MdePkg: ensure SafeString length functions don't access beyond MaxSize

The StrnLenS and AsciiStrnLenS functions, when presented with a string
with no terminating NULL in the first MaxSize characters will check
the character at String[MaxSize] before checking if Length < MaxSize.
(They return the correct value, but have accessed beyond the stated
limit in the process.)

Flip the order of the tests to prevent this behaviour.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17936 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 2 insertions, 2 deletions

diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7c1b0758f3..b0e1ce72e2 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -141,7 +141,7 @@ StrnLenS (
   // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall

   // be accessed by StrnLenS.

   //

-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {

+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {

     ;

   }

   return Length;

@@ -551,7 +551,7 @@ AsciiStrnLenS (
   // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall

   // be accessed by AsciiStrnLenS.

   //

-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {

+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {

     ;

   }

   return Length;