORTED;
+ }
+ strncpy (KeyWord, Cptr + 1, MAX_LINE_LEN - 1);
+ KeyWord[MAX_LINE_LEN - 1] = 0;
*Cptr2 = '.';
//
@@ -3534,7 +3542,12 @@ Returns: //
// Construct the original efi file Name
//
- strcpy (PeFileName, FileName);
+ if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
+ Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
+ return EFI_ABORTED;
+ }
+ strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
+ PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') {
Cptr --;
@@ -3789,7 +3802,12 @@ Returns: //
// Construct the original efi file name
//
- strcpy (PeFileName, FileName);
+ if (strlen (FileName) >= MAX_LONG_FILE_PATH) {
+ Error (NULL, 0, 2000, "Invalid", "The file name %s is too long.", FileName);
+ return EFI_ABORTED;
+ }
+ strncpy (PeFileName, FileName, MAX_LONG_FILE_PATH - 1);
+ PeFileName[MAX_LONG_FILE_PATH - 1] = 0;
Cptr = PeFileName + strlen (PeFileName);
while (*Cptr != '.') {
Cptr --;
|