From patchwork Mon Jul 13 10:29:47 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leif Lindholm X-Patchwork-Id: 51068 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wg0-f69.google.com (mail-wg0-f69.google.com [74.125.82.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 9593A202B9 for ; Mon, 13 Jul 2015 10:30:12 +0000 (UTC) Received: by wgjx7 with SMTP id x7sf101880353wgj.3 for ; Mon, 13 Jul 2015 03:30:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:mime-version:in-reply-to:references :date:message-id:from:to:content-type:cc:subject:precedence:list-id :list-unsubscribe:list-archive:list-post:list-help:list-subscribe :errors-to:x-original-sender:x-original-authentication-results :mailing-list; bh=dNG+UGkf5jJblfRYebAGkeEbEuZsTesefCYPPx+UBlA=; b=lEKNaowq0mhGA2cFriahifoCz079oBbhgMfElp0z9iWE+GfHuwcsDLqzugZxZTCpXS NBk49Rq+ssB9vqaWXpq2P9j5qz4/+Jb1kIZeIh9OWwY4GNwBQtMwsNbrGKojybZJfD4M h5LTRNUVorr0ytD9ZDOPF7GX5s7/IVS5v685fGbi19iiwDQtTdLwGkV/Iy8ThkZKZbkB 4yoxppCCmTJNgp4nLleQad5j/Q8JWC4OGYbTtcmptd2zWmKLhb21CeDSaK+rS508RNW9 /YCxIqQwFPXXV1ZMfHY/nqc6/6oOH3GA90uuTsltAKAoTZBsMd7d3ejvizZ7f6bNQxDX QjaQ== X-Gm-Message-State: ALoCoQkB+L2ZUSOpyGc3EQsIpupYHGY7z5v7FHnZke1n+MkStN3XQhHl8oGxAEgPgXVqrFNgan0H X-Received: by 10.112.139.137 with SMTP id qy9mr18130666lbb.17.1436783411780; Mon, 13 Jul 2015 03:30:11 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.23.195 with SMTP id o3ls1521014laf.1.gmail; Mon, 13 Jul 2015 03:30:11 -0700 (PDT) X-Received: by 10.112.205.1 with SMTP id lc1mr31685225lbc.94.1436783411622; Mon, 13 Jul 2015 03:30:11 -0700 (PDT) Received: from mail-la0-f42.google.com (mail-la0-f42.google.com. [209.85.215.42]) by mx.google.com with ESMTPS id z7si14560885laj.139.2015.07.13.03.30.11 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jul 2015 03:30:11 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) client-ip=209.85.215.42; Received: by lahh5 with SMTP id h5so13708520lah.2 for ; Mon, 13 Jul 2015 03:30:11 -0700 (PDT) X-Received: by 10.112.198.74 with SMTP id ja10mr31689091lbc.19.1436783411465; Mon, 13 Jul 2015 03:30:11 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp1635328lbb; Mon, 13 Jul 2015 03:30:10 -0700 (PDT) X-Received: by 10.107.135.148 with SMTP id r20mr15997604ioi.153.1436783409541; Mon, 13 Jul 2015 03:30:09 -0700 (PDT) Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88]) by mx.google.com with ESMTPS id b7si5279922igf.27.2015.07.13.03.30.08 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 13 Jul 2015 03:30:09 -0700 (PDT) Received-SPF: pass (google.com: domain of edk2-devel-bounces@lists.sourceforge.net designates 216.34.181.88 as permitted sender) client-ip=216.34.181.88; Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1ZEazj-0002bC-A2; Mon, 13 Jul 2015 10:29:55 +0000 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1ZEazh-0002b2-LG for edk2-devel@lists.sourceforge.net; Mon, 13 Jul 2015 10:29:53 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of linaro.org designates 209.85.213.172 as permitted sender) client-ip=209.85.213.172; envelope-from=leif.lindholm@linaro.org; helo=mail-ig0-f172.google.com; Received: from mail-ig0-f172.google.com ([209.85.213.172]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1ZEazg-00086X-IO for edk2-devel@lists.sourceforge.net; Mon, 13 Jul 2015 10:29:53 +0000 Received: by igcqs7 with SMTP id qs7so53788612igc.0 for ; Mon, 13 Jul 2015 03:29:47 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.107.161.206 with SMTP id k197mr16705337ioe.100.1436783387209; Mon, 13 Jul 2015 03:29:47 -0700 (PDT) Received: by 10.64.88.225 with HTTP; Mon, 13 Jul 2015 03:29:47 -0700 (PDT) In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A111A953BE@shsmsx102.ccr.corp.intel.com> References: <1436534460-28856-1-git-send-email-leif.lindholm@linaro.org> <74D8A39837DF1E4DA445A8C0B3885C5001349120@shsmsx102.ccr.corp.intel.com> <4A89E2EF3DFEDB4C8BFDE51014F606A111A953BE@shsmsx102.ccr.corp.intel.com> Date: Mon, 13 Jul 2015 11:29:47 +0100 Message-ID: From: Leif Lindholm To: "Gao, Liming" X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1ZEazg-00086X-IO Cc: "edk2-devel@lists.sourceforge.net" , "linaro-uefi@lists.linaro.org" Subject: Re: [edk2] [Linaro-uefi] [PATCH] MdePkg: ensure SafeString length functions don't access beyond MaxSize X-BeenThere: edk2-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Errors-To: edk2-devel-bounces@lists.sourceforge.net X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: leif.lindholm@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Sure - please find attached. Regards, Leif On 13 July 2015 at 07:33, Gao, Liming wrote: > Reviewed-by: Liming Gao > > Besides, if you expect me to commit this patch, please send the patch as attachment to me, I would like to help do it. > > Thanks > Liming > -----Original Message----- > From: Yao, Jiewen > Sent: Monday, July 13, 2015 12:11 PM > To: Leif Lindholm; edk2-devel@lists.sourceforge.net > Cc: Kinney, Michael D; Gao, Liming; linaro-uefi@lists.linaro.org > Subject: RE: [Linaro-uefi] [PATCH] MdePkg: ensure SafeString length functions don't access beyond MaxSize > > Thank to catch this. > > Reviewed by: Yao, Jiewen > > > -----Original Message----- > From: Linaro-uefi [mailto:linaro-uefi-bounces@lists.linaro.org] On Behalf Of Leif Lindholm > Sent: Friday, July 10, 2015 9:21 PM > To: edk2-devel@lists.sourceforge.net > Cc: Kinney, Michael D; Gao, Liming; linaro-uefi@lists.linaro.org > Subject: [Linaro-uefi] [PATCH] MdePkg: ensure SafeString length functions don't access beyond MaxSize > > The StrnLenS and AsciiStrnLenS functions, when presented with a string with no terminating NULL in the first MaxSize characters will check the character at String[MaxSize] before checking if Length < MaxSize. > (They return the correct value, but have accessed beyond the stated limit in the process.) > > Flip the order of the tests to prevent this behaviour. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Leif Lindholm > --- > MdePkg/Library/BaseLib/SafeString.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c > index 7c1b075..b0e1ce7 100644 > --- a/MdePkg/Library/BaseLib/SafeString.c > +++ b/MdePkg/Library/BaseLib/SafeString.c > @@ -141,7 +141,7 @@ StrnLenS ( > // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall > // be accessed by StrnLenS. > // > - for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) { > + for (Length = 0; (Length < MaxSize) && (*String != 0); String++, > + Length++) { > ; > } > return Length; > @@ -551,7 +551,7 @@ AsciiStrnLenS ( > // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall > // be accessed by AsciiStrnLenS. > // > - for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) { > + for (Length = 0; (Length < MaxSize) && (*String != 0); String++, > + Length++) { > ; > } > return Length; > -- > 2.1.4 > > _______________________________________________ > Linaro-uefi mailing list > Linaro-uefi@lists.linaro.org > https://lists.linaro.org/mailman/listinfo/linaro-uefi ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ >From 98dc45e7de665deef2e9e2bea3c3ac63ff07380a Mon Sep 17 00:00:00 2001 From: Leif Lindholm Date: Fri, 10 Jul 2015 13:59:30 +0100 Subject: [PATCH] MdePkg: ensure SafeString length functions don't access beyond MaxSize The StrnLenS and AsciiStrnLenS functions, when presented with a string with no terminating NULL in the first MaxSize characters will check the character at String[MaxSize] before checking if Length < MaxSize. (They return the correct value, but have accessed beyond the stated limit in the process.) Flip the order of the tests to prevent this behaviour. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Leif Lindholm --- MdePkg/Library/BaseLib/SafeString.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c index 7c1b075..b0e1ce7 100644 --- a/MdePkg/Library/BaseLib/SafeString.c +++ b/MdePkg/Library/BaseLib/SafeString.c @@ -141,7 +141,7 @@ StrnLenS ( // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall // be accessed by StrnLenS. // - for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) { + for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) { ; } return Length; @@ -551,7 +551,7 @@ AsciiStrnLenS ( // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall // be accessed by AsciiStrnLenS. // - for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) { + for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) { ; } return Length; -- 2.1.4