diff options
Diffstat (limited to 'MdeModulePkg/Universal/SetupBrowserDxe/Setup.c')
| -rw-r--r-- | MdeModulePkg/Universal/SetupBrowserDxe/Setup.c | 60 |
1 files changed, 35 insertions, 25 deletions
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c index b153dd4bfe..c209db8bc7 100644 --- a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c +++ b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c @@ -635,6 +635,7 @@ ProcessStorage ( CHAR16 *StrPtr;
UINTN BufferSize;
UINTN TmpSize;
+ UINTN MaxLen;
FORMSET_STORAGE *BrowserStorage;
if (RetrieveData) {
@@ -660,7 +661,7 @@ ProcessStorage ( // Copy the data if the input buffer is bigger enough.
//
if (*ResultsDataSize >= BufferSize) {
- StrCpy (*ResultsData, StrPtr);
+ StrCpyS (*ResultsData, *ResultsDataSize / sizeof (CHAR16), StrPtr);
}
*ResultsDataSize = BufferSize;
@@ -673,12 +674,13 @@ ProcessStorage ( ASSERT (BrowserStorage != NULL);
TmpSize = StrLen (*ResultsData);
BufferSize = (TmpSize + StrLen (BrowserStorage->ConfigHdr) + 2) * sizeof (CHAR16);
+ MaxLen = BufferSize / sizeof (CHAR16);
ConfigResp = AllocateZeroPool (BufferSize);
ASSERT (ConfigResp != NULL);
- StrCpy (ConfigResp, BrowserStorage->ConfigHdr);
- StrCat (ConfigResp, L"&");
- StrCat (ConfigResp, *ResultsData);
+ StrCpyS (ConfigResp, MaxLen, BrowserStorage->ConfigHdr);
+ StrCatS (ConfigResp, MaxLen, L"&");
+ StrCatS (ConfigResp, MaxLen, *ResultsData);
//
// Update Browser uncommited data
@@ -1079,19 +1081,19 @@ NewStringCat ( )
{
CHAR16 *NewString;
- UINTN TmpSize;
+ UINTN MaxLen;
if (*Dest == NULL) {
NewStringCpy (Dest, Src);
return;
}
- TmpSize = StrSize (*Dest);
- NewString = AllocateZeroPool (TmpSize + StrSize (Src) - 1);
+ MaxLen = ( StrSize (*Dest) + StrSize (Src) - 1) / sizeof (CHAR16);
+ NewString = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewString != NULL);
- StrCpy (NewString, *Dest);
- StrCat (NewString, Src);
+ StrCpyS (NewString, MaxLen, *Dest);
+ StrCatS (NewString, MaxLen, Src);
FreePool (*Dest);
*Dest = NewString;
@@ -1441,7 +1443,7 @@ BufferToValue ( DstBuf = (CHAR16 *) Dst;
ZeroMem (TemStr, sizeof (TemStr));
for (Index = 0; Index < LengthStr; Index += 4) {
- StrnCpy (TemStr, Value + Index, 4);
+ StrnCpyS (TemStr, sizeof (TemStr) / sizeof (CHAR16), Value + Index, 4);
DstBuf[Index/4] = (CHAR16) StrHexToUint64 (TemStr);
}
//
@@ -1505,6 +1507,7 @@ GetQuestionValue ( CHAR16 *Value;
UINTN Length;
BOOLEAN IsBufferStorage;
+ UINTN MaxLen;
Status = EFI_SUCCESS;
Value = NULL;
@@ -1704,15 +1707,17 @@ GetQuestionValue ( Length = StrLen (FormsetStorage->ConfigHdr);
Length += StrLen (Question->VariableName) + 1;
}
- ConfigRequest = AllocateZeroPool ((Length + 1) * sizeof (CHAR16));
+ // Allocate buffer include '\0'
+ MaxLen = Length + 1;
+ ConfigRequest = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (ConfigRequest != NULL);
- StrCpy (ConfigRequest, FormsetStorage->ConfigHdr);
+ StrCpyS (ConfigRequest, MaxLen, FormsetStorage->ConfigHdr);
if (IsBufferStorage) {
- StrCat (ConfigRequest, Question->BlockName);
+ StrCatS (ConfigRequest, MaxLen, Question->BlockName);
} else {
- StrCat (ConfigRequest, L"&");
- StrCat (ConfigRequest, Question->VariableName);
+ StrCatS (ConfigRequest, MaxLen, L"&");
+ StrCatS (ConfigRequest, MaxLen, Question->VariableName);
}
//
@@ -1818,6 +1823,7 @@ SetQuestionValue ( CHAR16 *TemString;
UINTN Index;
NAME_VALUE_NODE *Node;
+ UINTN MaxLen;
Status = EFI_SUCCESS;
Node = NULL;
@@ -2002,17 +2008,18 @@ SetQuestionValue ( }
FormsetStorage = GetFstStgFromVarId(FormSet, Question->VarStoreId);
ASSERT (FormsetStorage != NULL);
- ConfigResp = AllocateZeroPool ((StrLen (FormsetStorage->ConfigHdr) + Length + 1) * sizeof (CHAR16));
+ MaxLen = StrLen (FormsetStorage->ConfigHdr) + Length + 1;
+ ConfigResp = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (ConfigResp != NULL);
- StrCpy (ConfigResp, FormsetStorage->ConfigHdr);
+ StrCpyS (ConfigResp, MaxLen, FormsetStorage->ConfigHdr);
if (IsBufferStorage) {
- StrCat (ConfigResp, Question->BlockName);
- StrCat (ConfigResp, L"&VALUE=");
+ StrCatS (ConfigResp, MaxLen, Question->BlockName);
+ StrCatS (ConfigResp, MaxLen, L"&VALUE=");
} else {
- StrCat (ConfigResp, L"&");
- StrCat (ConfigResp, Question->VariableName);
- StrCat (ConfigResp, L"=");
+ StrCatS (ConfigResp, MaxLen, L"&");
+ StrCatS (ConfigResp, MaxLen, Question->VariableName);
+ StrCatS (ConfigResp, MaxLen, L"=");
}
Value = ConfigResp + StrLen (ConfigResp);
@@ -4887,8 +4894,11 @@ AppendConfigRequest ( CHAR16 *NewStr;
UINTN StringSize;
UINTN StrLength;
+ UINTN MaxLen;
StrLength = StrLen (RequestElement);
+ StringSize = (*ConfigRequest != NULL) ? StrSize (*ConfigRequest) : sizeof (CHAR16);
+ MaxLen = StringSize / sizeof (CHAR16) + *SpareStrLen;
//
// Append <RequestElement> to <ConfigRequest>
@@ -4897,8 +4907,8 @@ AppendConfigRequest ( //
// Old String buffer is not sufficient for RequestElement, allocate a new one
//
- StringSize = (*ConfigRequest != NULL) ? StrSize (*ConfigRequest) : sizeof (CHAR16);
- NewStr = AllocateZeroPool (StringSize + CONFIG_REQUEST_STRING_INCREMENTAL * sizeof (CHAR16));
+ MaxLen = StringSize / sizeof (CHAR16) + CONFIG_REQUEST_STRING_INCREMENTAL;
+ NewStr = AllocateZeroPool (MaxLen * sizeof (CHAR16));
ASSERT (NewStr != NULL);
if (*ConfigRequest != NULL) {
@@ -4909,7 +4919,7 @@ AppendConfigRequest ( *SpareStrLen = CONFIG_REQUEST_STRING_INCREMENTAL;
}
- StrCat (*ConfigRequest, RequestElement);
+ StrCatS (*ConfigRequest, MaxLen, RequestElement);
*SpareStrLen -= StrLength;
}
|