* [Patch 0/2] Clean the temp buffer after using it.
@ 2016-11-16 6:15 Eric Dong
2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
0 siblings, 2 replies; 5+ messages in thread
From: Eric Dong @ 2016-11-16 6:15 UTC (permalink / raw)
To: edk2-devel
Clean psid/password temp buffer after using it.
Eric Dong (2):
SecurityPkg OpalPasswordDxe: Clean password buffer.
SecurityPkg OpalPasswordDxe: Clean PSID buffer.
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 +
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 40 +++++++++++++++-------
.../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 4 ++-
3 files changed, 31 insertions(+), 14 deletions(-)
--
2.6.4.windows.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
2016-11-16 6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong
@ 2016-11-16 6:15 ` Eric Dong
2016-11-17 8:46 ` Yao, Jiewen
2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
1 sibling, 1 reply; 5+ messages in thread
From: Eric Dong @ 2016-11-16 6:15 UTC (permalink / raw)
To: edk2-devel; +Cc: Feng Tian, Jiewen Yao
Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 +
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 17 +++++++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
index 718d49e..0a32ee2 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
@@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword (
}
UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1);
+ ZeroMem (Unicode, sizeof (Unicode));
return Ascii;
}
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 5e3106a..5937ce2 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -694,6 +694,8 @@ HiiPsidRevert(
Ret = OpalSupportPsidRevert(&Session, Psid.Psid, (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath);
}
+ ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH);
+
if (Ret == TcgResultSuccess) {
AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert: Success" );
} else {
@@ -1099,8 +1101,8 @@ HiiPasswordEntered(
EFI_STRING_ID Str
)
{
- OPAL_DISK* OpalDisk;
- CHAR8 Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
+ OPAL_DISK* OpalDisk;
+ CHAR8 Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
CHAR16* UniStr;
UINT32 PassLength;
EFI_STATUS Status;
@@ -1124,15 +1126,20 @@ HiiPasswordEntered(
if (UniStr == NULL) {
return EFI_NOT_FOUND;
}
+
+ HiiSetString(gHiiPackageListHandle, Str, L"", NULL);
+
PassLength = (UINT32) StrLen (UniStr);
if (PassLength >= sizeof(Password)) {
HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password too long");
- gBS->FreePool(UniStr);
+ ZeroMem (UniStr, StrSize (UniStr));
+ FreePool(UniStr);
return EFI_BUFFER_TOO_SMALL;
}
UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password));
- gBS->FreePool(UniStr);
+ ZeroMem (UniStr, StrSize (UniStr));
+ FreePool(UniStr);
if (gHiiConfiguration.SelectedAction == HII_KEY_ID_GOTO_UNLOCK) {
Status = HiiUnlock (OpalDisk, Password, PassLength);
@@ -1154,6 +1161,8 @@ HiiPasswordEntered(
Status = HiiSetPassword(OpalDisk, Password, PassLength);
}
+ ZeroMem (Password, sizeof (Password));
+
OpalHiiSetBrowserData ();
return Status;
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer.
2016-11-16 6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong
2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
@ 2016-11-16 6:15 ` Eric Dong
2016-11-17 8:45 ` Yao, Jiewen
1 sibling, 1 reply; 5+ messages in thread
From: Eric Dong @ 2016-11-16 6:15 UTC (permalink / raw)
To: edk2-devel; +Cc: Feng Tian, Jiewen Yao
Change callback handler type to avoid saving PSID info in
browser temp buffer. Also clean the buffer after using it.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 23 +++++++++++++---------
.../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 4 +++-
2 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 5937ce2..7371b7e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -501,14 +501,13 @@ DriverCallback(
case HII_KEY_ID_ENTER_PASSWORD:
return HiiPasswordEntered(Value->string);
+
+ case HII_KEY_ID_ENTER_PSID:
+ return HiiPsidRevert(Value->string);
+
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (HiiKeyId) {
- case HII_KEY_ID_ENTER_PSID:
- HiiPsidRevert();
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
- return EFI_SUCCESS;
-
case HII_KEY_ID_BLOCKSID:
switch (Value->u8) {
case 0:
@@ -661,12 +660,14 @@ HiiPopulateDiskInfoForm(
/**
Reverts the Opal disk to factory default.
+ @param PsidStringId The string id for the PSID info.
+
@retval EFI_SUCCESS Do the required action success.
**/
EFI_STATUS
HiiPsidRevert(
- VOID
+ EFI_STRING_ID PsidStringId
)
{
CHAR8 Response[DEFAULT_RESPONSE_SIZE];
@@ -674,15 +675,19 @@ HiiPsidRevert(
OPAL_DISK *OpalDisk;
TCG_RESULT Ret;
OPAL_SESSION Session;
+ CHAR16 *UnicodeStr;
UINT8 TmpBuf[PSID_CHARACTER_STRING_END_LENGTH];
Ret = TcgResultFailure;
- OpalHiiGetBrowserData();
-
+ UnicodeStr = HiiGetString (gHiiPackageListHandle, PsidStringId, NULL);
ZeroMem (TmpBuf, sizeof (TmpBuf));
- UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH);
+ UnicodeStrToAsciiStrS (UnicodeStr, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH);
CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH);
+ HiiSetString (gHiiPackageListHandle, PsidStringId, L"", NULL);
+ ZeroMem (TmpBuf, sizeof (TmpBuf));
+ ZeroMem (UnicodeStr, StrSize (UnicodeStr));
+ FreePool (UnicodeStr);
OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex);
if (OpalDisk != NULL) {
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
index a7709dd..ec5a93c 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
@@ -225,12 +225,14 @@ HiiSetBlockSidAction (
/**
Reverts the Opal disk to factory default.
+ @param PsidStringId The string id for the PSID info.
+
@retval EFI_SUCCESS Do the required action success.
**/
EFI_STATUS
HiiPsidRevert(
- VOID
+ EFI_STRING_ID PsidStringId
);
/**
--
2.6.4.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer.
2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
@ 2016-11-17 8:45 ` Yao, Jiewen
0 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2016-11-17 8:45 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Tian, Feng
Reviewed-by: Jiewen.yao@intel.com
> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, November 16, 2016 2:16 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer.
>
> Change callback handler type to avoid saving PSID info in
> browser temp buffer. Also clean the buffer after using it.
>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 23
> +++++++++++++---------
> .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 4 +++-
> 2 files changed, 17 insertions(+), 10 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> index 5937ce2..7371b7e 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> @@ -501,14 +501,13 @@ DriverCallback(
>
> case HII_KEY_ID_ENTER_PASSWORD:
> return HiiPasswordEntered(Value->string);
> +
> + case HII_KEY_ID_ENTER_PSID:
> + return HiiPsidRevert(Value->string);
> +
> }
> } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
> switch (HiiKeyId) {
> - case HII_KEY_ID_ENTER_PSID:
> - HiiPsidRevert();
> - *ActionRequest =
> EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
> - return EFI_SUCCESS;
> -
> case HII_KEY_ID_BLOCKSID:
> switch (Value->u8) {
> case 0:
> @@ -661,12 +660,14 @@ HiiPopulateDiskInfoForm(
> /**
> Reverts the Opal disk to factory default.
>
> + @param PsidStringId The string id for the PSID info.
> +
> @retval EFI_SUCCESS Do the required action success.
>
> **/
> EFI_STATUS
> HiiPsidRevert(
> - VOID
> + EFI_STRING_ID PsidStringId
> )
> {
> CHAR8
> Response[DEFAULT_RESPONSE_SIZE];
> @@ -674,15 +675,19 @@ HiiPsidRevert(
> OPAL_DISK *OpalDisk;
> TCG_RESULT Ret;
> OPAL_SESSION Session;
> + CHAR16 *UnicodeStr;
> UINT8
> TmpBuf[PSID_CHARACTER_STRING_END_LENGTH];
>
> Ret = TcgResultFailure;
>
> - OpalHiiGetBrowserData();
> -
> + UnicodeStr = HiiGetString (gHiiPackageListHandle, PsidStringId, NULL);
> ZeroMem (TmpBuf, sizeof (TmpBuf));
> - UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf,
> PSID_CHARACTER_STRING_END_LENGTH);
> + UnicodeStrToAsciiStrS (UnicodeStr, (CHAR8*)TmpBuf,
> PSID_CHARACTER_STRING_END_LENGTH);
> CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH);
> + HiiSetString (gHiiPackageListHandle, PsidStringId, L"", NULL);
> + ZeroMem (TmpBuf, sizeof (TmpBuf));
> + ZeroMem (UnicodeStr, StrSize (UnicodeStr));
> + FreePool (UnicodeStr);
>
> OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex);
> if (OpalDisk != NULL) {
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> index a7709dd..ec5a93c 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> @@ -225,12 +225,14 @@ HiiSetBlockSidAction (
> /**
> Reverts the Opal disk to factory default.
>
> + @param PsidStringId The string id for the PSID info.
> +
> @retval EFI_SUCCESS Do the required action success.
>
> **/
> EFI_STATUS
> HiiPsidRevert(
> - VOID
> + EFI_STRING_ID PsidStringId
> );
>
> /**
> --
> 2.6.4.windows.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
@ 2016-11-17 8:46 ` Yao, Jiewen
0 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2016-11-17 8:46 UTC (permalink / raw)
To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Tian, Feng
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, November 16, 2016 2:15 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 +
> SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 17
> +++++++++++++----
> 2 files changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> index 718d49e..0a32ee2 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> @@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword (
> }
>
> UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1);
> + ZeroMem (Unicode, sizeof (Unicode));
>
> return Ascii;
> }
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> index 5e3106a..5937ce2 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> @@ -694,6 +694,8 @@ HiiPsidRevert(
> Ret = OpalSupportPsidRevert(&Session, Psid.Psid,
> (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath);
> }
>
> + ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH);
> +
> if (Ret == TcgResultSuccess) {
> AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert:
> Success" );
> } else {
> @@ -1099,8 +1101,8 @@ HiiPasswordEntered(
> EFI_STRING_ID Str
> )
> {
> - OPAL_DISK* OpalDisk;
> - CHAR8
> Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
> + OPAL_DISK* OpalDisk;
> + CHAR8
> Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
> CHAR16* UniStr;
> UINT32 PassLength;
> EFI_STATUS Status;
> @@ -1124,15 +1126,20 @@ HiiPasswordEntered(
> if (UniStr == NULL) {
> return EFI_NOT_FOUND;
> }
> +
> + HiiSetString(gHiiPackageListHandle, Str, L"", NULL);
> +
> PassLength = (UINT32) StrLen (UniStr);
> if (PassLength >= sizeof(Password)) {
> HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password
> too long");
> - gBS->FreePool(UniStr);
> + ZeroMem (UniStr, StrSize (UniStr));
> + FreePool(UniStr);
> return EFI_BUFFER_TOO_SMALL;
> }
>
> UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password));
> - gBS->FreePool(UniStr);
> + ZeroMem (UniStr, StrSize (UniStr));
> + FreePool(UniStr);
>
> if (gHiiConfiguration.SelectedAction == HII_KEY_ID_GOTO_UNLOCK) {
> Status = HiiUnlock (OpalDisk, Password, PassLength);
> @@ -1154,6 +1161,8 @@ HiiPasswordEntered(
> Status = HiiSetPassword(OpalDisk, Password, PassLength);
> }
>
> + ZeroMem (Password, sizeof (Password));
> +
> OpalHiiSetBrowserData ();
>
> return Status;
> --
> 2.6.4.windows.1
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-11-17 8:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-16 6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong
2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
2016-11-17 8:46 ` Yao, Jiewen
2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
2016-11-17 8:45 ` Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox