From 6b825919f1c16b07b5cac7fc5e298fbeb530d888 Mon Sep 17 00:00:00 2001 From: jcarsey Date: Wed, 30 Mar 2011 16:36:42 +0000 Subject: add more user input verification to connect and vol commands. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11458 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/UefiShellDriver1CommandsLib/Connect.c | 3 +++ ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c | 25 ++++++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c b/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c index 7073c44260..e4e780a437 100644 --- a/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c +++ b/ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c @@ -348,6 +348,9 @@ ShellCommandRunConnect ( } else if (Param2 != NULL && Handle2 == NULL) { ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_INV_HANDLE), gShellDriver1HiiHandle, Param2); ShellStatus = SHELL_INVALID_PARAMETER; + } else if (Handle2 != NULL && Handle1 != NULL && EFI_ERROR(gBS->OpenProtocol(Handle2, &gEfiDriverBindingProtocolGuid, NULL, gImageHandle, NULL, EFI_OPEN_PROTOCOL_TEST_PROTOCOL))) { + ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_INV_HANDLE), gShellDriver1HiiHandle, Param2); + ShellStatus = SHELL_INVALID_PARAMETER; } else { Status = ConvertAndConnectControllers(Handle1, Handle2, ShellCommandLineGetFlag(Package, L"-r"), (BOOLEAN)(Count!=0)); if (EFI_ERROR(Status)) { diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c index 8757ff1b30..e9cd0d0982 100644 --- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c +++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c @@ -44,6 +44,28 @@ HandleVol( ShellStatus = SHELL_SUCCESS; + if ( + StrStr(Name, L"%") != NULL || + StrStr(Name, L"^") != NULL || + StrStr(Name, L"*") != NULL || + StrStr(Name, L"+") != NULL || + StrStr(Name, L"=") != NULL || + StrStr(Name, L"[") != NULL || + StrStr(Name, L"]") != NULL || + StrStr(Name, L"|") != NULL || + StrStr(Name, L":") != NULL || + StrStr(Name, L";") != NULL || + StrStr(Name, L"\"") != NULL || + StrStr(Name, L"<") != NULL || + StrStr(Name, L">") != NULL || + StrStr(Name, L"?") != NULL || + StrStr(Name, L"/") != NULL || + StrStr(Name, L" ") != NULL + ){ + ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_PROBLEM), gShellLevel2HiiHandle, Name); + return (SHELL_INVALID_PARAMETER); + } + Status = gEfiShellProtocol->OpenFileByName( Path, &ShellFileHandle, @@ -51,8 +73,7 @@ HandleVol( if (EFI_ERROR(Status) || ShellFileHandle == NULL) { ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_FILE_OPEN_FAIL), gShellLevel2HiiHandle, Path); - ShellStatus = SHELL_ACCESS_DENIED; - return (ShellStatus); + return (SHELL_ACCESS_DENIED); } // -- cgit v1.2.3