From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Tue, 02 Jul 2019 03:29:02 -0700
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id C77652F8BE4;
	Tue,  2 Jul 2019 10:28:48 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-172.ams2.redhat.com [10.36.117.172])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A409816BF0;
	Tue,  2 Jul 2019 10:28:38 +0000 (UTC)
From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Liming Gao <liming.gao@intel.com>,
	=?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@outlook.de>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>,
	Zhichao Gao <zhichao.gao@intel.com>
Subject: [PATCH 0/3] MdePkg, OvmfPkg: rewrite Base64Decode(), clean up call site
Date: Tue,  2 Jul 2019 12:28:33 +0200
Message-Id: <20190702102836.27589-1-lersek@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 02 Jul 2019 10:29:01 +0000 (UTC)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Repo:   https://github.com/lersek/edk2.git
Branch: base64_decode_bz1891

Base64Decode() has a number of issues; see

- <https://bugzilla.tianocore.org/show_bug.cgi?id=3D1891>

- and the mailing list discussion linked from
  <https://bugzilla.tianocore.org/show_bug.cgi?id=3D1891#c6>.

In my opinion, rewriting Base64Decode() from scratch, using a different
(state machine-based) approach is safer / more robust than attempting to
identify and patch up individual problems in the current implementation.
The emphasis of the proposed implementation is to reject invalid input;
decoding valid input is kind of secondary. (This is the safe approach
for all parsers that process untrusted input, in my opinion.)

My understanding is that unit tests for Base64Decode() already exist in
some repository. While I tested the new implementation through OvmfPkg's
EnrollDefaultKeys application -- which makes the sole calls to
Base64Decode() in the open source edk2 tree -- I didn't run a unit test
suite. Help with that (pointers to the test suite, or actual unit
testing) would be highly appreciated.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Marvin H=C3=A4user <mhaeuser@outlook.de>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Philippe Mathieu-Daud=C3=A9 <philmd@redhat.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>

Thanks
Laszlo

Laszlo Ersek (3):
  MdePkg/BaseLib: re-specify Base64Decode(), and add temporary stub impl
  MdePkg/BaseLib: rewrite Base64Decode()
  OvmfPkg/EnrollDefaultKeys: clean up Base64Decode() retval handling

 MdePkg/Include/Library/BaseLib.h              |  99 ++++-
 MdePkg/Library/BaseLib/String.c               | 448 +++++++++++++-------
 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c |  10 +-
 3 files changed, 374 insertions(+), 183 deletions(-)

--=20
2.19.1.3.g30247aa5d201