diff options
author | Qiu Shumin <shumin.qiu@intel.com> | 2014-08-25 08:04:52 +0000 |
---|---|---|
committer | shenshushi <shenshushi@6f19259b-4bc3-4df7-8a09-765794883524> | 2014-08-25 08:04:52 +0000 |
commit | a361d391601b82b4e9c1877f53c0dfe753febd43 (patch) | |
tree | 9c95e7b03578f0c9da233ee530a196f68b84d8d4 | |
parent | b69fd59e6f1a884e1f3e42f4fd07e59060782cc1 (diff) | |
download | edk2-platforms-a361d391601b82b4e9c1877f53c0dfe753febd43.tar.xz |
Append the terminating null character at the end of the string to avoid buffer overflow.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15888 6f19259b-4bc3-4df7-8a09-765794883524
4 files changed, 13 insertions, 4 deletions
diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c index 54de16ca5f..aa73132cb5 100644 --- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c +++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c @@ -60,7 +60,8 @@ PxeBcCheckPacket ( if (Packet->OpCode == EFI_MTFTP4_OPCODE_ERROR) {
Private->Mode.TftpErrorReceived = TRUE;
Private->Mode.TftpError.ErrorCode = (UINT8) Packet->Error.ErrorCode;
- AsciiStrnCpy (Private->Mode.TftpError.ErrorString, (CHAR8 *) Packet->Error.ErrorMessage, 127);
+ AsciiStrnCpy (Private->Mode.TftpError.ErrorString, (CHAR8 *) Packet->Error.ErrorMessage, PXE_MTFTP_ERROR_STRING_LENGTH);
+ Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0';
}
if (Callback != NULL) {
@@ -162,8 +163,9 @@ PxeBcTftpGetFileSize ( AsciiStrnCpy (
Private->Mode.TftpError.ErrorString,
(CHAR8 *) Packet->Error.ErrorMessage,
- 127
+ PXE_MTFTP_ERROR_STRING_LENGTH
);
+ Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0';
}
goto ON_ERROR;
}
diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h index 534daa9e1b..9920aff8b0 100644 --- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h +++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h @@ -1,7 +1,7 @@ /** @file
Mtftp routines for PxeBc.
-Copyright (c) 2007 - 2009, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -21,6 +21,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define PXE_MTFTP_OPTION_MULTICAST_INDEX 3
#define PXE_MTFTP_OPTION_MAXIMUM_INDEX 4
+#define PXE_MTFTP_ERROR_STRING_LENGTH 127
+
/**
This function is to get size of a file by Tftp.
diff --git a/NetworkPkg/Application/IpsecConfig/Indexer.c b/NetworkPkg/Application/IpsecConfig/Indexer.c index 1762bbeb58..9e066b1cb5 100644 --- a/NetworkPkg/Application/IpsecConfig/Indexer.c +++ b/NetworkPkg/Application/IpsecConfig/Indexer.c @@ -1,7 +1,7 @@ /** @file
The implementation of construct ENTRY_INDEXER in IpSecConfig application.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -234,6 +234,7 @@ ConstructPadIndexer ( }
Indexer->PadId.PeerIdValid = TRUE;
+ ZeroMem (Indexer->PadId.Id.PeerId, MAX_PEERID_LEN);
StrnCpy ((CHAR16 *) Indexer->PadId.Id.PeerId, ValueStr, ARRAY_SIZE (Indexer->PadId.Id.PeerId) - 1);
}
}
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c b/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c index 9a80dc5e38..09196c7ac6 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c @@ -69,6 +69,7 @@ PxeBcMtftp6CheckPacket ( (CHAR8 *) Packet->Error.ErrorMessage,
PXE_MTFTP_ERROR_STRING_LENGTH
);
+ Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0';
}
if (Callback != NULL) {
@@ -182,6 +183,7 @@ PxeBcMtftp6GetFileSize ( (CHAR8 *) Packet->Error.ErrorMessage,
PXE_MTFTP_ERROR_STRING_LENGTH
);
+ Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0';
}
goto ON_ERROR;
}
@@ -511,6 +513,7 @@ PxeBcMtftp4CheckPacket ( (CHAR8 *) Packet->Error.ErrorMessage,
PXE_MTFTP_ERROR_STRING_LENGTH
);
+ Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0';
}
if (Callback != NULL) {
@@ -624,6 +627,7 @@ PxeBcMtftp4GetFileSize ( (CHAR8 *) Packet->Error.ErrorMessage,
PXE_MTFTP_ERROR_STRING_LENGTH
);
+ Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0';
}
goto ON_ERROR;
}
|