From eef1ed4638011dc2d15f3f613c3e720c382fd294 Mon Sep 17 00:00:00 2001 From: jcarsey Date: Wed, 13 Apr 2011 23:37:21 +0000 Subject: rm - refine user input validation to prevent removal of CWD. change colors of "set" command output. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11538 6f19259b-4bc3-4df7-8a09-765794883524 --- ShellPkg/Library/UefiShellLevel2CommandsLib/Rm.c | 44 ++++++++++++++++++------ 1 file changed, 34 insertions(+), 10 deletions(-) (limited to 'ShellPkg/Library/UefiShellLevel2CommandsLib/Rm.c') diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Rm.c b/ShellPkg/Library/UefiShellLevel2CommandsLib/Rm.c index ea3792a3be..32b7580103 100644 --- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Rm.c +++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Rm.c @@ -172,27 +172,51 @@ IsValidDeleteTarget( ) { CONST CHAR16 *TempLocation; - CHAR16 *Temp2; + BOOLEAN RetVal; + CHAR16 *SearchString; + CHAR16 *Pattern; UINTN Size; + if (Node == NULL || Node->FullName == NULL) { + return (FALSE); + } + TempLocation = StrStr(Node->FullName, L":"); - if (StrLen(TempLocation) == 2) { + if (StrLen(TempLocation) <= 2) { // // Deleting the root directory is invalid. // return (FALSE); } + TempLocation = ShellGetCurrentDir(NULL); - Size = 0; - Temp2 = NULL; - StrnCatGrow(&Temp2, &Size, TempLocation, 0); - if (StrStr(Temp2, Node->FullName) != NULL) { - FreePool(Temp2); - return (FALSE); + if (TempLocation == NULL) { + // + // No working directory is specified so whatever is left is ok. + // + return (TRUE); } - FreePool(Temp2); - return (TRUE); + Pattern = NULL; + SearchString = NULL; + Size = 0; + Pattern = StrnCatGrow(&Pattern , NULL, TempLocation , 0); + SearchString = StrnCatGrow(&SearchString, &Size, Node->FullName, 0); + SearchString = StrnCatGrow(&SearchString, &Size, L"*", 0); + + if (Pattern == NULL || SearchString == NULL) { + RetVal = FALSE; + } else { + RetVal = TRUE; + if (gUnicodeCollation->MetaiMatch(gUnicodeCollation, Pattern, SearchString)) { + RetVal = FALSE; + } + } + + SHELL_FREE_NON_NULL(Pattern ); + SHELL_FREE_NON_NULL(SearchString); + + return (RetVal); } /** -- cgit v1.2.3