From 9946c0a93e54dbf503cac692169b28b35ddd81d3 Mon Sep 17 00:00:00 2001 From: Eric Dong Date: Wed, 19 Aug 2015 12:12:59 +0000 Subject: Allocate temp buffer to avoid potential change user input string buffer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong Reviewed-by: Liming Gao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18238 6f19259b-4bc3-4df7-8a09-765794883524 --- .../HiiDatabaseDxe/ConfigKeywordHandler.c | 38 +++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) (limited to 'MdeModulePkg') diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c index 529e90f8a8..4cf803c54f 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c @@ -2808,7 +2808,7 @@ EfiConfigKeywordHandlerSetData ( EFI_STATUS Status; CHAR16 *StringPtr; EFI_DEVICE_PATH_PROTOCOL *DevicePath; - CHAR16 *NextStringPtr; + CHAR16 *NextStringPtr; CHAR16 *KeywordData; EFI_STRING_ID KeywordStringId; UINT32 RetVal; @@ -2819,6 +2819,7 @@ EfiConfigKeywordHandlerSetData ( CHAR16 *ValueElement; BOOLEAN ReadOnly; EFI_STRING InternalProgress; + CHAR16 *TempString; if (This == NULL || Progress == NULL || ProgressErr == NULL || KeywordString == NULL) { return EFI_INVALID_PARAMETER; @@ -2827,7 +2828,6 @@ EfiConfigKeywordHandlerSetData ( *Progress = KeywordString; *ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR; Status = EFI_SUCCESS; - StringPtr = KeywordString; MultiConfigResp = NULL; NameSpace = NULL; DevicePath = NULL; @@ -2836,6 +2836,13 @@ EfiConfigKeywordHandlerSetData ( ConfigResp = NULL; KeywordStringId = 0; + // + // Use temp string to avoid changing input string buffer. + // + TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString); + ASSERT (TempString != NULL); + StringPtr = TempString; + while ((StringPtr != NULL) && (*StringPtr != L'\0')) { // // 1. Get NameSpace from NameSpaceId keyword. @@ -2962,6 +2969,8 @@ EfiConfigKeywordHandlerSetData ( *ProgressErr = KEYWORD_HANDLER_NO_ERROR; Done: + ASSERT (TempString != NULL); + FreePool (TempString); if (NameSpace != NULL) { FreePool (NameSpace); } @@ -3078,6 +3087,7 @@ EfiConfigKeywordHandlerGetData ( BOOLEAN ReadOnly; CHAR16 *KeywordResp; CHAR16 *MultiKeywordResp; + CHAR16 *TempString; if (This == NULL || Progress == NULL || ProgressErr == NULL || Results == NULL) { return EFI_INVALID_PARAMETER; @@ -3093,18 +3103,35 @@ EfiConfigKeywordHandlerGetData ( ReadOnly = FALSE; MultiKeywordResp = NULL; KeywordStringId = 0; + TempString = NULL; + // + // Use temp string to avoid changing input string buffer. + // + if (NameSpaceId != NULL) { + TempString = AllocateCopyPool (StrSize (NameSpaceId), NameSpaceId); + ASSERT (TempString != NULL); + } // // 1. Get NameSpace from NameSpaceId keyword. // - Status = ExtractNameSpace (NameSpaceId, &NameSpace, NULL); + Status = ExtractNameSpace (TempString, &NameSpace, NULL); + if (TempString != NULL) { + FreePool (TempString); + TempString = NULL; + } if (EFI_ERROR (Status)) { *ProgressErr = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND; return Status; } if (KeywordString != NULL) { - StringPtr = KeywordString; + // + // Use temp string to avoid changing input string buffer. + // + TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString); + ASSERT (TempString != NULL); + StringPtr = TempString; while (*StringPtr != L'\0') { // @@ -3225,6 +3252,9 @@ EfiConfigKeywordHandlerGetData ( *ProgressErr = KEYWORD_HANDLER_NO_ERROR; Done: + if (TempString != NULL) { + FreePool (TempString); + } if (NameSpace != NULL) { FreePool (NameSpace); } -- cgit v1.2.3