summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Dong <eric.dong@intel.com>2015-08-19 12:12:59 +0000
committerydong10 <ydong10@Edk2>2015-08-19 12:12:59 +0000
commit9946c0a93e54dbf503cac692169b28b35ddd81d3 (patch)
treec765778fe3474752baf6d5bd7f5e1131e97bfd30
parent70119d2741eefc640edd7601f7241b05776ba579 (diff)
downloadedk2-platforms-9946c0a93e54dbf503cac692169b28b35ddd81d3.tar.xz
Allocate temp buffer to avoid potential change user input string buffer.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18238 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat
-rw-r--r--MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c38
1 files changed, 34 insertions, 4 deletions
diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
index 529e90f8a8..4cf803c54f 100644
--- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
+++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c
@@ -2808,7 +2808,7 @@ EfiConfigKeywordHandlerSetData (
EFI_STATUS Status;
CHAR16 *StringPtr;
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
- CHAR16 *NextStringPtr;
+ CHAR16 *NextStringPtr;
CHAR16 *KeywordData;
EFI_STRING_ID KeywordStringId;
UINT32 RetVal;
@@ -2819,6 +2819,7 @@ EfiConfigKeywordHandlerSetData (
CHAR16 *ValueElement;
BOOLEAN ReadOnly;
EFI_STRING InternalProgress;
+ CHAR16 *TempString;
if (This == NULL || Progress == NULL || ProgressErr == NULL || KeywordString == NULL) {
return EFI_INVALID_PARAMETER;
@@ -2827,7 +2828,6 @@ EfiConfigKeywordHandlerSetData (
*Progress = KeywordString;
*ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR;
Status = EFI_SUCCESS;
- StringPtr = KeywordString;
MultiConfigResp = NULL;
NameSpace = NULL;
DevicePath = NULL;
@@ -2836,6 +2836,13 @@ EfiConfigKeywordHandlerSetData (
ConfigResp = NULL;
KeywordStringId = 0;
+ //
+ // Use temp string to avoid changing input string buffer.
+ //
+ TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
+ ASSERT (TempString != NULL);
+ StringPtr = TempString;
+
while ((StringPtr != NULL) && (*StringPtr != L'\0')) {
//
// 1. Get NameSpace from NameSpaceId keyword.
@@ -2962,6 +2969,8 @@ EfiConfigKeywordHandlerSetData (
*ProgressErr = KEYWORD_HANDLER_NO_ERROR;
Done:
+ ASSERT (TempString != NULL);
+ FreePool (TempString);
if (NameSpace != NULL) {
FreePool (NameSpace);
}
@@ -3078,6 +3087,7 @@ EfiConfigKeywordHandlerGetData (
BOOLEAN ReadOnly;
CHAR16 *KeywordResp;
CHAR16 *MultiKeywordResp;
+ CHAR16 *TempString;
if (This == NULL || Progress == NULL || ProgressErr == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
@@ -3093,18 +3103,35 @@ EfiConfigKeywordHandlerGetData (
ReadOnly = FALSE;
MultiKeywordResp = NULL;
KeywordStringId = 0;
+ TempString = NULL;
//
+ // Use temp string to avoid changing input string buffer.
+ //
+ if (NameSpaceId != NULL) {
+ TempString = AllocateCopyPool (StrSize (NameSpaceId), NameSpaceId);
+ ASSERT (TempString != NULL);
+ }
+ //
// 1. Get NameSpace from NameSpaceId keyword.
//
- Status = ExtractNameSpace (NameSpaceId, &NameSpace, NULL);
+ Status = ExtractNameSpace (TempString, &NameSpace, NULL);
+ if (TempString != NULL) {
+ FreePool (TempString);
+ TempString = NULL;
+ }
if (EFI_ERROR (Status)) {
*ProgressErr = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND;
return Status;
}
if (KeywordString != NULL) {
- StringPtr = KeywordString;
+ //
+ // Use temp string to avoid changing input string buffer.
+ //
+ TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
+ ASSERT (TempString != NULL);
+ StringPtr = TempString;
while (*StringPtr != L'\0') {
//
@@ -3225,6 +3252,9 @@ EfiConfigKeywordHandlerGetData (
*ProgressErr = KEYWORD_HANDLER_NO_ERROR;
Done:
+ if (TempString != NULL) {
+ FreePool (TempString);
+ }
if (NameSpace != NULL) {
FreePool (NameSpace);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-07 10:42:11 +0000