diff options
| author | Dong, Eric <eric.dong@intel.com> | 2016-08-02 19:32:30 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2016-08-03 09:50:42 +0800 |
| commit | 904e345d94f1ed6400f1fe5c4831bc1975971899 (patch) | |
| tree | aa4d10defff3f47781596bb2038edd44a2ef110d /SecurityPkg/Tcg | |
| parent | 49680c684f7b0e3e77d7190943f842ca06b84c50 (diff) | |
| download | edk2-platforms-904e345d94f1ed6400f1fe5c4831bc1975971899.tar.xz | |
SecurityPkg OpalPasswordDxe: Fix buffer overflow issue.
In current code, PSID is processed as string and the length is 0x20.
Current code only reserved 0x20 length buffer for it, no extra buffer
for the '\0'. When driver call UnicodeStrToAsciiStrS to convert PSID,
it search the '\0' for the end. So extra dirty data saved in PSID
info which caused PSID revert action failed. This patch reserved
extra 1 byte data for the '\0'.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
(cherry picked from commit 4636e4426a31802c25bd8409be9031c4d20324f4)
Diffstat (limited to 'SecurityPkg/Tcg')
| -rw-r--r-- | SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 5 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h | 3 |
2 files changed, 6 insertions, 2 deletions
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c index 59b7b2722c..c10163ef3c 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c @@ -593,12 +593,15 @@ HiiPsidRevert( OPAL_DISK *OpalDisk;
TCG_RESULT Ret;
OPAL_SESSION Session;
+ UINT8 TmpBuf[PSID_CHARACTER_STRING_END_LENGTH];
Ret = TcgResultFailure;
OpalHiiGetBrowserData();
- UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)Psid.Psid, PSID_CHARACTER_LENGTH);
+ ZeroMem (TmpBuf, sizeof (TmpBuf));
+ UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH);
+ CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH);
OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex);
if (OpalDisk != NULL) {
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h index 138bcb8935..88cf9f5b59 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h @@ -21,6 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // PSID Length
#define PSID_CHARACTER_LENGTH 0x20
+#define PSID_CHARACTER_STRING_END_LENGTH 0x21
// ID's for various forms that will be used by HII
#define FORMID_VALUE_MAIN_MENU 0x01
@@ -38,7 +39,7 @@ typedef struct { UINT8 KeepUserData;
UINT16 AvailableFields;
UINT16 Password[MAX_PASSWORD_CHARACTER_LENGTH];
- UINT16 Psid[PSID_CHARACTER_LENGTH];
+ UINT16 Psid[PSID_CHARACTER_STRING_END_LENGTH];
UINT8 EnableBlockSid;
} OPAL_HII_CONFIGURATION;
#pragma pack()
|