[PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Subject: [PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read
Date: Wed, 24 Jan 2018 12:50:16 +0800	[thread overview]
Message-ID: <20180124045016.18672-1-jian.j.wang@intel.com> (raw)

> v2:
>    Keep condition "CurrentCommand != NULL" as the first one.

In the for-loop condition of original code, the expression

  *CurrentCommand != CHAR_NULL 

is put before expression

  CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16)

When CurrentCommand walks to the end of string buffer, one more character
over the end of string buffer will be read and then stop.

To fix this issue, just move the last expression to the first one. Because
of short-circuit evaludation of and-expression, the following one

  *CurrentCommand != CHAR_NULL

will not be evaluated if the expression before it is evaludated as FALSE.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
index a71ade3a20..f6159c1335 100644
--- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
+++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
@@ -397,7 +397,7 @@ ShellCommandRunHelp (
         CopyListOfCommandNamesWithDynamic(&SortedCommandList, &SortedCommandListSize);
 
         for (CurrentCommand = SortedCommandList 
-          ; CurrentCommand != NULL && *CurrentCommand != CHAR_NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16)
+          ; CurrentCommand != NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) && *CurrentCommand != CHAR_NULL
           ; CurrentCommand += StrLen(CurrentCommand) + 1
           ) {
           //
-- 
2.15.1.windows.2

next             reply	other threads:[~2018-01-24  4:44 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-24  4:50 Jian J Wang [this message]
2018-01-24  5:47 ` [PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read Ni, Ruiyu
  -- strict thread matches above, loose matches on Subject: below --
2018-01-23  2:14 Jian J Wang
2018-01-24  3:35 ` Ni, Ruiyu
2018-01-24  3:40   ` Wang, Jian J

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a71ade3a2 dfblob:f6159c133 )
 OR (
bs:"[PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180124045016.18672-1-jian.j.wang@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox