From 7ff3b9494d2555be9342aa80cd730d5b96b8ce4c Mon Sep 17 00:00:00 2001 From: Ryan Harkin Date: Wed, 29 May 2013 14:56:35 +0000 Subject: ArmPlatformPkg/Bds: Fixed potential overflow in EditHIInputStr() Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ryan Harkin Signed-off: Olivier Martin git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14393 6f19259b-4bc3-4df7-8a09-765794883524 --- ArmPlatformPkg/Bds/BdsHelper.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'ArmPlatformPkg/Bds') diff --git a/ArmPlatformPkg/Bds/BdsHelper.c b/ArmPlatformPkg/Bds/BdsHelper.c index 459ebc39fc..fa3026c8ff 100644 --- a/ArmPlatformPkg/Bds/BdsHelper.c +++ b/ArmPlatformPkg/Bds/BdsHelper.c @@ -1,6 +1,6 @@ /** @file * -* Copyright (c) 2011-2012, ARM Limited. All rights reserved. +* Copyright (c) 2011-2013, ARM Limited. All rights reserved. * * This program and the accompanying materials * are licensed and made available under the terms and conditions of the BSD License @@ -26,9 +26,16 @@ EditHIInputStr ( EFI_INPUT_KEY Key; EFI_STATUS Status; + // The command line must be at least one character long + ASSERT (MaxCmdLine > 0); + Print (CmdLine); - for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine; ) { + // Ensure the last character of the buffer is the NULL character + CmdLine[MaxCmdLine - 1] = '\0'; + + // To prevent a buffer overflow, we only allow to enter (MaxCmdLine-1) characters + for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine-1; ) { Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &WaitIndex); ASSERT_EFI_ERROR (Status); -- cgit v1.2.3