@@ -35,7 +35,7 @@ EditHIInputStr (
Print (CmdLine);
// To prevent a buffer overflow, we only allow to enter (MaxCmdLine-1) characters
- for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine - 1; ) {
+ for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine; ) {
Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &WaitIndex);
ASSERT_EFI_ERROR (Status);
@@ -62,7 +62,7 @@ EditHIInputStr (
}
} else if ((Key.ScanCode == SCAN_ESC) || (Char == 0x1B) || (Char == 0x0)) {
return EFI_INVALID_PARAMETER;
- } else {
+ } else if (CmdLineIndex < (MaxCmdLine-1)) {
CmdLine[CmdLineIndex++] = Key.UnicodeChar;
Print (L"%c", Key.UnicodeChar);
}
@@ -187,9 +187,7 @@ GetHIInputBoolean (
while(1) {
Print (L"[y/n] ");
- // Set MaxCmdLine to 3 to give space for carriage return (when the user
- // hits enter) and terminal '\0'.
- Status = GetHIInputStr (CmdBoolean, 3);
+ Status = GetHIInputStr (CmdBoolean, 2);
if (EFI_ERROR(Status)) {
return Status;
} else if ((CmdBoolean[0] == L'y') || (CmdBoolean[0] == L'Y')) {
If EditHIInputStr() is called, say with a MaxCmdLine of 2, the user is currently allowed to enter 2 characters. If the second character is a carriage return/line feed, this is substituted with a NULL and the function returns. If the second character is a regular character, the loop terminated and the function returns. However, the buffer has not been NULL terminated. This patch prevents the user from entering a regular character as the final character and ensures that the only way out of the input is by pressing ESC or ENTER (or equivalent). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org> --- ArmPlatformPkg/Bds/BdsHelper.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)