From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by mx.groups.io with SMTP id smtpd.web11.7243.1572883590296162836 for ; Mon, 04 Nov 2019 08:06:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@akeo-ie.20150623.gappssmtp.com header.s=20150623 header.b=ZrICrIYC; spf=none, err=permanent DNS error (domain: akeo.ie, ip: 209.85.221.66, mailfrom: pete@akeo.ie) Received: by mail-wr1-f66.google.com with SMTP id a11so17722189wra.6 for ; Mon, 04 Nov 2019 08:06:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akeo-ie.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=liOQ/4+BPdj8cB5OPIgGbElNKvuHfIuMvkXb/yTVDDA=; b=ZrICrIYCwGMa/yw0wxFhoIDeoay2pGhsZh4labqBpfz+AatPnpYJwAk/ZGvRUN/wJc UJJlto7x84q/D+d0fT0FfA3Bc6AMdMXJqj11r3V0fCn9ZIkSpNDbAzOgNvIoRXVWB8lF TZlygASv3ElQEXg/zMiPNPHC52lRLb71UiAJubwU2bpKoXPzalmP0nSWWcw6xPialJBn xroFc33eQ0rbrc/W51S9IvLj8qC8C1UoDzn9R2nL8bXJ7vyqTSvIQWCwMZztvp5RPjBc XkNqHPnVozBIjGqdG0scJgv1k8Pi7T1ItwS7+t1FzjRSmGdGwEqZXP2yDHFb/TaV/Dmj RCHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=liOQ/4+BPdj8cB5OPIgGbElNKvuHfIuMvkXb/yTVDDA=; b=k2iejppUC9jBkP2DtIdP+kPE5kK6DRHKw0Ic/2PnzdgueVWJDBBq8+hfFe6oR8ehpj gB3/K0v+sxaANnPzRDc2VQKIrfa9mZ28JCKnOiR5GcKGG6Wxp0n67e6Rd8Fg2kQQ4PCj 6gTebQXGnLoIi03Vd/0DqsQTv/PpytMml091G7kNGUVgBKego5fye2PFQqd8kuc6pGUY xfdVYzR5a4uHKIIufMfToUEY9rMiaRAHuQGq186XJpNjhsW73LuAHMCHLhYr+qiU4W57 bPtmKDysPZeoTZQ0DqRlsn5a5B4t5vYK8LmZgNWEenKyre/ap8KmF09ANX9Jxl9iirGN 4xEg== X-Gm-Message-State: APjAAAWHoj/wTe/4UD4XZjWBOs0ARf0tzikvVzJlwCm3yM+lJtneVIyz 0IUONQRrNMO+s/TdXPtlRRGh+b0Fybg= X-Google-Smtp-Source: APXvYqzx027FQXRfYrgm0zE4XDP0C5KiGHHcodC1icRr8Tg2/Cb+YVaqr6rMaQIYVrGF9wiwI+vVMw== X-Received: by 2002:a5d:5091:: with SMTP id a17mr22682810wrt.249.1572883588566; Mon, 04 Nov 2019 08:06:28 -0800 (PST) Return-Path: Received: from localhost.localdomain ([84.203.91.209]) by smtp.gmail.com with ESMTPSA id n13sm9972065wmi.25.2019.11.04.08.06.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Nov 2019 08:06:28 -0800 (PST) From: "Pete Batard" To: devel@edk2.groups.io Cc: ard.biesheuvel@linaro.org, leif.lindholm@linaro.org, philmd@redhat.com Subject: [edk2-platforms][PATCH 1/1] Platform/RPi: Prevent buffer over-read when the command line is empty Date: Mon, 4 Nov 2019 16:06:17 +0000 Message-Id: <20191104160617.11036-1-pete@akeo.ie> X-Mailer: git-send-email 2.21.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Andrei Warkentin It is possible for the command line to be empty (Cmd->TagHead.TagValueSize = 0), in which case the code should not attempt to read the value at CommandLine[-1]. Signed-off-by: Pete Batard --- Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c index 5a9d4c3f1787..9b4aa068857c 100644 --- a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c +++ b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c @@ -927,7 +927,8 @@ RpiFirmwareGetCommmandLine ( CopyMem (CommandLine, Cmd->CommandLine, Cmd->TagHead.TagValueSize); - if (CommandLine[Cmd->TagHead.TagValueSize - 1] != '\0') { + if (Cmd->TagHead.TagValueSize == 0 || + CommandLine[Cmd->TagHead.TagValueSize - 1] != '\0') { // // Add a NUL terminator if required. // -- 2.21.0.windows.1