From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5D39721E945EF for ; Tue, 19 Sep 2017 04:35:37 -0700 (PDT) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP; 19 Sep 2017 04:38:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.42,418,1500966000"; d="scan'208";a="1173700392" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.13]) by orsmga001.jf.intel.com with ESMTP; 19 Sep 2017 04:38:40 -0700 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Ruiyu Ni , Steven Shi , Michael Kinney , Liming Gao Date: Tue, 19 Sep 2017 19:38:33 +0800 Message-Id: <20170919113833.14048-3-hao.a.wu@intel.com> X-Mailer: git-send-email 2.12.0.windows.1 In-Reply-To: <20170919113833.14048-1-hao.a.wu@intel.com> References: <20170919113833.14048-1-hao.a.wu@intel.com> Subject: [PATCH 2/2] MdePkg/BaseLib: Avoid reading content beyond string boundary X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 11:35:37 -0000 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=705 As mentioned in the above Bugzilla link by Steven, within the function PathCleanUpDirectories(), when executing command: "cd ." under Shell, the input parameter 'Path' string will have string length less than 2. Hence, it is possible for the below statement: "if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {" to read contents before the string boundary. This commit adds additional checks to avoid this. Cc: Ruiyu Ni Cc: Steven Shi Cc: Michael Kinney Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- MdePkg/Library/BaseLib/FilePaths.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdePkg/Library/BaseLib/FilePaths.c b/MdePkg/Library/BaseLib/FilePaths.c index 203045ccdc..d6f3758ecb 100644 --- a/MdePkg/Library/BaseLib/FilePaths.c +++ b/MdePkg/Library/BaseLib/FilePaths.c @@ -1,7 +1,7 @@ /** @file Defines file-path manipulation functions. - Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -91,7 +91,7 @@ PathCleanUpDirectories( while ((TempString = StrStr (Path, L"\\.\\")) != NULL) { CopyMem (TempString, TempString + 2, StrSize (TempString + 2)); } - if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) { + if ((StrLen (Path) >= 2) && (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0)) { Path[StrLen (Path) - 1] = CHAR_NULL; } -- 2.12.0.windows.1