From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=VpVOwP9B;
 spf=pass (domain: gmx.de, ip: 212.227.15.19, mailfrom: xypron.glpk@gmx.de)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
 by groups.io with SMTP; Thu, 04 Apr 2019 18:29:43 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
	s=badeba3b8450; t=1554427773;
	bh=Ke+bC1ELRXhhPfZpV2nzFSW/oZpWN8xJiuim5Y7jZjI=;
	h=X-UI-Sender-Class:From:To:Cc:Subject:Date;
	b=VpVOwP9BFzSCANUAf4JNUDfWgN4y7q0mTNaIMvF1EavH2s+5H6a4D+eokPjuYxS1R
	 j9b6R6oiAhdNS6rwxjYinazd34eGYwFCYbZuBxIGylXk2K+kTT5qZvvIniMjmAqLZe
	 3DqYulX0Vm/gkbpqKyuuPTFveagndi32zJ5oGF/E=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from LT02.fritz.box ([84.118.159.3]) by mail.gmx.com (mrgmx003
 [212.227.17.184]) with ESMTPSA (Nemesis) id 0Lu874-1gk3tj0hgE-011Q8s; Fri, 05
 Apr 2019 03:29:33 +0200
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Jaben Carsey <jaben.carsey@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Leif Lindholm <leif.lindholm@linaro.org>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>,
	devel@edk2.groups.io,
	Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [PATCH 1/1] ShellPkg/CommandLib: avoid NULL derefence and memory leak
Date: Fri,  5 Apr 2019 03:29:03 +0200
Message-Id: <20190405012903.20796-1-xypron.glpk@gmx.de>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-Provags-ID: V03:K1:RCnQyCJfPIiZ9LQdspveA8Lrw3U+Xvy6NpcOYfgViQ9hgU5Rjqx
 +58ZDrg9mjMhQBe8sJSMNyLzIogNtjVQYJhLPKnyBdnYNtpOZCNvvW2TEzpR34fAE0RUAhW
 79KIycFrhIIepc+o50bSIkqyHB7nDOWa2vyMWXLiabUjWM8OoHVm4FuoE9RNRwQFlY1DC8i
 BhkcJ0DcOPA2bvWfw5YNQ==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:1+3WOOMgYEk=:XydrLFFXOdxUjjiHrl+sTm
 mBy12PTTDzPsBt33vyLlLrnuqQfrAhtrAWstJE86yNvNUZeUwgD9m5KRwixF1fc1fgbYvAVkh
 ULAE3HEcJ4nfGt1q0/RMee3uPtamCEcXF900lgZDRiCvqD5qjcDpNbo/zmNnmzjlQkibNJQtE
 Ifufxap7R6z5YJx9tFcprgB1+aJ78HRS6Nn8sfZHsEvAXJuQyyM1zllrXWAmkTSFxksJ+mPM4
 szXjm/6z4gZrSlnBl7NlcT8Zam7Z74PsgSA/PZNEHtWVCtRb5i9VCR6tAlNkc9y8A0LQtA6Xb
 L+hY5x84EKh6MZ9yJuoRiCHqvpDgFlkaXm7P8wC8vWu+oav2QBxz30GJhq13e7+ZVS48/daTC
 /xjbZfxR13+2uPYFNQqfCzVxkCAt5kUXYqVv2E8Ju4Wm3R2NhSVh2KCtCPt2DwrW+mxF9W/aM
 WzLTiz6dLqZtCoik0bD0+kfZKIqfWWvSZo/cDM+RsQOhgB9uPQT7pzBLAdCZ4bjegKDusC0/W
 3zmZwhLVPmDK53/HMuw5vQVf9hmc4LHrrEbgu2a6xQX7TBD2HnUIWXReKT41ya3O0d68VDPJB
 G7STs2oiOZOwefGIgJzvun1FuFDRU5DAMYwgSHXeqpsWMe2T9aoWHnwm7/4o1kPSFzWNPVxvp
 f3F3jRsQ6/XKliGDSvq26E4XG3yRwdRZ3USFHmaDeIY+kNAHthpwO9dtgdKFcK+sWxiQ8jLaC
 tbdC3jC8AQvVUf6EFdLDxDlc1TwyyhY1yGZONv6RYm+JI4Dgmi30ZBUDp4K3CKG4AqL0yqTL4
 tGS6c4DLVHAkByDm2/3LUr6juVKF/XldW2ctkg19CyDIhtYimT07ILORX+DEOkaGmfpWC1y71
 X6onJ6ULFjf09s1Ztc6r/mnkHcfr0nTckUEHdds7NCj77/Gy2YQ9RjYoQ/uTXe
Content-Transfer-Encoding: quoted-printable

Since TianoCore EDK2 commit d65f2cea36d1 ("ShellPkg/CommandLib: Locate
proper UnicodeCollation instance") in edk2 the UEFI Shell crashes if EFI
variable PlatformLang is not defined due to dereferencing gUnicodeCollatio=
n
gUnicodeCollation (=3D NULL) in ShellCommandRegisterCommandName().

Furthermore CommandInit() is leaking PlatformLang if
gUnicodeCollation !=3D NULL.

Close the memory leak and use the first UnicodeCollation instance if
PlatfomLang is not defined.

Fixes: d65f2cea36d1 ("ShellPkg/CommandLib: Locate proper UnicodeCollation
instance")
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
=2D--
 .../UefiShellCommandLib/UefiShellCommandLib.c | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c b/=
ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c
index ddc4bb1567..e60279e5ac 100644
=2D-- a/ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c
+++ b/ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c
@@ -80,12 +80,10 @@ CommandInit(
   EFI_STATUS                      Status;
   CHAR8                           *PlatformLang;

-  GetEfiGlobalVariable2 (EFI_PLATFORM_LANG_VARIABLE_NAME, (VOID**)&Platfo=
rmLang, NULL);
-  if (PlatformLang =3D=3D NULL) {
-    return EFI_UNSUPPORTED;
-  }
-
   if (gUnicodeCollation =3D=3D NULL) {
+
+    GetEfiGlobalVariable2 (EFI_PLATFORM_LANG_VARIABLE_NAME, (VOID**)&Plat=
formLang, NULL);
+
     Status =3D gBS->LocateHandleBuffer (
                     ByProtocol,
                     &gEfiUnicodeCollation2ProtocolGuid,
@@ -113,6 +111,14 @@ CommandInit(
         continue;
       }

+      //
+      // Without clue provided use the first Unicode Collation2 protocol.
+      //
+      if (PlatformLang =3D=3D NULL) {
+        gUnicodeCollation =3D Uc;
+        break;
+      }
+
       //
       // Find the best matching matching language from the supported lang=
uages
       // of Unicode Collation2 protocol.
@@ -132,7 +138,9 @@ CommandInit(
     if (Handles !=3D NULL) {
       FreePool (Handles);
     }
-    FreePool (PlatformLang);
+    if (PlatformLang !=3D NULL) {
+      FreePool (PlatformLang);
+    }
   }

   return (gUnicodeCollation =3D=3D NULL) ? EFI_UNSUPPORTED : EFI_SUCCESS;
=2D-
2.20.1