[edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

[edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

[Michael Kubacki]

From: Michael Kubacki <michael.kubacki@microsoft.com>

Moves the range check for the index into the array before attempting
any accesses using the array index.

Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
 ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
index 7c80bba46581..5cb92c485b47 100644
--- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
+++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
@@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
 
       ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
 
-      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) && (Index < PREFIXMAXLEN)) {
+      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0)) {
         Index = Index + 2;
         if (Index > PREFIXMAXLEN - 2) {
           break;
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108336): https://edk2.groups.io/g/devel/message/108336
Mute This Topic: https://groups.io/mt/101198333/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

[Gao, Zhichao]

Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>

Thanks,
Zhichao

> -----Original Message-----
> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
> Sent: Thursday, September 7, 2023 1:41 AM
> To: devel@edk2.groups.io
> Cc: Gao, Zhichao <zhichao.gao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check
> array index before access
> 
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Moves the range check for the index into the array before attempting any
> accesses using the array index.
> 
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
>  ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> index 7c80bba46581..5cb92c485b47 100644
> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
> 
>        ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
> 
> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) && (Index <
> PREFIXMAXLEN)) {
> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
> + (Ip->Addr[Index + 1] == 0)) {
>          Index = Index + 2;
>          if (Index > PREFIXMAXLEN - 2) {
>            break;
> --
> 2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108355): https://edk2.groups.io/g/devel/message/108355
Mute This Topic: https://groups.io/mt/101198333/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

[Michael D Kinney]

Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

> -----Original Message-----
> From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
> Sent: Wednesday, September 6, 2023 10:41 AM
> To: devel@edk2.groups.io
> Cc: Gao, Zhichao <zhichao.gao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check
> array index before access
> 
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Moves the range check for the index into the array before attempting
> any accesses using the array index.
> 
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
>  ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> index 7c80bba46581..5cb92c485b47 100644
> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
> 
>        ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
> 
> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
> (Index < PREFIXMAXLEN)) {
> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) && (Ip-
> >Addr[Index + 1] == 0)) {
>          Index = Index + 2;
>          if (Index > PREFIXMAXLEN - 2) {
>            break;
> --
> 2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108424): https://edk2.groups.io/g/devel/message/108424
Mute This Topic: https://groups.io/mt/101198333/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

[gaoliming via groups.io]

Michael:
 How do you detect those issues? Do you use the tool or do code review?

 For this change,  Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Michael
> Kubacki
> 发送时间: 2023年9月7日 1:41
> 收件人: devel@edk2.groups.io
> 抄送: Zhichao Gao <zhichao.gao@intel.com>; Michael D Kinney
> <michael.d.kinney@intel.com>
> 主题: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib:
> Check array index before access
> 
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Moves the range check for the index into the array before attempting
> any accesses using the array index.
> 
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
>  ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> index 7c80bba46581..5cb92c485b47 100644
> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
> 
>        ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
> 
> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
> (Index < PREFIXMAXLEN)) {
> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
> (Ip->Addr[Index + 1] == 0)) {
>          Index = Index + 2;
>          if (Index > PREFIXMAXLEN - 2) {
>            break;
> --
> 2.42.0.windows.2
> 
> 
> 
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#108336):
> https://edk2.groups.io/g/devel/message/108336
> Mute This Topic: https://groups.io/mt/101198333/4905953
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaoliming@byosoft.com.cn]
> -=-=-=-=-=-=
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108429): https://edk2.groups.io/g/devel/message/108429
Mute This Topic: https://groups.io/mt/101228328/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: 回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

[Michael Kubacki]

Hi Liming,

I'm running the CodeQL CLI 
(https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli) 
locally against the code with some new queries.

The queries in the codeql/cpp-queries pack listed here are relatively 
easy to experiment with https://codeql.github.com/codeql-query-help/cpp/.

The particular query related to this patch was 
https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/.

Thanks,
Michael

On 9/7/2023 8:40 PM, gaoliming wrote:
> Michael:
>   How do you detect those issues? Do you use the tool or do code review?
> 
>   For this change,  Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
> 
>> -----邮件原件-----
>> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Michael
>> Kubacki
>> 发送时间: 2023年9月7日 1:41
>> 收件人: devel@edk2.groups.io
>> 抄送: Zhichao Gao <zhichao.gao@intel.com>; Michael D Kinney
>> <michael.d.kinney@intel.com>
>> 主题: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib:
>> Check array index before access
>>
>> From: Michael Kubacki <michael.kubacki@microsoft.com>
>>
>> Moves the range check for the index into the array before attempting
>> any accesses using the array index.
>>
>> Cc: Zhichao Gao <zhichao.gao@intel.com>
>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
>> ---
>>   ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> index 7c80bba46581..5cb92c485b47 100644
>> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
>> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
>>
>>         ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
>> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
>>
>> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
>> (Index < PREFIXMAXLEN)) {
>> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
>> (Ip->Addr[Index + 1] == 0)) {
>>           Index = Index + 2;
>>           if (Index > PREFIXMAXLEN - 2) {
>>             break;
>> --
>> 2.42.0.windows.2
>>
>>
>>
>> -=-=-=-=-=-=
>> Groups.io Links: You receive all messages sent to this group.
>> View/Reply Online (#108336):
>> https://edk2.groups.io/g/devel/message/108336
>> Mute This Topic: https://groups.io/mt/101198333/4905953
>> Group Owner: devel+owner@edk2.groups.io
>> Unsubscribe: https://edk2.groups.io/g/devel/unsub
>> [gaoliming@byosoft.com.cn]
>> -=-=-=-=-=-=
>>
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108432): https://edk2.groups.io/g/devel/message/108432
Mute This Topic: https://groups.io/mt/101228328/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

回复: 回复: [edk2-devel] [PATCH v1 1/1] ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access

[gaoliming via groups.io]

Michael:
  Thanks for your detail. Will you enable this checker in open CI?

Thanks
Liming
> -----邮件原件-----
> 发件人: Michael Kubacki <mikuback@linux.microsoft.com>
> 发送时间: 2023年9月8日 9:00
> 收件人: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io
> 抄送: 'Zhichao Gao' <zhichao.gao@intel.com>; 'Michael D Kinney'
> <michael.d.kinney@intel.com>
> 主题: Re: 回复: [edk2-devel] [PATCH v1 1/1]
> ShellPkg/UefiShellNetwork2CommandsLib: Check array index before access
> 
> Hi Liming,
> 
> I'm running the CodeQL CLI
> (https://docs.github.com/en/code-security/codeql-cli/getting-started-with-th
> e-codeql-cli)
> locally against the code with some new queries.
> 
> The queries in the codeql/cpp-queries pack listed here are relatively
> easy to experiment with https://codeql.github.com/codeql-query-help/cpp/.
> 
> The particular query related to this patch was
> https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-rang
> e-check/.
> 
> Thanks,
> Michael
> 
> On 9/7/2023 8:40 PM, gaoliming wrote:
> > Michael:
> >   How do you detect those issues? Do you use the tool or do code review?
> >
> >   For this change,  Reviewed-by: Liming Gao
> <gaoliming@byosoft.com.cn>
> >
> >> -----邮件原件-----
> >> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Michael
> >> Kubacki
> >> 发送时间: 2023年9月7日 1:41
> >> 收件人: devel@edk2.groups.io
> >> 抄送: Zhichao Gao <zhichao.gao@intel.com>; Michael D Kinney
> >> <michael.d.kinney@intel.com>
> >> 主题: [edk2-devel] [PATCH v1 1/1]
> ShellPkg/UefiShellNetwork2CommandsLib:
> >> Check array index before access
> >>
> >> From: Michael Kubacki <michael.kubacki@microsoft.com>
> >>
> >> Moves the range check for the index into the array before attempting
> >> any accesses using the array index.
> >>
> >> Cc: Zhichao Gao <zhichao.gao@intel.com>
> >> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> >> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> >> ---
> >>   ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c | 2 +-
> >>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> index 7c80bba46581..5cb92c485b47 100644
> >> --- a/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> +++ b/ShellPkg/Library/UefiShellNetwork2CommandsLib/Ifconfig6.c
> >> @@ -382,7 +382,7 @@ IfConfig6PrintIpAddr (
> >>
> >>         ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN
> >> (STR_IFCONFIG6_INFO_COLON), gShellNetwork2HiiHandle);
> >>
> >> -      while ((Ip->Addr[Index] == 0) && (Ip->Addr[Index + 1] == 0) &&
> >> (Index < PREFIXMAXLEN)) {
> >> +      while ((Index < PREFIXMAXLEN) && (Ip->Addr[Index] == 0) &&
> >> (Ip->Addr[Index + 1] == 0)) {
> >>           Index = Index + 2;
> >>           if (Index > PREFIXMAXLEN - 2) {
> >>             break;
> >> --
> >> 2.42.0.windows.2
> >>
> >>
> >>
> >> -=-=-=-=-=-=
> >> Groups.io Links: You receive all messages sent to this group.
> >> View/Reply Online (#108336):
> >> https://edk2.groups.io/g/devel/message/108336
> >> Mute This Topic: https://groups.io/mt/101198333/4905953
> >> Group Owner: devel+owner@edk2.groups.io
> >> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> >> [gaoliming@byosoft.com.cn]
> >> -=-=-=-=-=-=
> >>
> >
> >




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108469): https://edk2.groups.io/g/devel/message/108469
Mute This Topic: https://groups.io/mt/101283997/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-