* [PATCH v2 0/2] Add sanity check for FilePath device path
@ 2019-02-19 9:21 Jian J Wang
2019-02-19 9:21 ` [PATCH v2 1/2] MdePkg/UefiDevicePathLib: " Jian J Wang
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Jian J Wang @ 2019-02-19 9:21 UTC (permalink / raw)
To: edk2-devel
> v2: fix wrong detection of FilePath device path
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497
Tests
- Pass specific DevicePathLib test cases
- Boot shell
- Boot to Fedora 26 (Qemu/x64)
- Boot to Ubuntu 18.04 (Qemu/x64)
- Boot to Windows 10 (Qemu/x64)
- Boot to Windows 7 (Qemu/x64)
Jian J Wang (2):
MdePkg/UefiDevicePathLib: Add sanity check for FilePath device path
MdePkg/UefiDevicePathLibDevicePathProtocol: Add sanity check for
FilePath device path
MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c | 9 +++++++++
.../UefiDevicePathLib.c | 9 +++++++++
2 files changed, 18 insertions(+)
--
2.17.1.windows.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for FilePath device path
2019-02-19 9:21 [PATCH v2 0/2] Add sanity check for FilePath device path Jian J Wang
@ 2019-02-19 9:21 ` Jian J Wang
2019-02-19 9:34 ` Ni, Ray
2019-02-19 9:21 ` [PATCH v2 2/2] MdePkg/UefiDevicePathLibDevicePathProtocol: " Jian J Wang
2019-02-19 9:23 ` [PATCH v2 0/2] " Gao, Liming
2 siblings, 1 reply; 7+ messages in thread
From: Jian J Wang @ 2019-02-19 9:21 UTC (permalink / raw)
To: edk2-devel; +Cc: Liming Gao, Ray Ni, Michael D Kinney
> v2: fix wrong detection of FilePath device path
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497
Current implementation of IsDevicePathValid() is not enough for type
of MEDIA_FILEPATH_DP, which has NULL-terminated string in the device
path. This patch add a simple NULL character check at Length position.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
index 5d7635fe3e..dd1bddc1c2 100644
--- a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
+++ b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
@@ -95,6 +95,15 @@ IsDevicePathValid (
return FALSE;
}
}
+
+ //
+ // FilePath must be a NULL-terminated string.
+ //
+ if (DevicePathType (DevicePath) == MEDIA_DEVICE_PATH &&
+ DevicePathSubType (DevicePath) == MEDIA_FILEPATH_DP &&
+ *(CHAR16 *)((UINT8 *)DevicePath + NodeLength - 2) != 0) {
+ return FALSE;
+ }
}
//
--
2.17.1.windows.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 2/2] MdePkg/UefiDevicePathLibDevicePathProtocol: Add sanity check for FilePath device path
2019-02-19 9:21 [PATCH v2 0/2] Add sanity check for FilePath device path Jian J Wang
2019-02-19 9:21 ` [PATCH v2 1/2] MdePkg/UefiDevicePathLib: " Jian J Wang
@ 2019-02-19 9:21 ` Jian J Wang
2019-02-19 9:23 ` [PATCH v2 0/2] " Gao, Liming
2 siblings, 0 replies; 7+ messages in thread
From: Jian J Wang @ 2019-02-19 9:21 UTC (permalink / raw)
To: edk2-devel; +Cc: Liming Gao, Ray Ni, Michael D Kinney
> v2: fix wrong detection of FilePath device path
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497
Current implementation of IsDevicePathValid() is not enough for type
of MEDIA_FILEPATH_DP, which has NULL-terminated string in the device
path. This patch add a simple NULL character check at Length position.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
.../UefiDevicePathLib.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
index 9a0ee42fd1..c8e78d2373 100644
--- a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
+++ b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
@@ -138,6 +138,15 @@ IsDevicePathValid (
return FALSE;
}
}
+
+ //
+ // FilePath must be a NULL-terminated string.
+ //
+ if (DevicePathType (DevicePath) == MEDIA_DEVICE_PATH &&
+ DevicePathSubType (DevicePath) == MEDIA_FILEPATH_DP &&
+ *(CHAR16 *)((UINT8 *)DevicePath + NodeLength - 2) != 0) {
+ return FALSE;
+ }
}
//
--
2.17.1.windows.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2 0/2] Add sanity check for FilePath device path
2019-02-19 9:21 [PATCH v2 0/2] Add sanity check for FilePath device path Jian J Wang
2019-02-19 9:21 ` [PATCH v2 1/2] MdePkg/UefiDevicePathLib: " Jian J Wang
2019-02-19 9:21 ` [PATCH v2 2/2] MdePkg/UefiDevicePathLibDevicePathProtocol: " Jian J Wang
@ 2019-02-19 9:23 ` Gao, Liming
2 siblings, 0 replies; 7+ messages in thread
From: Gao, Liming @ 2019-02-19 9:23 UTC (permalink / raw)
To: Wang, Jian J, edk2-devel@lists.01.org
Reviewed-by: Liming Gao <liming.gao@intel.com>
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian
>J Wang
>Sent: Tuesday, February 19, 2019 5:22 PM
>To: edk2-devel@lists.01.org
>Subject: [edk2] [PATCH v2 0/2] Add sanity check for FilePath device path
>
>> v2: fix wrong detection of FilePath device path
>
>REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497
>
>Tests
>- Pass specific DevicePathLib test cases
>- Boot shell
>- Boot to Fedora 26 (Qemu/x64)
>- Boot to Ubuntu 18.04 (Qemu/x64)
>- Boot to Windows 10 (Qemu/x64)
>- Boot to Windows 7 (Qemu/x64)
>
>Jian J Wang (2):
> MdePkg/UefiDevicePathLib: Add sanity check for FilePath device path
> MdePkg/UefiDevicePathLibDevicePathProtocol: Add sanity check for
> FilePath device path
>
> MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c | 9 +++++++++
> .../UefiDevicePathLib.c | 9 +++++++++
> 2 files changed, 18 insertions(+)
>
>--
>2.17.1.windows.2
>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for FilePath device path
2019-02-19 9:21 ` [PATCH v2 1/2] MdePkg/UefiDevicePathLib: " Jian J Wang
@ 2019-02-19 9:34 ` Ni, Ray
2019-02-19 10:12 ` Wang, Jian J
0 siblings, 1 reply; 7+ messages in thread
From: Ni, Ray @ 2019-02-19 9:34 UTC (permalink / raw)
To: Wang, Jian J, edk2-devel@lists.01.org; +Cc: Gao, Liming, Kinney, Michael D
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Tuesday, February 19, 2019 5:22 PM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Subject: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for
> FilePath device path
>
> > v2: fix wrong detection of FilePath device path
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497
>
> Current implementation of IsDevicePathValid() is not enough for type of
> MEDIA_FILEPATH_DP, which has NULL-terminated string in the device path.
> This patch add a simple NULL character check at Length position.
>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
> MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> index 5d7635fe3e..dd1bddc1c2 100644
> --- a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> +++ b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> @@ -95,6 +95,15 @@ IsDevicePathValid (
> return FALSE;
> }
> }
> +
> + //
> + // FilePath must be a NULL-terminated string.
> + //
> + if (DevicePathType (DevicePath) == MEDIA_DEVICE_PATH &&
> + DevicePathSubType (DevicePath) == MEDIA_FILEPATH_DP &&
> + *(CHAR16 *)((UINT8 *)DevicePath + NodeLength - 2) != 0) {
Can we assume the device path node buffer contains exact the null terminated string?
What if the buffer contains some padding bytes after null terminated string?
To handle this case, can we convert the DevicePath to FILEPATH_DEVICE_PATH and use logic similar as below?
FILEPATH_DEVICE_PATH *FilePath;
FilePath = (FILEPATH_DEVICE_PATH *) DevicePath;
MaxSize = (NodeLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) / sizeof (CHAR16);
If (StrnLenS (FilePath->PathName, MaxSize) == MaxSize) {
Return FALSE;
}
> + return FALSE;
> + }
> }
>
> //
> --
> 2.17.1.windows.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for FilePath device path
2019-02-19 9:34 ` Ni, Ray
@ 2019-02-19 10:12 ` Wang, Jian J
2019-02-19 13:11 ` Ni, Ray
0 siblings, 1 reply; 7+ messages in thread
From: Wang, Jian J @ 2019-02-19 10:12 UTC (permalink / raw)
To: Ni, Ray, edk2-devel@lists.01.org; +Cc: Gao, Liming, Kinney, Michael D
Hi Ray,
> -----Original Message-----
> From: Ni, Ray
> Sent: Tuesday, February 19, 2019 5:34 PM
> To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: RE: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for
> FilePath device path
>
>
>
> > -----Original Message-----
> > From: Wang, Jian J <jian.j.wang@intel.com>
> > Sent: Tuesday, February 19, 2019 5:22 PM
> > To: edk2-devel@lists.01.org
> > Cc: Gao, Liming <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>; Kinney,
> > Michael D <michael.d.kinney@intel.com>
> > Subject: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for
> > FilePath device path
> >
> > > v2: fix wrong detection of FilePath device path
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497
> >
> > Current implementation of IsDevicePathValid() is not enough for type of
> > MEDIA_FILEPATH_DP, which has NULL-terminated string in the device path.
> > This patch add a simple NULL character check at Length position.
> >
> > Cc: Liming Gao <liming.gao@intel.com>
> > Cc: Ray Ni <ray.ni@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > ---
> > MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c | 9 +++++++++
> > 1 file changed, 9 insertions(+)
> >
> > diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > index 5d7635fe3e..dd1bddc1c2 100644
> > --- a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > +++ b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > @@ -95,6 +95,15 @@ IsDevicePathValid (
> > return FALSE;
> > }
> > }
> > +
> > + //
> > + // FilePath must be a NULL-terminated string.
> > + //
> > + if (DevicePathType (DevicePath) == MEDIA_DEVICE_PATH &&
> > + DevicePathSubType (DevicePath) == MEDIA_FILEPATH_DP &&
> > + *(CHAR16 *)((UINT8 *)DevicePath + NodeLength - 2) != 0) {
> Can we assume the device path node buffer contains exact the null terminated
> string?
> What if the buffer contains some padding bytes after null terminated string?
>
> To handle this case, can we convert the DevicePath to FILEPATH_DEVICE_PATH
> and use logic similar as below?
>
> FILEPATH_DEVICE_PATH *FilePath;
> FilePath = (FILEPATH_DEVICE_PATH *) DevicePath;
> MaxSize = (NodeLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) / sizeof
> (CHAR16);
> If (StrnLenS (FilePath->PathName, MaxSize) == MaxSize) {
> Return FALSE;
> }
>
I did think about your implementation and I agree it might be the best way
from compatibility perspective. But I have three considerations:
1. It's not a good programming habit to pass unwanted data around and should not
be encouraged to do so.
2. It might leave potential security hole (maybe I'm a little too cautious)
3. The UEFI spec has following statement on this type of device path (ch10.3.6.4).
" A NULL-terminated Path string including directory and file names. The length of
this string n can be determined by subtracting 4 from the Length entry."
But I'm still open to your suggestion, if all agree that compatibility is more important.
Regards,
Jian
>
>
> > + return FALSE;
> > + }
> > }
> >
> > //
> > --
> > 2.17.1.windows.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for FilePath device path
2019-02-19 10:12 ` Wang, Jian J
@ 2019-02-19 13:11 ` Ni, Ray
0 siblings, 0 replies; 7+ messages in thread
From: Ni, Ray @ 2019-02-19 13:11 UTC (permalink / raw)
To: Wang, Jian J, edk2-devel@lists.01.org; +Cc: Gao, Liming, Kinney, Michael D
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Tuesday, February 19, 2019 6:12 PM
> To: Ni, Ray <ray.ni@intel.com>; edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: RE: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check for
> FilePath device path
>
> Hi Ray,
>
> > -----Original Message-----
> > From: Ni, Ray
> > Sent: Tuesday, February 19, 2019 5:34 PM
> > To: Wang, Jian J <jian.j.wang@intel.com>; edk2-devel@lists.01.org
> > Cc: Gao, Liming <liming.gao@intel.com>; Kinney, Michael D
> > <michael.d.kinney@intel.com>
> > Subject: RE: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check
> > for FilePath device path
> >
> >
> >
> > > -----Original Message-----
> > > From: Wang, Jian J <jian.j.wang@intel.com>
> > > Sent: Tuesday, February 19, 2019 5:22 PM
> > > To: edk2-devel@lists.01.org
> > > Cc: Gao, Liming <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>;
> > > Kinney, Michael D <michael.d.kinney@intel.com>
> > > Subject: [PATCH v2 1/2] MdePkg/UefiDevicePathLib: Add sanity check
> > > for FilePath device path
> > >
> > > > v2: fix wrong detection of FilePath device path
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497
> > >
> > > Current implementation of IsDevicePathValid() is not enough for type
> > > of MEDIA_FILEPATH_DP, which has NULL-terminated string in the device
> path.
> > > This patch add a simple NULL character check at Length position.
> > >
> > > Cc: Liming Gao <liming.gao@intel.com>
> > > Cc: Ray Ni <ray.ni@intel.com>
> > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > > ---
> > > MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c | 9
> > > +++++++++
> > > 1 file changed, 9 insertions(+)
> > >
> > > diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > > b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > > index 5d7635fe3e..dd1bddc1c2 100644
> > > --- a/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > > +++ b/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c
> > > @@ -95,6 +95,15 @@ IsDevicePathValid (
> > > return FALSE;
> > > }
> > > }
> > > +
> > > + //
> > > + // FilePath must be a NULL-terminated string.
> > > + //
> > > + if (DevicePathType (DevicePath) == MEDIA_DEVICE_PATH &&
> > > + DevicePathSubType (DevicePath) == MEDIA_FILEPATH_DP &&
> > > + *(CHAR16 *)((UINT8 *)DevicePath + NodeLength - 2) != 0) {
> > Can we assume the device path node buffer contains exact the null
> > terminated string?
> > What if the buffer contains some padding bytes after null terminated string?
> >
> > To handle this case, can we convert the DevicePath to
> > FILEPATH_DEVICE_PATH and use logic similar as below?
> >
> > FILEPATH_DEVICE_PATH *FilePath;
> > FilePath = (FILEPATH_DEVICE_PATH *) DevicePath; MaxSize = (NodeLength
> > - sizeof (EFI_DEVICE_PATH_PROTOCOL)) / sizeof (CHAR16); If (StrnLenS
> > (FilePath->PathName, MaxSize) == MaxSize) {
> > Return FALSE;
> > }
> >
>
> I did think about your implementation and I agree it might be the best way from
> compatibility perspective. But I have three considerations:
>
> 1. It's not a good programming habit to pass unwanted data around and should
> not
> be encouraged to do so.
> 2. It might leave potential security hole (maybe I'm a little too cautious) 3. The
> UEFI spec has following statement on this type of device path (ch10.3.6.4).
>
> " A NULL-terminated Path string including directory and file names. The length
> of this string n can be determined by subtracting 4 from the Length entry."
>
With such statement, I am ok to your changes.
Reviewed-by: Ray Ni <ray.ni@intel.com>
> But I'm still open to your suggestion, if all agree that compatibility is more
> important.
>
> Regards,
> Jian
>
> >
> >
> > > + return FALSE;
> > > + }
> > > }
> > >
> > > //
> > > --
> > > 2.17.1.windows.2
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-02-19 13:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-19 9:21 [PATCH v2 0/2] Add sanity check for FilePath device path Jian J Wang
2019-02-19 9:21 ` [PATCH v2 1/2] MdePkg/UefiDevicePathLib: " Jian J Wang
2019-02-19 9:34 ` Ni, Ray
2019-02-19 10:12 ` Wang, Jian J
2019-02-19 13:11 ` Ni, Ray
2019-02-19 9:21 ` [PATCH v2 2/2] MdePkg/UefiDevicePathLibDevicePathProtocol: " Jian J Wang
2019-02-19 9:23 ` [PATCH v2 0/2] " Gao, Liming
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox