From a1360fa3de6dade1b9d204284356df52bc58e801 Mon Sep 17 00:00:00 2001
From: Jeff Fan <jeff.fan@intel.com>
Date: Thu, 14 Aug 2014 02:00:11 +0000
Subject: Use StrnCat instead of StrCat to avoid target buffer overflow.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Eric Dong <Eric.Dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15797 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../Universal/BdsDxe/DeviceMngr/DeviceManager.c                   | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c')

diff --git a/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c b/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
index 6a76c33f26..866df574f6 100644
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/DeviceMngr/DeviceManager.c
@@ -1,7 +1,7 @@
 /** @file
   The platform device manager reference implementation
 
-Copyright (c) 2004 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -1260,6 +1260,7 @@ CallDriverHealth (
   LIST_ENTRY                  *Link;
   EFI_DEVICE_PATH_PROTOCOL    *DriverDevicePath;
   BOOLEAN                     RebootRequired;
+  UINTN                       StringSize;
 
   Index               = 0;
   DriverHealthInfo    = NULL;  
@@ -1341,7 +1342,8 @@ CallDriverHealth (
     //
     // Assume no line strings is longer than 512 bytes.
     //
-    String = (EFI_STRING) AllocateZeroPool (0x200);
+    StringSize = 0x200;
+    String = (EFI_STRING) AllocateZeroPool (StringSize);
     ASSERT (String != NULL);
 
     Status = DriverHealthGetDriverName (DriverHealthInfo->DriverHandle, &DriverName);
@@ -1410,7 +1412,7 @@ CallDriverHealth (
     }
 
     ASSERT (TmpString != NULL);
-    StrCat (String, TmpString);
+    StrnCat (String, TmpString, StringSize / sizeof (CHAR16) - StrLen (String) - 1);
     FreePool (TmpString);
 
     Token = HiiSetString (HiiHandle, 0, String, NULL);
-- 
cgit v1.2.3