* [Patch 0/2] Clean the temp buffer after using it. @ 2016-11-16 6:15 Eric Dong 2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong 2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong 0 siblings, 2 replies; 5+ messages in thread From: Eric Dong @ 2016-11-16 6:15 UTC (permalink / raw) To: edk2-devel Clean psid/password temp buffer after using it. Eric Dong (2): SecurityPkg OpalPasswordDxe: Clean password buffer. SecurityPkg OpalPasswordDxe: Clean PSID buffer. SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 + SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 40 +++++++++++++++------- .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 4 ++- 3 files changed, 31 insertions(+), 14 deletions(-) -- 2.6.4.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer. 2016-11-16 6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong @ 2016-11-16 6:15 ` Eric Dong 2016-11-17 8:46 ` Yao, Jiewen 2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong 1 sibling, 1 reply; 5+ messages in thread From: Eric Dong @ 2016-11-16 6:15 UTC (permalink / raw) To: edk2-devel; +Cc: Feng Tian, Jiewen Yao Cc: Feng Tian <feng.tian@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> --- SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 + SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c index 718d49e..0a32ee2 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c @@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword ( } UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1); + ZeroMem (Unicode, sizeof (Unicode)); return Ascii; } diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c index 5e3106a..5937ce2 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c @@ -694,6 +694,8 @@ HiiPsidRevert( Ret = OpalSupportPsidRevert(&Session, Psid.Psid, (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath); } + ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH); + if (Ret == TcgResultSuccess) { AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert: Success" ); } else { @@ -1099,8 +1101,8 @@ HiiPasswordEntered( EFI_STRING_ID Str ) { - OPAL_DISK* OpalDisk; - CHAR8 Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; + OPAL_DISK* OpalDisk; + CHAR8 Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; CHAR16* UniStr; UINT32 PassLength; EFI_STATUS Status; @@ -1124,15 +1126,20 @@ HiiPasswordEntered( if (UniStr == NULL) { return EFI_NOT_FOUND; } + + HiiSetString(gHiiPackageListHandle, Str, L"", NULL); + PassLength = (UINT32) StrLen (UniStr); if (PassLength >= sizeof(Password)) { HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password too long"); - gBS->FreePool(UniStr); + ZeroMem (UniStr, StrSize (UniStr)); + FreePool(UniStr); return EFI_BUFFER_TOO_SMALL; } UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password)); - gBS->FreePool(UniStr); + ZeroMem (UniStr, StrSize (UniStr)); + FreePool(UniStr); if (gHiiConfiguration.SelectedAction == HII_KEY_ID_GOTO_UNLOCK) { Status = HiiUnlock (OpalDisk, Password, PassLength); @@ -1154,6 +1161,8 @@ HiiPasswordEntered( Status = HiiSetPassword(OpalDisk, Password, PassLength); } + ZeroMem (Password, sizeof (Password)); + OpalHiiSetBrowserData (); return Status; -- 2.6.4.windows.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer. 2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong @ 2016-11-17 8:46 ` Yao, Jiewen 0 siblings, 0 replies; 5+ messages in thread From: Yao, Jiewen @ 2016-11-17 8:46 UTC (permalink / raw) To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Tian, Feng Reviewed-by: jiewen.yao@intel.com > -----Original Message----- > From: Dong, Eric > Sent: Wednesday, November 16, 2016 2:15 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng <feng.tian@intel.com>; Yao, Jiewen <jiewen.yao@intel.com> > Subject: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer. > > Cc: Feng Tian <feng.tian@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Eric Dong <eric.dong@intel.com> > --- > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 + > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 17 > +++++++++++++---- > 2 files changed, 14 insertions(+), 4 deletions(-) > > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > index 718d49e..0a32ee2 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > @@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword ( > } > > UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1); > + ZeroMem (Unicode, sizeof (Unicode)); > > return Ascii; > } > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > index 5e3106a..5937ce2 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > @@ -694,6 +694,8 @@ HiiPsidRevert( > Ret = OpalSupportPsidRevert(&Session, Psid.Psid, > (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath); > } > > + ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH); > + > if (Ret == TcgResultSuccess) { > AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert: > Success" ); > } else { > @@ -1099,8 +1101,8 @@ HiiPasswordEntered( > EFI_STRING_ID Str > ) > { > - OPAL_DISK* OpalDisk; > - CHAR8 > Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; > + OPAL_DISK* OpalDisk; > + CHAR8 > Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; > CHAR16* UniStr; > UINT32 PassLength; > EFI_STATUS Status; > @@ -1124,15 +1126,20 @@ HiiPasswordEntered( > if (UniStr == NULL) { > return EFI_NOT_FOUND; > } > + > + HiiSetString(gHiiPackageListHandle, Str, L"", NULL); > + > PassLength = (UINT32) StrLen (UniStr); > if (PassLength >= sizeof(Password)) { > HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password > too long"); > - gBS->FreePool(UniStr); > + ZeroMem (UniStr, StrSize (UniStr)); > + FreePool(UniStr); > return EFI_BUFFER_TOO_SMALL; > } > > UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password)); > - gBS->FreePool(UniStr); > + ZeroMem (UniStr, StrSize (UniStr)); > + FreePool(UniStr); > > if (gHiiConfiguration.SelectedAction == HII_KEY_ID_GOTO_UNLOCK) { > Status = HiiUnlock (OpalDisk, Password, PassLength); > @@ -1154,6 +1161,8 @@ HiiPasswordEntered( > Status = HiiSetPassword(OpalDisk, Password, PassLength); > } > > + ZeroMem (Password, sizeof (Password)); > + > OpalHiiSetBrowserData (); > > return Status; > -- > 2.6.4.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer. 2016-11-16 6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong 2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong @ 2016-11-16 6:15 ` Eric Dong 2016-11-17 8:45 ` Yao, Jiewen 1 sibling, 1 reply; 5+ messages in thread From: Eric Dong @ 2016-11-16 6:15 UTC (permalink / raw) To: edk2-devel; +Cc: Feng Tian, Jiewen Yao Change callback handler type to avoid saving PSID info in browser temp buffer. Also clean the buffer after using it. Cc: Feng Tian <feng.tian@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> --- SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 23 +++++++++++++--------- .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 4 +++- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c index 5937ce2..7371b7e 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c @@ -501,14 +501,13 @@ DriverCallback( case HII_KEY_ID_ENTER_PASSWORD: return HiiPasswordEntered(Value->string); + + case HII_KEY_ID_ENTER_PSID: + return HiiPsidRevert(Value->string); + } } else if (Action == EFI_BROWSER_ACTION_CHANGED) { switch (HiiKeyId) { - case HII_KEY_ID_ENTER_PSID: - HiiPsidRevert(); - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; - return EFI_SUCCESS; - case HII_KEY_ID_BLOCKSID: switch (Value->u8) { case 0: @@ -661,12 +660,14 @@ HiiPopulateDiskInfoForm( /** Reverts the Opal disk to factory default. + @param PsidStringId The string id for the PSID info. + @retval EFI_SUCCESS Do the required action success. **/ EFI_STATUS HiiPsidRevert( - VOID + EFI_STRING_ID PsidStringId ) { CHAR8 Response[DEFAULT_RESPONSE_SIZE]; @@ -674,15 +675,19 @@ HiiPsidRevert( OPAL_DISK *OpalDisk; TCG_RESULT Ret; OPAL_SESSION Session; + CHAR16 *UnicodeStr; UINT8 TmpBuf[PSID_CHARACTER_STRING_END_LENGTH]; Ret = TcgResultFailure; - OpalHiiGetBrowserData(); - + UnicodeStr = HiiGetString (gHiiPackageListHandle, PsidStringId, NULL); ZeroMem (TmpBuf, sizeof (TmpBuf)); - UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH); + UnicodeStrToAsciiStrS (UnicodeStr, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH); CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH); + HiiSetString (gHiiPackageListHandle, PsidStringId, L"", NULL); + ZeroMem (TmpBuf, sizeof (TmpBuf)); + ZeroMem (UnicodeStr, StrSize (UnicodeStr)); + FreePool (UnicodeStr); OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h index a7709dd..ec5a93c 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h @@ -225,12 +225,14 @@ HiiSetBlockSidAction ( /** Reverts the Opal disk to factory default. + @param PsidStringId The string id for the PSID info. + @retval EFI_SUCCESS Do the required action success. **/ EFI_STATUS HiiPsidRevert( - VOID + EFI_STRING_ID PsidStringId ); /** -- 2.6.4.windows.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer. 2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong @ 2016-11-17 8:45 ` Yao, Jiewen 0 siblings, 0 replies; 5+ messages in thread From: Yao, Jiewen @ 2016-11-17 8:45 UTC (permalink / raw) To: Dong, Eric, edk2-devel@lists.01.org; +Cc: Tian, Feng Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Dong, Eric > Sent: Wednesday, November 16, 2016 2:16 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng <feng.tian@intel.com>; Yao, Jiewen <jiewen.yao@intel.com> > Subject: [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer. > > Change callback handler type to avoid saving PSID info in > browser temp buffer. Also clean the buffer after using it. > > Cc: Feng Tian <feng.tian@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Eric Dong <eric.dong@intel.com> > --- > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 23 > +++++++++++++--------- > .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 4 +++- > 2 files changed, 17 insertions(+), 10 deletions(-) > > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > index 5937ce2..7371b7e 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > @@ -501,14 +501,13 @@ DriverCallback( > > case HII_KEY_ID_ENTER_PASSWORD: > return HiiPasswordEntered(Value->string); > + > + case HII_KEY_ID_ENTER_PSID: > + return HiiPsidRevert(Value->string); > + > } > } else if (Action == EFI_BROWSER_ACTION_CHANGED) { > switch (HiiKeyId) { > - case HII_KEY_ID_ENTER_PSID: > - HiiPsidRevert(); > - *ActionRequest = > EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; > - return EFI_SUCCESS; > - > case HII_KEY_ID_BLOCKSID: > switch (Value->u8) { > case 0: > @@ -661,12 +660,14 @@ HiiPopulateDiskInfoForm( > /** > Reverts the Opal disk to factory default. > > + @param PsidStringId The string id for the PSID info. > + > @retval EFI_SUCCESS Do the required action success. > > **/ > EFI_STATUS > HiiPsidRevert( > - VOID > + EFI_STRING_ID PsidStringId > ) > { > CHAR8 > Response[DEFAULT_RESPONSE_SIZE]; > @@ -674,15 +675,19 @@ HiiPsidRevert( > OPAL_DISK *OpalDisk; > TCG_RESULT Ret; > OPAL_SESSION Session; > + CHAR16 *UnicodeStr; > UINT8 > TmpBuf[PSID_CHARACTER_STRING_END_LENGTH]; > > Ret = TcgResultFailure; > > - OpalHiiGetBrowserData(); > - > + UnicodeStr = HiiGetString (gHiiPackageListHandle, PsidStringId, NULL); > ZeroMem (TmpBuf, sizeof (TmpBuf)); > - UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf, > PSID_CHARACTER_STRING_END_LENGTH); > + UnicodeStrToAsciiStrS (UnicodeStr, (CHAR8*)TmpBuf, > PSID_CHARACTER_STRING_END_LENGTH); > CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH); > + HiiSetString (gHiiPackageListHandle, PsidStringId, L"", NULL); > + ZeroMem (TmpBuf, sizeof (TmpBuf)); > + ZeroMem (UnicodeStr, StrSize (UnicodeStr)); > + FreePool (UnicodeStr); > > OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex); > if (OpalDisk != NULL) { > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > index a7709dd..ec5a93c 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > @@ -225,12 +225,14 @@ HiiSetBlockSidAction ( > /** > Reverts the Opal disk to factory default. > > + @param PsidStringId The string id for the PSID info. > + > @retval EFI_SUCCESS Do the required action success. > > **/ > EFI_STATUS > HiiPsidRevert( > - VOID > + EFI_STRING_ID PsidStringId > ); > > /** > -- > 2.6.4.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-11-17 8:46 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-11-16 6:15 [Patch 0/2] Clean the temp buffer after using it Eric Dong 2016-11-16 6:15 ` [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer Eric Dong 2016-11-17 8:46 ` Yao, Jiewen 2016-11-16 6:15 ` [Patch 2/2] SecurityPkg OpalPasswordDxe: Clean PSID buffer Eric Dong 2016-11-17 8:45 ` Yao, Jiewen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox