From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dandan.bi@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.24; helo=mga09.intel.com;
 envelope-from=dandan.bi@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 40AF121F38832
 for <edk2-devel@lists.01.org>; Sun, 15 Oct 2017 20:33:52 -0700 (PDT)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 15 Oct 2017 20:37:26 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.43,385,1503385200"; d="scan'208";a="1206160320"
Received: from shwdeopenpsi114.ccr.corp.intel.com ([10.239.157.135])
 by fmsmga001.fm.intel.com with ESMTP; 15 Oct 2017 20:37:25 -0700
From: Dandan Bi <dandan.bi@intel.com>
To: edk2-devel@lists.01.org
Cc: Chao Zhang <chao.b.zhang@intel.com>,
	Eric Dong <eric.dong@intel.com>
Date: Mon, 16 Oct 2017 11:37:08 +0800
Message-Id: <1508125028-85644-1-git-send-email-dandan.bi@intel.com>
X-Mailer: git-send-email 1.9.5.msysgit.1
Subject: [patch] Security/OpalHii.c: Handle NULL Request or Request with no elements
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 03:33:52 -0000

According to UEFI spec, for the ExtractConfig function in
EFI_HII_CONFIG_ACCESS_PROTOCOL,If a NULL is passed in for the Request
field or if a ConfigHdr is passed in with no request elements, all of
the settings being abstracted by this function will be returned in the
Results field.

The implementation of ExtractConfig function in OpalHii.c misses to
handle above cases.This patch is to do the enhancements.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
---
 SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 46 +++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 4881e72..e3bde42 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -1278,10 +1278,16 @@ ExtractConfig(
   EFI_STRING                              *Progress,
   EFI_STRING                              *Results
   )
 {
   EFI_STATUS                              Status;
+  EFI_STRING                              ConfigRequest;
+  EFI_STRING                              ConfigRequestHdr;
+  UINTN                                   BufferSize;
+  UINTN                                   Size;
+  BOOLEAN                                 AllocatedRequest;
+  EFI_HANDLE                              DriverHandle;
 
   //
   // Check for valid parameters
   //
   if (Progress == NULL || Results == NULL) {
@@ -1292,22 +1298,60 @@ ExtractConfig(
   if ((Request != NULL) &&
     !HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName)) {
     return EFI_NOT_FOUND;
   }
 
+  AllocatedRequest = FALSE;
+  BufferSize = sizeof (OPAL_HII_CONFIGURATION);
+  ConfigRequest = Request;
+  if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
+    //
+    // Request has no request element, construct full request string.
+    // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
+    // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
+    //
+    DriverHandle = HiiGetDriverImageHandleCB();
+    ConfigRequestHdr = HiiConstructConfigHdr (&gHiiSetupVariableGuid, OpalPasswordStorageName, DriverHandle);
+    Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
+    ConfigRequest = AllocateZeroPool (Size);
+    if (ConfigRequest == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
+    AllocatedRequest = TRUE;
+    UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
+    FreePool (ConfigRequestHdr);
+  }
+
   //
   // Convert Buffer Data to <ConfigResp> by helper function BlockToConfig( )
   //
   Status = gHiiConfigRouting->BlockToConfig(
                gHiiConfigRouting,
-               Request,
+               ConfigRequest,
                (UINT8*)&gHiiConfiguration,
                sizeof(OPAL_HII_CONFIGURATION),
                Results,
                Progress
            );
 
+  //
+  // Free the allocated config request string.
+  //
+  if (AllocatedRequest) {
+    FreePool (ConfigRequest);
+    ConfigRequest = NULL;
+  }
+
+  //
+  // Set Progress string to the original request string.
+  //
+  if (Request == NULL) {
+    *Progress = NULL;
+  } else if (StrStr (Request, L"OFFSET") == NULL) {
+    *Progress = Request + StrLen (Request);
+  }
+
   return (Status);
 }
 
 
 /**
-- 
1.9.5.msysgit.1