public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch 0/2] Clean the temp buffer after using it.
@ 2016-11-16  6:15 Eric Dong
  2016-11-16  6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
  2016-11-16  6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
  0 siblings, 2 replies; 5+ messages in thread
From: Eric Dong @ 2016-11-16  6:15 UTC (permalink / raw)
  To: edk2-devel

Clean psid/password temp buffer after using it.

Eric Dong (2):
  SecurityPkg OpalPasswordDxe: Clean password buffer.
  SecurityPkg OpalPasswordDxe: Clean PSID buffer.

 SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c  |  1 +
 SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c     | 40 +++++++++++++++-------
 .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h      |  4 ++-
 3 files changed, 31 insertions(+), 14 deletions(-)

-- 
2.6.4.windows.1



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
  2016-11-16  6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong
@ 2016-11-16  6:15 ` Eric Dong
  2016-11-17  8:46   ` Yao, Jiewen
  2016-11-16  6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
  1 sibling, 1 reply; 5+ messages in thread
From: Eric Dong @ 2016-11-16  6:15 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Jiewen Yao

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c |  1 +
 SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c    | 17 +++++++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
index 718d49e..0a32ee2 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
@@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword (
   }
 
   UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1);
+  ZeroMem (Unicode, sizeof (Unicode));
 
   return Ascii;
 }
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 5e3106a..5937ce2 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -694,6 +694,8 @@ HiiPsidRevert(
     Ret = OpalSupportPsidRevert(&Session, Psid.Psid, (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath);
   }
 
+  ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH);
+
   if (Ret == TcgResultSuccess) {
     AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert: Success" );
   } else {
@@ -1099,8 +1101,8 @@ HiiPasswordEntered(
   EFI_STRING_ID            Str
   )
 {
-  OPAL_DISK*                    OpalDisk;
-  CHAR8                         Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
+  OPAL_DISK*                   OpalDisk;
+  CHAR8                        Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
   CHAR16*                      UniStr;
   UINT32                       PassLength;
   EFI_STATUS                   Status;
@@ -1124,15 +1126,20 @@ HiiPasswordEntered(
   if (UniStr == NULL) {
     return EFI_NOT_FOUND;
   }
+
+  HiiSetString(gHiiPackageListHandle, Str, L"", NULL);
+
   PassLength = (UINT32) StrLen (UniStr);
   if (PassLength >= sizeof(Password)) {
     HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password too long");
-    gBS->FreePool(UniStr);
+    ZeroMem (UniStr, StrSize (UniStr));
+    FreePool(UniStr);
     return EFI_BUFFER_TOO_SMALL;
   }
 
   UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password));
-  gBS->FreePool(UniStr);
+  ZeroMem (UniStr, StrSize (UniStr));
+  FreePool(UniStr);
 
   if (gHiiConfiguration.SelectedAction == HII_KEY_ID_GOTO_UNLOCK) {
     Status = HiiUnlock (OpalDisk, Password, PassLength);
@@ -1154,6 +1161,8 @@ HiiPasswordEntered(
     Status = HiiSetPassword(OpalDisk, Password, PassLength);
   }
 
+  ZeroMem (Password, sizeof (Password));
+
   OpalHiiSetBrowserData ();
 
   return Status;
-- 
2.6.4.windows.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer.
  2016-11-16  6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong
  2016-11-16  6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
@ 2016-11-16  6:15 ` Eric Dong
  2016-11-17  8:45   ` Yao, Jiewen
  1 sibling, 1 reply; 5+ messages in thread
From: Eric Dong @ 2016-11-16  6:15 UTC (permalink / raw)
  To: edk2-devel; +Cc: Feng Tian, Jiewen Yao

Change callback handler type to avoid saving PSID info in
browser temp buffer. Also clean the buffer after using it.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c     | 23 +++++++++++++---------
 .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h      |  4 +++-
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 5937ce2..7371b7e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -501,14 +501,13 @@ DriverCallback(
 
       case HII_KEY_ID_ENTER_PASSWORD:
         return HiiPasswordEntered(Value->string);
+
+      case HII_KEY_ID_ENTER_PSID:
+        return HiiPsidRevert(Value->string);
+
     }
   } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
     switch (HiiKeyId) {
-      case HII_KEY_ID_ENTER_PSID:
-        HiiPsidRevert();
-        *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
-        return EFI_SUCCESS;
-
       case HII_KEY_ID_BLOCKSID:
         switch (Value->u8) {
           case 0:
@@ -661,12 +660,14 @@ HiiPopulateDiskInfoForm(
 /**
   Reverts the Opal disk to factory default.
 
+  @param   PsidStringId      The string id for the PSID info.
+
   @retval  EFI_SUCCESS       Do the required action success.
 
 **/
 EFI_STATUS
 HiiPsidRevert(
-  VOID
+  EFI_STRING_ID         PsidStringId
   )
 {
   CHAR8                         Response[DEFAULT_RESPONSE_SIZE];
@@ -674,15 +675,19 @@ HiiPsidRevert(
   OPAL_DISK                     *OpalDisk;
   TCG_RESULT                    Ret;
   OPAL_SESSION                  Session;
+  CHAR16                        *UnicodeStr;
   UINT8                         TmpBuf[PSID_CHARACTER_STRING_END_LENGTH];
 
   Ret = TcgResultFailure;
 
-  OpalHiiGetBrowserData();
-
+  UnicodeStr = HiiGetString (gHiiPackageListHandle, PsidStringId, NULL);
   ZeroMem (TmpBuf, sizeof (TmpBuf));
-  UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH);
+  UnicodeStrToAsciiStrS (UnicodeStr, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH);
   CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH);
+  HiiSetString (gHiiPackageListHandle, PsidStringId, L"", NULL);
+  ZeroMem (TmpBuf, sizeof (TmpBuf));
+  ZeroMem (UnicodeStr, StrSize (UnicodeStr));
+  FreePool (UnicodeStr);
 
   OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex);
   if (OpalDisk != NULL) {
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
index a7709dd..ec5a93c 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
@@ -225,12 +225,14 @@ HiiSetBlockSidAction (
 /**
   Reverts the Opal disk to factory default.
 
+  @param   PsidStringId      The string id for the PSID info.
+
   @retval  EFI_SUCCESS       Do the required action success.
 
 **/
 EFI_STATUS
 HiiPsidRevert(
-  VOID
+  EFI_STRING_ID         PsidStringId
   );
 
 /**
-- 
2.6.4.windows.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer.
  2016-11-16  6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
@ 2016-11-17  8:45   ` Yao, Jiewen
  0 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2016-11-17  8:45 UTC (permalink / raw)
  To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Tian, Feng

Reviewed-by: Jiewen.yao@intel.com

> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, November 16, 2016 2:16 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer.
> 
> Change callback handler type to avoid saving PSID info in
> browser temp buffer. Also clean the buffer after using it.
> 
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c     | 23
> +++++++++++++---------
>  .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h      |  4 +++-
>  2 files changed, 17 insertions(+), 10 deletions(-)
> 
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> index 5937ce2..7371b7e 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> @@ -501,14 +501,13 @@ DriverCallback(
> 
>        case HII_KEY_ID_ENTER_PASSWORD:
>          return HiiPasswordEntered(Value->string);
> +
> +      case HII_KEY_ID_ENTER_PSID:
> +        return HiiPsidRevert(Value->string);
> +
>      }
>    } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
>      switch (HiiKeyId) {
> -      case HII_KEY_ID_ENTER_PSID:
> -        HiiPsidRevert();
> -        *ActionRequest =
> EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
> -        return EFI_SUCCESS;
> -
>        case HII_KEY_ID_BLOCKSID:
>          switch (Value->u8) {
>            case 0:
> @@ -661,12 +660,14 @@ HiiPopulateDiskInfoForm(
>  /**
>    Reverts the Opal disk to factory default.
> 
> +  @param   PsidStringId      The string id for the PSID info.
> +
>    @retval  EFI_SUCCESS       Do the required action success.
> 
>  **/
>  EFI_STATUS
>  HiiPsidRevert(
> -  VOID
> +  EFI_STRING_ID         PsidStringId
>    )
>  {
>    CHAR8
> Response[DEFAULT_RESPONSE_SIZE];
> @@ -674,15 +675,19 @@ HiiPsidRevert(
>    OPAL_DISK                     *OpalDisk;
>    TCG_RESULT                    Ret;
>    OPAL_SESSION                  Session;
> +  CHAR16                        *UnicodeStr;
>    UINT8
> TmpBuf[PSID_CHARACTER_STRING_END_LENGTH];
> 
>    Ret = TcgResultFailure;
> 
> -  OpalHiiGetBrowserData();
> -
> +  UnicodeStr = HiiGetString (gHiiPackageListHandle, PsidStringId, NULL);
>    ZeroMem (TmpBuf, sizeof (TmpBuf));
> -  UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf,
> PSID_CHARACTER_STRING_END_LENGTH);
> +  UnicodeStrToAsciiStrS (UnicodeStr, (CHAR8*)TmpBuf,
> PSID_CHARACTER_STRING_END_LENGTH);
>    CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH);
> +  HiiSetString (gHiiPackageListHandle, PsidStringId, L"", NULL);
> +  ZeroMem (TmpBuf, sizeof (TmpBuf));
> +  ZeroMem (UnicodeStr, StrSize (UnicodeStr));
> +  FreePool (UnicodeStr);
> 
>    OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex);
>    if (OpalDisk != NULL) {
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> index a7709dd..ec5a93c 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
> @@ -225,12 +225,14 @@ HiiSetBlockSidAction (
>  /**
>    Reverts the Opal disk to factory default.
> 
> +  @param   PsidStringId      The string id for the PSID info.
> +
>    @retval  EFI_SUCCESS       Do the required action success.
> 
>  **/
>  EFI_STATUS
>  HiiPsidRevert(
> -  VOID
> +  EFI_STRING_ID         PsidStringId
>    );
> 
>  /**
> --
> 2.6.4.windows.1



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
  2016-11-16  6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
@ 2016-11-17  8:46   ` Yao, Jiewen
  0 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2016-11-17  8:46 UTC (permalink / raw)
  To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Tian, Feng

Reviewed-by: jiewen.yao@intel.com

> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, November 16, 2016 2:15 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
> 
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c |  1 +
>  SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c    | 17
> +++++++++++++----
>  2 files changed, 14 insertions(+), 4 deletions(-)
> 
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> index 718d49e..0a32ee2 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> @@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword (
>    }
> 
>    UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1);
> +  ZeroMem (Unicode, sizeof (Unicode));
> 
>    return Ascii;
>  }
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> index 5e3106a..5937ce2 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> @@ -694,6 +694,8 @@ HiiPsidRevert(
>      Ret = OpalSupportPsidRevert(&Session, Psid.Psid,
> (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath);
>    }
> 
> +  ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH);
> +
>    if (Ret == TcgResultSuccess) {
>      AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert:
> Success" );
>    } else {
> @@ -1099,8 +1101,8 @@ HiiPasswordEntered(
>    EFI_STRING_ID            Str
>    )
>  {
> -  OPAL_DISK*                    OpalDisk;
> -  CHAR8
> Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
> +  OPAL_DISK*                   OpalDisk;
> +  CHAR8
> Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
>    CHAR16*                      UniStr;
>    UINT32                       PassLength;
>    EFI_STATUS                   Status;
> @@ -1124,15 +1126,20 @@ HiiPasswordEntered(
>    if (UniStr == NULL) {
>      return EFI_NOT_FOUND;
>    }
> +
> +  HiiSetString(gHiiPackageListHandle, Str, L"", NULL);
> +
>    PassLength = (UINT32) StrLen (UniStr);
>    if (PassLength >= sizeof(Password)) {
>      HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password
> too long");
> -    gBS->FreePool(UniStr);
> +    ZeroMem (UniStr, StrSize (UniStr));
> +    FreePool(UniStr);
>      return EFI_BUFFER_TOO_SMALL;
>    }
> 
>    UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password));
> -  gBS->FreePool(UniStr);
> +  ZeroMem (UniStr, StrSize (UniStr));
> +  FreePool(UniStr);
> 
>    if (gHiiConfiguration.SelectedAction == HII_KEY_ID_GOTO_UNLOCK) {
>      Status = HiiUnlock (OpalDisk, Password, PassLength);
> @@ -1154,6 +1161,8 @@ HiiPasswordEntered(
>      Status = HiiSetPassword(OpalDisk, Password, PassLength);
>    }
> 
> +  ZeroMem (Password, sizeof (Password));
> +
>    OpalHiiSetBrowserData ();
> 
>    return Status;
> --
> 2.6.4.windows.1



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-11-17  8:46 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-16  6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong
2016-11-16  6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong
2016-11-17  8:46   ` Yao, Jiewen
2016-11-16  6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong
2016-11-17  8:45   ` Yao, Jiewen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox