summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjcarsey <jcarsey@6f19259b-4bc3-4df7-8a09-765794883524>2011-03-30 16:36:42 +0000
committerjcarsey <jcarsey@6f19259b-4bc3-4df7-8a09-765794883524>2011-03-30 16:36:42 +0000
commit6b825919f1c16b07b5cac7fc5e298fbeb530d888 (patch)
tree7153b955255ddaf8b74db856f1856c2b273e2eda
parent16751bb43d985132923173773a64595c15d8c290 (diff)
downloadedk2-platforms-6b825919f1c16b07b5cac7fc5e298fbeb530d888.tar.xz
add more user input verification to connect and vol commands.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11458 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r--ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c3
-rw-r--r--ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c25
2 files changed, 26 insertions, 2 deletions
diff --git a/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c b/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c
index 7073c44260..e4e780a437 100644
--- a/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c
+++ b/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c
@@ -348,6 +348,9 @@ ShellCommandRunConnect (
} else if (Param2 != NULL && Handle2 == NULL) {
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_INV_HANDLE), gShellDriver1HiiHandle, Param2);
ShellStatus = SHELL_INVALID_PARAMETER;
+ } else if (Handle2 != NULL && Handle1 != NULL && EFI_ERROR(gBS->OpenProtocol(Handle2, &gEfiDriverBindingProtocolGuid, NULL, gImageHandle, NULL, EFI_OPEN_PROTOCOL_TEST_PROTOCOL))) {
+ ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_INV_HANDLE), gShellDriver1HiiHandle, Param2);
+ ShellStatus = SHELL_INVALID_PARAMETER;
} else {
Status = ConvertAndConnectControllers(Handle1, Handle2, ShellCommandLineGetFlag(Package, L"-r"), (BOOLEAN)(Count!=0));
if (EFI_ERROR(Status)) {
diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
index 8757ff1b30..e9cd0d0982 100644
--- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
+++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
@@ -44,6 +44,28 @@ HandleVol(
ShellStatus = SHELL_SUCCESS;
+ if (
+ StrStr(Name, L"%") != NULL ||
+ StrStr(Name, L"^") != NULL ||
+ StrStr(Name, L"*") != NULL ||
+ StrStr(Name, L"+") != NULL ||
+ StrStr(Name, L"=") != NULL ||
+ StrStr(Name, L"[") != NULL ||
+ StrStr(Name, L"]") != NULL ||
+ StrStr(Name, L"|") != NULL ||
+ StrStr(Name, L":") != NULL ||
+ StrStr(Name, L";") != NULL ||
+ StrStr(Name, L"\"") != NULL ||
+ StrStr(Name, L"<") != NULL ||
+ StrStr(Name, L">") != NULL ||
+ StrStr(Name, L"?") != NULL ||
+ StrStr(Name, L"/") != NULL ||
+ StrStr(Name, L" ") != NULL
+ ){
+ ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_PROBLEM), gShellLevel2HiiHandle, Name);
+ return (SHELL_INVALID_PARAMETER);
+ }
+
Status = gEfiShellProtocol->OpenFileByName(
Path,
&ShellFileHandle,
@@ -51,8 +73,7 @@ HandleVol(
if (EFI_ERROR(Status) || ShellFileHandle == NULL) {
ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_FILE_OPEN_FAIL), gShellLevel2HiiHandle, Path);
- ShellStatus = SHELL_ACCESS_DENIED;
- return (ShellStatus);
+ return (SHELL_ACCESS_DENIED);
}
//