From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E054981EFE for ; Tue, 15 Nov 2016 22:16:01 -0800 (PST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga105.fm.intel.com with ESMTP; 15 Nov 2016 22:16:06 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,646,1473145200"; d="scan'208";a="1085868069" Received: from shwde7156.ccr.corp.intel.com ([10.239.158.52]) by fmsmga002.fm.intel.com with ESMTP; 15 Nov 2016 22:16:05 -0800 From: Eric Dong To: edk2-devel@lists.01.org Cc: Feng Tian , Jiewen Yao Date: Wed, 16 Nov 2016 14:15:29 +0800 Message-Id: <1479276930-31360-2-git-send-email-eric.dong@intel.com> X-Mailer: git-send-email 2.6.4.windows.1 In-Reply-To: <1479276930-31360-1-git-send-email-eric.dong@intel.com> References: <1479276930-31360-1-git-send-email-eric.dong@intel.com> Subject: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2016 06:16:02 -0000 Cc: Feng Tian Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong --- SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 + SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c index 718d49e..0a32ee2 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c @@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword ( } UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1); + ZeroMem (Unicode, sizeof (Unicode)); return Ascii; } diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c index 5e3106a..5937ce2 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c @@ -694,6 +694,8 @@ HiiPsidRevert( Ret = OpalSupportPsidRevert(&Session, Psid.Psid, (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath); } + ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH); + if (Ret == TcgResultSuccess) { AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert: Success" ); } else { @@ -1099,8 +1101,8 @@ HiiPasswordEntered( EFI_STRING_ID Str ) { - OPAL_DISK* OpalDisk; - CHAR8 Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; + OPAL_DISK* OpalDisk; + CHAR8 Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; CHAR16* UniStr; UINT32 PassLength; EFI_STATUS Status; @@ -1124,15 +1126,20 @@ HiiPasswordEntered( if (UniStr == NULL) { return EFI_NOT_FOUND; } + + HiiSetString(gHiiPackageListHandle, Str, L"", NULL); + PassLength = (UINT32) StrLen (UniStr); if (PassLength >= sizeof(Password)) { HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password too long"); - gBS->FreePool(UniStr); + ZeroMem (UniStr, StrSize (UniStr)); + FreePool(UniStr); return EFI_BUFFER_TOO_SMALL; } UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password)); - gBS->FreePool(UniStr); + ZeroMem (UniStr, StrSize (UniStr)); + FreePool(UniStr); if (gHiiConfiguration.SelectedAction == HII_KEY_ID_GOTO_UNLOCK) { Status = HiiUnlock (OpalDisk, Password, PassLength); @@ -1154,6 +1161,8 @@ HiiPasswordEntered( Status = HiiSetPassword(OpalDisk, Password, PassLength); } + ZeroMem (Password, sizeof (Password)); + OpalHiiSetBrowserData (); return Status; -- 2.6.4.windows.1