From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: michael.a.kubacki@intel.com)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by groups.io with SMTP; Mon, 26 Aug 2019 18:35:36 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Aug 2019 18:35:35 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,435,1559545200"; 
   d="scan'208";a="191979104"
Received: from makuback-desk1.amr.corp.intel.com ([10.7.159.162])
  by orsmga002.jf.intel.com with ESMTP; 26 Aug 2019 18:35:35 -0700
From: "Kubacki, Michael A" <michael.a.kubacki@intel.com>
To: devel@edk2.groups.io
Cc: Dandan Bi <dandan.bi@intel.com>,
	Liming Gao <liming.gao@intel.com>
Subject: [edk2-platforms][PATCH V1 1/1] UserInterfacePkg/UserAuthentication: Fix NULL pointer dereferences
Date: Mon, 26 Aug 2019 18:35:33 -0700
Message-Id: <20190827013533.13768-1-michael.a.kubacki@intel.com>
X-Mailer: git-send-email 2.16.2.windows.1

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2115

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
---
 Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentication2Dxe.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentication2Dxe.c b/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentication2Dxe.c
index 55b264f4ff..b4326d380f 100644
--- a/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentication2Dxe.c
+++ b/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentication2Dxe.c
@@ -300,13 +300,16 @@ UserAuthenticationCallback (
         switch (mUserAuthenticationData->PasswordState) {
         case BROWSER_STATE_VALIDATE_PASSWORD:
           UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL);
+          if (UserInputPassword == NULL) {
+            return EFI_UNSUPPORTED;
+          }
           if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) {
             Status = EFI_NOT_READY;
             break;
           }
           if (UserInputPassword[0] == 0) {
             //
-            // Setup will use a NULL password to check whether the old password is set,
+            // Setup will use an empty password to check whether the old password is set,
             // If the validation is successful, means there is no old password, return
             // success to set the new password. Or need to return EFI_NOT_READY to
             // let user input the old password.
@@ -343,6 +346,9 @@ UserAuthenticationCallback (
 
         case BROWSER_STATE_SET_PASSWORD:
           UserInputPassword = HiiGetString (mUserAuthenticationData->HiiHandle, Value->string, NULL);
+          if (UserInputPassword == NULL) {
+            return EFI_UNSUPPORTED;
+          }
           if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) {
             Status = EFI_NOT_READY;
             break;
-- 
2.16.2.windows.1