pointer verification (not NULL) and buffer overrun fixes.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11459 6f19259b-4bc3-4df7-8a09-765794883524
author: jcarsey <jcarsey@6f19259b-4bc3-4df7-8a09-765794883524> 2011-03-30 19:33:03 +0000
committer: jcarsey <jcarsey@6f19259b-4bc3-4df7-8a09-765794883524> 2011-03-30 19:33:03 +0000
commit: 33c031ee2092282a069ce07d30202082ceaf61fe (patch)
tree: af76c06a5c4f476e9dfe23096ff2bc0295beaee1 /ShellPkg/Library/UefiShellDebug1CommandsLib/SetVar.c
parent: 6b825919f1c16b07b5cac7fc5e298fbeb530d888 (diff)
download: edk2-platforms-33c031ee2092282a069ce07d30202082ceaf61fe.tar.xz
1 files changed, 15 insertions, 9 deletions
diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/SetVar.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/SetVar.c
index 324db922e6..afccf7bd58 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/SetVar.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/SetVar.c
@@ -154,11 +154,15 @@ ShellCommandRunSetVar (
             // arbitrary buffer
             //
             Buffer = AllocateZeroPool((StrLen(Data) / 2));
-            for (LoopVar = 0 ; LoopVar < (StrLen(Data) / 2) ; LoopVar++) {
-              ((UINT8*)Buffer)[LoopVar] = (UINT8)(HexCharToUintn(Data[LoopVar*2]) * 16);
-              ((UINT8*)Buffer)[LoopVar] = (UINT8)(((UINT8*)Buffer)[LoopVar] + HexCharToUintn(Data[LoopVar*2+1]));
+            if (Buffer == NULL) {
+              Status = EFI_OUT_OF_RESOURCES;
+            } else {
+              for (LoopVar = 0 ; LoopVar < (StrLen(Data) / 2) ; LoopVar++) {
+                ((UINT8*)Buffer)[LoopVar] = (UINT8)(HexCharToUintn(Data[LoopVar*2]) * 16);
+                ((UINT8*)Buffer)[LoopVar] = (UINT8)(((UINT8*)Buffer)[LoopVar] + HexCharToUintn(Data[LoopVar*2+1]));
+              }
+              Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, StrLen(Data) / 2, Buffer);
             }
-            Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, StrLen(Data) / 2, Buffer);
             if (EFI_ERROR(Status)) {
               ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_SETVAR_ERROR_SET), gShellDebug1HiiHandle, &Guid, VariableName, Status);
               ShellStatus = SHELL_ACCESS_DENIED;
@@ -181,11 +185,13 @@ ShellCommandRunSetVar (
           //
           Data++;
           Buffer = AllocateZeroPool(StrSize(Data) / 2);
-          AsciiSPrint(Buffer, StrSize(Data) / 2, "%s", Data);
-          ((CHAR8*)Buffer)[AsciiStrLen(Buffer)-1] = CHAR_NULL;
-
-          
-          Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, AsciiStrSize(Buffer)-sizeof(CHAR8), Buffer);
+          if (Buffer == NULL) {
+            Status = EFI_OUT_OF_RESOURCES;
+          } else {
+            AsciiSPrint(Buffer, StrSize(Data) / 2, "%s", Data);
+            ((CHAR8*)Buffer)[AsciiStrLen(Buffer)-1] = CHAR_NULL;
+            Status = gRT->SetVariable((CHAR16*)VariableName, &Guid, Attributes, AsciiStrSize(Buffer)-sizeof(CHAR8), Buffer);
+          }
           if (EFI_ERROR(Status)) {
             ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_SETVAR_ERROR_SET), gShellDebug1HiiHandle, &Guid, VariableName, Status);
             ShellStatus = SHELL_ACCESS_DENIED;
author	jcarsey <jcarsey@6f19259b-4bc3-4df7-8a09-765794883524>	2011-03-30 19:33:03 +0000
committer	jcarsey <jcarsey@6f19259b-4bc3-4df7-8a09-765794883524>	2011-03-30 19:33:03 +0000
commit	33c031ee2092282a069ce07d30202082ceaf61fe (patch)
tree	af76c06a5c4f476e9dfe23096ff2bc0295beaee1 /ShellPkg/Library/UefiShellDebug1CommandsLib/SetVar.c
parent	6b825919f1c16b07b5cac7fc5e298fbeb530d888 (diff)
download	edk2-platforms-33c031ee2092282a069ce07d30202082ceaf61fe.tar.xz