diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2016-10-11 11:13:41 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2016-11-08 16:37:12 +0800 |
| commit | 6f30cefd79864bfc983f47b740d90eebe93d10d9 (patch) | |
| tree | 406af4506e4154dd0d079d6a86dd2a5223c7eb1e /BaseTools | |
| parent | 47affb48e9baf3966842919acc0c419129c65392 (diff) | |
| download | edk2-platforms-6f30cefd79864bfc983f47b740d90eebe93d10d9.tar.xz | |
BaseTools/GenFv: Add checks for user/file inputs
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Diffstat (limited to 'BaseTools')
| -rw-r--r-- | BaseTools/Source/C/GenFv/GenFv.c | 9 | ||||
| -rw-r--r-- | BaseTools/Source/C/GenFv/GenFvInternalLib.c | 55 |
2 files changed, 59 insertions, 5 deletions
diff --git a/BaseTools/Source/C/GenFv/GenFv.c b/BaseTools/Source/C/GenFv/GenFv.c index 01ae37acd7..4de24b9f7e 100644 --- a/BaseTools/Source/C/GenFv/GenFv.c +++ b/BaseTools/Source/C/GenFv/GenFv.c @@ -4,7 +4,7 @@ can be found in the Tiano Firmware Volume Generation Utility
Specification, review draft.
-Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -337,7 +337,12 @@ Returns: Error (NULL, 0, 1003, "Invalid option value", "Input Ffsfile can't be null");
return STATUS_ERROR;
}
- strcpy (mFvDataInfo.FvFiles[Index], argv[1]);
+ if (strlen (argv[1]) > MAX_LONG_FILE_PATH - 1) {
+ Error (NULL, 0, 1003, "Invalid option value", "Input Ffsfile name %s is too long!", argv[1]);
+ return STATUS_ERROR;
+ }
+ strncpy (mFvDataInfo.FvFiles[Index], argv[1], MAX_LONG_FILE_PATH - 1);
+ mFvDataInfo.FvFiles[Index][MAX_LONG_FILE_PATH - 1] = 0;
DebugMsg (NULL, 0, 9, "FV component file", "the %uth name is %s", (unsigned) Index + 1, argv[1]);
argc -= 2;
argv += 2;
diff --git a/BaseTools/Source/C/GenFv/GenFvInternalLib.c b/BaseTools/Source/C/GenFv/GenFvInternalLib.c index 7e8b0ed2d8..d16b33eee3 100644 --- a/BaseTools/Source/C/GenFv/GenFvInternalLib.c +++ b/BaseTools/Source/C/GenFv/GenFvInternalLib.c @@ -374,7 +374,7 @@ Returns: }
}
- for (Index = 0; Index < MAX_NUMBER_OF_FILES_IN_FV; Index++) {
+ for (Index = 0; Number + Index < MAX_NUMBER_OF_FILES_IN_FV; Index++) {
//
// Read the FFS file list
//
@@ -2418,17 +2418,19 @@ Returns: UINT8 *FvImage;
UINTN FvImageSize;
FILE *FvFile;
- CHAR8 FvMapName [MAX_LONG_FILE_PATH];
+ CHAR8 *FvMapName;
FILE *FvMapFile;
EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
FILE *FvExtHeaderFile;
UINTN FileSize;
- CHAR8 FvReportName[MAX_LONG_FILE_PATH];
+ CHAR8 *FvReportName;
FILE *FvReportFile;
FvBufferHeader = NULL;
FvFile = NULL;
+ FvMapName = NULL;
FvMapFile = NULL;
+ FvReportName = NULL;
FvReportFile = NULL;
if (InfFileImage != NULL) {
@@ -2566,8 +2568,34 @@ Returns: // FvMap file to log the function address of all modules in one Fvimage
//
if (MapFileName != NULL) {
+ if (strlen (MapFileName) > MAX_LONG_FILE_PATH - 1) {
+ Error (NULL, 0, 1003, "Invalid option value", "MapFileName %s is too long!", MapFileName);
+ Status = EFI_ABORTED;
+ goto Finish;
+ }
+
+ FvMapName = malloc (strlen (MapFileName) + 1);
+ if (FvMapName == NULL) {
+ Error (NULL, 0, 4001, "Resource", "memory cannot be allocated!");
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Finish;
+ }
+
strcpy (FvMapName, MapFileName);
} else {
+ if (strlen (FvFileName) + strlen (".map") > MAX_LONG_FILE_PATH - 1) {
+ Error (NULL, 0, 1003, "Invalid option value", "FvFileName %s is too long!", FvFileName);
+ Status = EFI_ABORTED;
+ goto Finish;
+ }
+
+ FvMapName = malloc (strlen (FvFileName) + strlen (".map") + 1);
+ if (FvMapName == NULL) {
+ Error (NULL, 0, 4001, "Resource", "memory cannot be allocated!");
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Finish;
+ }
+
strcpy (FvMapName, FvFileName);
strcat (FvMapName, ".map");
}
@@ -2576,6 +2604,19 @@ Returns: //
// FvReport file to log the FV information in one Fvimage
//
+ if (strlen (FvFileName) + strlen (".txt") > MAX_LONG_FILE_PATH - 1) {
+ Error (NULL, 0, 1003, "Invalid option value", "FvFileName %s is too long!", FvFileName);
+ Status = EFI_ABORTED;
+ goto Finish;
+ }
+
+ FvReportName = malloc (strlen (FvFileName) + strlen (".txt") + 1);
+ if (FvReportName == NULL) {
+ Error (NULL, 0, 4001, "Resource", "memory cannot be allocated!");
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Finish;
+ }
+
strcpy (FvReportName, FvFileName);
strcat (FvReportName, ".txt");
@@ -2852,6 +2893,14 @@ Finish: if (FvExtHeader != NULL) {
free (FvExtHeader);
}
+
+ if (FvMapName != NULL) {
+ free (FvMapName);
+ }
+
+ if (FvReportName != NULL) {
+ free (FvReportName);
+ }
if (FvFile != NULL) {
fflush (FvFile);
|