From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chen.a.chen@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.136; helo=mga12.intel.com;
 envelope-from=chen.a.chen@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 3EAE621B02822
 for <edk2-devel@lists.01.org>; Thu, 31 Jan 2019 18:06:53 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 31 Jan 2019 18:06:53 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,546,1539673200"; d="scan'208";a="315388547"
Received: from chenche4.ccr.corp.intel.com ([10.239.9.12])
 by fmsmga006.fm.intel.com with ESMTP; 31 Jan 2019 18:06:52 -0800
From: Chen A Chen <chen.a.chen@intel.com>
To: edk2-devel@lists.01.org
Cc: Chen A Chen <chen.a.chen@intel.com>, Jian J Wang <jian.j.wang@intel.com>,
 Hao Wu <hao.a.wu@intel.com>
Date: Fri,  1 Feb 2019 10:06:49 +0800
Message-Id: <20190201020649.15672-1-chen.a.chen@intel.com>
X-Mailer: git-send-email 2.16.2.windows.1
Subject: [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer dereference issue
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 02:06:54 -0000

To avoid potential NULL pointer dereference issue. Initialize them at
the beginning of the function.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
---
 MdeModulePkg/Application/CapsuleApp/CapsuleApp.c    |  5 +++--
 MdeModulePkg/Application/CapsuleApp/CapsuleDump.c   | 17 +++++++++++------
 MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c | 17 +++++++++++++++--
 3 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
index 896acd3304..198a63555d 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
@@ -916,8 +916,9 @@ UefiMain (
   EFI_GUID                      ImageTypeId;
   UINTN                         ImageIndex;
 
-  MapFsStr = NULL;
-  CapsuleNum = 0;
+  BlockDescriptors  = NULL;
+  MapFsStr          = NULL;
+  CapsuleNum        = 0;
 
   Status = GetArg();
   if (EFI_ERROR(Status)) {
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
index 5bf617c5f6..7bef5a1378 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
@@ -795,11 +795,13 @@ DumpCapsuleFromDisk (
   UINTN                                         FileCount;
   BOOLEAN                                       NoFile;
 
-  DirHandle  = NULL;
-  FileHandle = NULL;
-  Index      = 0;
-  FileCount  = 0;
-  NoFile     = FALSE;
+  DirHandle       = NULL;
+  FileHandle      = NULL;
+  Index           = 0;
+  FileInfoBuffer  = NULL;
+  FileInfo        = NULL;
+  FileCount       = 0;
+  NoFile          = FALSE;
 
   Status = Fs->OpenVolume (Fs, &Root);
   if (EFI_ERROR (Status)) {
@@ -970,7 +972,10 @@ DumpProvisionedCapsule (
 
   ShellProtocol = GetShellProtocol ();
 
-  Index = 0;
+  Index             = 0;
+  CapsuleDataPtr64  = NULL;
+  BootNext          = NULL;
+  ShellProtocol     = NULL;
 
   //
   // Dump capsule provisioned on Memory
diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
index 393b7ae7db..4faa863bca 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
@@ -151,9 +151,14 @@ DumpAllEfiSysPartition (
   UINTN                      NumberEfiSystemPartitions;
   EFI_SHELL_PROTOCOL         *ShellProtocol;
 
-  ShellProtocol = GetShellProtocol ();
   NumberEfiSystemPartitions = 0;
 
+  ShellProtocol = GetShellProtocol ();
+  if (ShellProtocol == NULL) {
+    Print (L"Get Shell Protocol Fail\n");;
+    return ;
+  }
+
   Print (L"EFI System Partition list:\n");
 
   gBS->LocateHandleBuffer (
@@ -421,7 +426,13 @@ GetUpdateFileSystem (
   EFI_BOOT_MANAGER_LOAD_OPTION    NewOption;
 
   MappedDevicePath = NULL;
+  BootOptionBuffer = NULL;
+
   ShellProtocol = GetShellProtocol ();
+  if (ShellProtocol == NULL) {
+    Print (L"Get Shell Protocol Fail\n");;
+    return EFI_NOT_FOUND;
+  }
 
   //
   // 1. If Fs is not assigned and there are capsule provisioned before,
@@ -468,7 +479,9 @@ GetUpdateFileSystem (
   // 2. Get EFI system partition form boot options.
   //
   BootOptionBuffer = EfiBootManagerGetLoadOptions (&BootOptionCount, LoadOptionTypeBoot);
-  if (BootOptionCount == 0 && Map == NULL) {
+  if ( (BootOptionBuffer == NULL) ||
+       (BootOptionCount == 0 && Map == NULL)
+     ) {
     return EFI_NOT_FOUND;
   }
 
-- 
2.16.2.windows.1