From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6DF582035BA35 for ; Mon, 18 Dec 2017 19:24:42 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Dec 2017 19:29:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,424,1508828400"; d="scan'208";a="188196714" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 18 Dec 2017 19:29:27 -0800 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Liming Gao , Yonghong Zhu Date: Tue, 19 Dec 2017 11:29:02 +0800 Message-Id: <20171219032912.14404-8-hao.a.wu@intel.com> X-Mailer: git-send-email 2.12.0.windows.1 In-Reply-To: <20171219032912.14404-1-hao.a.wu@intel.com> References: <20171219032912.14404-1-hao.a.wu@intel.com> Subject: [PATCH 07/17] BaseTools/C/Common: Add/refine boundary checks for strcpy/strcat calls X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2017 03:24:42 -0000 Add checks to ensure when the destination string buffer is of fixed size, the strcpy/strcat functions calls will not access beyond the boundary. Cc: Liming Gao Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- BaseTools/Source/C/Common/CommonLib.c | 24 +++++++++++++++++------- BaseTools/Source/C/Common/EfiUtilityMsgs.c | 9 +++------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/BaseTools/Source/C/Common/CommonLib.c b/BaseTools/Source/C/Common/CommonLib.c index 2f0aecf252..4a62bec85e 100644 --- a/BaseTools/Source/C/Common/CommonLib.c +++ b/BaseTools/Source/C/Common/CommonLib.c @@ -1,7 +1,7 @@ /** @file Common basic Library Functions -Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -638,12 +638,22 @@ Returns: // RootPath = getcwd (NULL, 0); if (RootPath != NULL) { - strcat (mCommonLibFullPath, RootPath); + if (strlen (mCommonLibFullPath) + strlen (RootPath) > MAX_LONG_FILE_PATH - 1) { + Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!"); + free (RootPath); + return NULL; + } + strncat (mCommonLibFullPath, RootPath, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1); if (FileName[0] != '\\' && FileName[0] != '/') { + if (strlen (mCommonLibFullPath) + 1 > MAX_LONG_FILE_PATH - 1) { + Error (NULL, 0, 2000, "Invalid parameter", "RootPath is too long!"); + free (RootPath); + return NULL; + } // // Attach directory separator // - strcat (mCommonLibFullPath, "\\"); + strncat (mCommonLibFullPath, "\\", MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1); } free (RootPath); } @@ -673,7 +683,7 @@ Returns: // if ((PathPointer = strstr (mCommonLibFullPath, ":\\\\")) != NULL) { *(PathPointer + 2) = '\0'; - strcat (mCommonLibFullPath, PathPointer + 3); + strncat (mCommonLibFullPath, PathPointer + 3, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1); } // @@ -681,7 +691,7 @@ Returns: // while ((PathPointer = strstr (mCommonLibFullPath, ".\\")) != NULL) { *PathPointer = '\0'; - strcat (mCommonLibFullPath, PathPointer + 2); + strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1); } // @@ -689,7 +699,7 @@ Returns: // while ((PathPointer = strstr (mCommonLibFullPath, "\\.\\")) != NULL) { *PathPointer = '\0'; - strcat (mCommonLibFullPath, PathPointer + 2); + strncat (mCommonLibFullPath, PathPointer + 2, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1); } // @@ -706,7 +716,7 @@ Returns: // Skip one directory // *PathPointer = '\0'; - strcat (mCommonLibFullPath, NextPointer); + strncat (mCommonLibFullPath, NextPointer, MAX_LONG_FILE_PATH - strlen (mCommonLibFullPath) - 1); } else { // // No directory is found. Just break. diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c index 7b4c2310ca..5496a439e2 100644 --- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c +++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c @@ -1,7 +1,7 @@ /** @file EFI tools utility functions to display warning, error, and informational messages -Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -608,12 +608,9 @@ Returns: if (UtilityName != NULL) { if (strlen (UtilityName) >= sizeof (mUtilityName)) { Error (UtilityName, 0, 0, "application error", "utility name length exceeds internal buffer size"); - strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1); - mUtilityName[sizeof (mUtilityName) - 1] = 0; - return ; - } else { - strcpy (mUtilityName, UtilityName); } + strncpy (mUtilityName, UtilityName, sizeof (mUtilityName) - 1); + mUtilityName[sizeof (mUtilityName) - 1] = 0; } else { Error (NULL, 0, 0, "application error", "SetUtilityName() called with NULL utility name"); } -- 2.12.0.windows.1