From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DBD001A1E9E for ; Wed, 12 Oct 2016 05:39:30 -0700 (PDT) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP; 12 Oct 2016 05:39:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,482,1473145200"; d="scan'208";a="19266645" Received: from shwde7156.ccr.corp.intel.com ([10.239.158.52]) by orsmga004.jf.intel.com with ESMTP; 12 Oct 2016 05:39:29 -0700 From: Eric Dong To: edk2-devel@lists.01.org, michael.d.kinney@intel.com, liming.gao@intel.com Date: Wed, 12 Oct 2016 20:39:25 +0800 Message-Id: <1476275967-10888-1-git-send-email-eric.dong@intel.com> X-Mailer: git-send-email 2.6.4.windows.1 Subject: [Patch 0/2] MdePkg DevicePathLib: Check buffer length before use. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2016 12:39:31 -0000 In IsDevicePathValid API, code should validate the device path buffer not exceed the input MaxSize before reference the path info. This patched series add this check. Eric Dong (2): MdePkg UefiDevicePathLib: Validate buffer length before use buffer. MdePkg UefiDevicePathLibDevicePathProtocol: Validate before use. .../UefiDevicePathLib/DevicePathUtilities.c | 25 ++++++++++++++++------ .../UefiDevicePathLib.c | 24 +++++++++++++++------ 2 files changed, 35 insertions(+), 14 deletions(-) -- 2.6.4.windows.1