From 6b825919f1c16b07b5cac7fc5e298fbeb530d888 Mon Sep 17 00:00:00 2001
From: jcarsey <jcarsey@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Wed, 30 Mar 2011 16:36:42 +0000
Subject: add more user input verification to connect and vol commands.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11458 6f19259b-4bc3-4df7-8a09-765794883524
---
 ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c | 25 +++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

(limited to 'ShellPkg/Library/UefiShellLevel2CommandsLib')

diff --git a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
index 8757ff1b30..e9cd0d0982 100644
--- a/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
+++ b/ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c
@@ -44,6 +44,28 @@ HandleVol(
 
   ShellStatus   = SHELL_SUCCESS;
 
+  if (
+      StrStr(Name, L"%") != NULL ||
+      StrStr(Name, L"^") != NULL ||
+      StrStr(Name, L"*") != NULL ||
+      StrStr(Name, L"+") != NULL ||
+      StrStr(Name, L"=") != NULL ||
+      StrStr(Name, L"[") != NULL ||
+      StrStr(Name, L"]") != NULL ||
+      StrStr(Name, L"|") != NULL ||
+      StrStr(Name, L":") != NULL ||
+      StrStr(Name, L";") != NULL ||
+      StrStr(Name, L"\"") != NULL ||
+      StrStr(Name, L"<") != NULL ||
+      StrStr(Name, L">") != NULL ||
+      StrStr(Name, L"?") != NULL ||
+      StrStr(Name, L"/") != NULL ||
+      StrStr(Name, L" ") != NULL
+      ){
+    ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_PROBLEM), gShellLevel2HiiHandle, Name);
+    return (SHELL_INVALID_PARAMETER);
+  }
+
   Status = gEfiShellProtocol->OpenFileByName(
     Path,
     &ShellFileHandle,
@@ -51,8 +73,7 @@ HandleVol(
 
   if (EFI_ERROR(Status) || ShellFileHandle == NULL) {
     ShellPrintHiiEx(-1, -1, NULL, STRING_TOKEN (STR_GEN_FILE_OPEN_FAIL), gShellLevel2HiiHandle, Path);
-    ShellStatus = SHELL_ACCESS_DENIED;
-    return (ShellStatus);
+    return (SHELL_ACCESS_DENIED);
   }
 
   //
-- 
cgit v1.2.3