diff options
| author | Eric Dong <eric.dong@intel.com> | 2015-08-19 12:12:59 +0000 |
|---|---|---|
| committer | ydong10 <ydong10@Edk2> | 2015-08-19 12:12:59 +0000 |
| commit | 9946c0a93e54dbf503cac692169b28b35ddd81d3 (patch) | |
| tree | c765778fe3474752baf6d5bd7f5e1131e97bfd30 /MdeModulePkg | |
| parent | 70119d2741eefc640edd7601f7241b05776ba579 (diff) | |
| download | edk2-platforms-9946c0a93e54dbf503cac692169b28b35ddd81d3.tar.xz | |
Allocate temp buffer to avoid potential change user input string buffer.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18238 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg')
| -rw-r--r-- | MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c index 529e90f8a8..4cf803c54f 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c @@ -2808,7 +2808,7 @@ EfiConfigKeywordHandlerSetData ( EFI_STATUS Status;
CHAR16 *StringPtr;
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
- CHAR16 *NextStringPtr;
+ CHAR16 *NextStringPtr;
CHAR16 *KeywordData;
EFI_STRING_ID KeywordStringId;
UINT32 RetVal;
@@ -2819,6 +2819,7 @@ EfiConfigKeywordHandlerSetData ( CHAR16 *ValueElement;
BOOLEAN ReadOnly;
EFI_STRING InternalProgress;
+ CHAR16 *TempString;
if (This == NULL || Progress == NULL || ProgressErr == NULL || KeywordString == NULL) {
return EFI_INVALID_PARAMETER;
@@ -2827,7 +2828,6 @@ EfiConfigKeywordHandlerSetData ( *Progress = KeywordString;
*ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR;
Status = EFI_SUCCESS;
- StringPtr = KeywordString;
MultiConfigResp = NULL;
NameSpace = NULL;
DevicePath = NULL;
@@ -2836,6 +2836,13 @@ EfiConfigKeywordHandlerSetData ( ConfigResp = NULL;
KeywordStringId = 0;
+ //
+ // Use temp string to avoid changing input string buffer.
+ //
+ TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
+ ASSERT (TempString != NULL);
+ StringPtr = TempString;
+
while ((StringPtr != NULL) && (*StringPtr != L'\0')) {
//
// 1. Get NameSpace from NameSpaceId keyword.
@@ -2962,6 +2969,8 @@ EfiConfigKeywordHandlerSetData ( *ProgressErr = KEYWORD_HANDLER_NO_ERROR;
Done:
+ ASSERT (TempString != NULL);
+ FreePool (TempString);
if (NameSpace != NULL) {
FreePool (NameSpace);
}
@@ -3078,6 +3087,7 @@ EfiConfigKeywordHandlerGetData ( BOOLEAN ReadOnly;
CHAR16 *KeywordResp;
CHAR16 *MultiKeywordResp;
+ CHAR16 *TempString;
if (This == NULL || Progress == NULL || ProgressErr == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
@@ -3093,18 +3103,35 @@ EfiConfigKeywordHandlerGetData ( ReadOnly = FALSE;
MultiKeywordResp = NULL;
KeywordStringId = 0;
+ TempString = NULL;
//
+ // Use temp string to avoid changing input string buffer.
+ //
+ if (NameSpaceId != NULL) {
+ TempString = AllocateCopyPool (StrSize (NameSpaceId), NameSpaceId);
+ ASSERT (TempString != NULL);
+ }
+ //
// 1. Get NameSpace from NameSpaceId keyword.
//
- Status = ExtractNameSpace (NameSpaceId, &NameSpace, NULL);
+ Status = ExtractNameSpace (TempString, &NameSpace, NULL);
+ if (TempString != NULL) {
+ FreePool (TempString);
+ TempString = NULL;
+ }
if (EFI_ERROR (Status)) {
*ProgressErr = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND;
return Status;
}
if (KeywordString != NULL) {
- StringPtr = KeywordString;
+ //
+ // Use temp string to avoid changing input string buffer.
+ //
+ TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString);
+ ASSERT (TempString != NULL);
+ StringPtr = TempString;
while (*StringPtr != L'\0') {
//
@@ -3225,6 +3252,9 @@ EfiConfigKeywordHandlerGetData ( *ProgressErr = KEYWORD_HANDLER_NO_ERROR;
Done:
+ if (TempString != NULL) {
+ FreePool (TempString);
+ }
if (NameSpace != NULL) {
FreePool (NameSpace);
}
|