From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=hao.a.wu@intel.com;
 receiver=edk2-devel@lists.01.org 
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id DAFD42035B2EB
 for <edk2-devel@lists.01.org>; Mon, 18 Dec 2017 19:24:44 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 18 Dec 2017 19:29:31 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.45,424,1508828400"; d="scan'208";a="188196723"
Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.10])
 by fmsmga006.fm.intel.com with ESMTP; 18 Dec 2017 19:29:29 -0800
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>,
 Yonghong Zhu <yonghong.zhu@intel.com>
Date: Tue, 19 Dec 2017 11:29:04 +0800
Message-Id: <20171219032912.14404-10-hao.a.wu@intel.com>
X-Mailer: git-send-email 2.12.0.windows.1
In-Reply-To: <20171219032912.14404-1-hao.a.wu@intel.com>
References: <20171219032912.14404-1-hao.a.wu@intel.com>
Subject: [PATCH 09/17] BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2017 03:24:45 -0000

Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 BaseTools/Source/C/EfiRom/EfiRom.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
index 6648f4c738..fc3b5ad277 100644
--- a/BaseTools/Source/C/EfiRom/EfiRom.c
+++ b/BaseTools/Source/C/EfiRom/EfiRom.c
@@ -96,7 +96,13 @@ Returns:
   //
   if (!mOptions.OutFileName[0]) {
     if (mOptions.FileList != NULL) {
-      strcpy (mOptions.OutFileName, mOptions.FileList->FileName);
+      if (strlen (mOptions.FileList->FileName) >= MAX_PATH) {
+        Status = STATUS_ERROR;
+        Error (NULL, 0, 2000, "Invalid parameter", "Input file name is too long - %s.", mOptions.FileList->FileName);
+        goto BailOut;
+      }
+      strncpy (mOptions.OutFileName, mOptions.FileList->FileName, MAX_PATH - 1);
+      mOptions.OutFileName[MAX_PATH - 1] = 0;
       //
       // Find the last . on the line and replace the filename extension with
       // the default
-- 
2.12.0.windows.1