diff options
| author | Ryan Harkin <ryan.harkin@linaro.org> | 2013-05-29 14:56:35 +0000 |
|---|---|---|
| committer | oliviermartin <oliviermartin@6f19259b-4bc3-4df7-8a09-765794883524> | 2013-05-29 14:56:35 +0000 |
| commit | 7ff3b9494d2555be9342aa80cd730d5b96b8ce4c (patch) | |
| tree | f9a58ebe21c80e64073e6dc860758b7b354c3206 /ArmPlatformPkg/Bds | |
| parent | b3a18a1a1770316bfabbc29a44586db24c8c9076 (diff) | |
| download | edk2-platforms-7ff3b9494d2555be9342aa80cd730d5b96b8ce4c.tar.xz | |
ArmPlatformPkg/Bds: Fixed potential overflow in EditHIInputStr()
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Signed-off: Olivier Martin <olivier.martin@arm.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14393 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'ArmPlatformPkg/Bds')
| -rw-r--r-- | ArmPlatformPkg/Bds/BdsHelper.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ArmPlatformPkg/Bds/BdsHelper.c b/ArmPlatformPkg/Bds/BdsHelper.c index 459ebc39fc..fa3026c8ff 100644 --- a/ArmPlatformPkg/Bds/BdsHelper.c +++ b/ArmPlatformPkg/Bds/BdsHelper.c @@ -1,6 +1,6 @@ /** @file
*
-* Copyright (c) 2011-2012, ARM Limited. All rights reserved.
+* Copyright (c) 2011-2013, ARM Limited. All rights reserved.
*
* This program and the accompanying materials
* are licensed and made available under the terms and conditions of the BSD License
@@ -26,9 +26,16 @@ EditHIInputStr ( EFI_INPUT_KEY Key;
EFI_STATUS Status;
+ // The command line must be at least one character long
+ ASSERT (MaxCmdLine > 0);
+
Print (CmdLine);
- for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine; ) {
+ // Ensure the last character of the buffer is the NULL character
+ CmdLine[MaxCmdLine - 1] = '\0';
+
+ // To prevent a buffer overflow, we only allow to enter (MaxCmdLine-1) characters
+ for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine-1; ) {
Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &WaitIndex);
ASSERT_EFI_ERROR (Status);
|