From: "Albecki, Mateusz" <mateusz.albecki@intel.com>
To: devel@edk2.groups.io
Cc: Mateusz Albecki <mateusz.albecki@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Zhiguang Liu <zhiguang.liu@intel.com>
Subject: [edk2-devel] [PATCH 1/1] MdePkg/UefiDevicePathLib: Fix AcpiEx print logic
Date: Tue, 26 Sep 2023 17:28:30 +0200 [thread overview]
Message-ID: <20230926152830.1394883-2-mateusz.albecki@intel.com> (raw)
In-Reply-To: <20230926152830.1394883-1-mateusz.albecki@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4555
Add logic that checks if the code doesn't overflow
ACPI_EXTENDED_HID_DEVICE_PATH node when searching for optional
strings. If the string is not provided in the device path node
default value of "\0" is used.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Mateusz Albecki <mateusz.albecki@intel.com>
---
.../UefiDevicePathLib/DevicePathToText.c | 66 +++++++++++--------
1 file changed, 39 insertions(+), 27 deletions(-)
diff --git a/MdePkg/Library/UefiDevicePathLib/DevicePathToText.c b/MdePkg/Library/UefiDevicePathLib/DevicePathToText.c
index dd90dfa58e..5012dfef6b 100644
--- a/MdePkg/Library/UefiDevicePathLib/DevicePathToText.c
+++ b/MdePkg/Library/UefiDevicePathLib/DevicePathToText.c
@@ -418,23 +418,38 @@ DevPathToTextAcpiEx (
)
{
ACPI_EXTENDED_HID_DEVICE_PATH *AcpiEx;
- CHAR8 *HIDStr;
- CHAR8 *UIDStr;
- CHAR8 *CIDStr;
CHAR16 HIDText[11];
CHAR16 CIDText[11];
-
- AcpiEx = DevPath;
- HIDStr = (CHAR8 *)(((UINT8 *)AcpiEx) + sizeof (ACPI_EXTENDED_HID_DEVICE_PATH));
- UIDStr = HIDStr + AsciiStrLen (HIDStr) + 1;
- CIDStr = UIDStr + AsciiStrLen (UIDStr) + 1;
+ UINTN CurrentLength;
+ CHAR8 *CurrentPos;
+ UINTN NextStringOffset;
+ CHAR8 *Strings[3];
+ CONST UINT8 HidStrIndex = 0;
+ CONST UINT8 UidStrIndex = 1;
+ CONST UINT8 CidStrIndex = 2;
+ UINT8 StrIndex;
+
+ AcpiEx = DevPath;
+ Strings[HidStrIndex] = NULL;
+ Strings[UidStrIndex] = NULL;
+ Strings[CidStrIndex] = NULL;
+ CurrentLength = sizeof (ACPI_EXTENDED_HID_DEVICE_PATH);
+ CurrentPos = (CHAR8 *)(((UINT8 *)AcpiEx) + sizeof (ACPI_EXTENDED_HID_DEVICE_PATH));
+ StrIndex = 0;
+ while (CurrentLength < AcpiEx->Header.Length[0] && StrIndex < ARRAY_SIZE (Strings)) {
+ Strings[StrIndex] = CurrentPos;
+ NextStringOffset = AsciiStrLen (CurrentPos) + 1;
+ CurrentLength += NextStringOffset;
+ CurrentPos += NextStringOffset;
+ StrIndex++;
+ }
if (DisplayOnly) {
if ((EISA_ID_TO_NUM (AcpiEx->HID) == 0x0A03) ||
((EISA_ID_TO_NUM (AcpiEx->CID) == 0x0A03) && (EISA_ID_TO_NUM (AcpiEx->HID) != 0x0A08)))
{
- if (AcpiEx->UID == 0) {
- UefiDevicePathLibCatPrint (Str, L"PciRoot(%a)", UIDStr);
+ if (Strings[UidStrIndex] != NULL) {
+ UefiDevicePathLibCatPrint (Str, L"PciRoot(%a)", Strings[UidStrIndex]);
} else {
UefiDevicePathLibCatPrint (Str, L"PciRoot(0x%x)", AcpiEx->UID);
}
@@ -443,8 +458,8 @@ DevPathToTextAcpiEx (
}
if ((EISA_ID_TO_NUM (AcpiEx->HID) == 0x0A08) || (EISA_ID_TO_NUM (AcpiEx->CID) == 0x0A08)) {
- if (AcpiEx->UID == 0) {
- UefiDevicePathLibCatPrint (Str, L"PcieRoot(%a)", UIDStr);
+ if (Strings[UidStrIndex] != NULL) {
+ UefiDevicePathLibCatPrint (Str, L"PcieRoot(%a)", Strings[UidStrIndex]);
} else {
UefiDevicePathLibCatPrint (Str, L"PcieRoot(0x%x)", AcpiEx->UID);
}
@@ -475,7 +490,7 @@ DevPathToTextAcpiEx (
(AcpiEx->CID >> 16) & 0xFFFF
);
- if ((*HIDStr == '\0') && (*CIDStr == '\0') && (*UIDStr != '\0')) {
+ if ((Strings[HidStrIndex] == NULL) && (Strings[CidStrIndex] == NULL) && (Strings[UidStrIndex] != NULL)) {
//
// use AcpiExp()
//
@@ -484,7 +499,7 @@ DevPathToTextAcpiEx (
Str,
L"AcpiExp(%s,0,%a)",
HIDText,
- UIDStr
+ Strings[UidStrIndex]
);
} else {
UefiDevicePathLibCatPrint (
@@ -492,28 +507,25 @@ DevPathToTextAcpiEx (
L"AcpiExp(%s,%s,%a)",
HIDText,
CIDText,
- UIDStr
+ Strings[UidStrIndex]
);
}
} else {
if (DisplayOnly) {
- //
- // display only
- //
- if (AcpiEx->HID == 0) {
- UefiDevicePathLibCatPrint (Str, L"AcpiEx(%a,", HIDStr);
+ if (Strings[HidStrIndex] != NULL) {
+ UefiDevicePathLibCatPrint (Str, L"AcpiEx(%a,", Strings[HidStrIndex]);
} else {
UefiDevicePathLibCatPrint (Str, L"AcpiEx(%s,", HIDText);
}
- if (AcpiEx->CID == 0) {
- UefiDevicePathLibCatPrint (Str, L"%a,", CIDStr);
+ if (Strings[CidStrIndex] != NULL) {
+ UefiDevicePathLibCatPrint (Str, L"%a,", Strings[CidStrIndex]);
} else {
UefiDevicePathLibCatPrint (Str, L"%s,", CIDText);
}
- if (AcpiEx->UID == 0) {
- UefiDevicePathLibCatPrint (Str, L"%a)", UIDStr);
+ if (Strings[UidStrIndex] != NULL) {
+ UefiDevicePathLibCatPrint (Str, L"%a)", Strings[UidStrIndex]);
} else {
UefiDevicePathLibCatPrint (Str, L"0x%x)", AcpiEx->UID);
}
@@ -524,9 +536,9 @@ DevPathToTextAcpiEx (
HIDText,
CIDText,
AcpiEx->UID,
- HIDStr,
- CIDStr,
- UIDStr
+ Strings[HidStrIndex],
+ Strings[CidStrIndex],
+ Strings[UidStrIndex]
);
}
}
--
2.39.2
---------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000 PLN.
Spolka oswiadcza, ze posiada status duzego przedsiebiorcy w rozumieniu ustawy z dnia 8 marca 2013 r. o przeciwdzialaniu nadmiernym opoznieniom w transakcjach handlowych.
Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109071): https://edk2.groups.io/g/devel/message/109071
Mute This Topic: https://groups.io/mt/101598228/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-09-26 15:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-26 15:28 [edk2-devel] [PATCH 0/1] MdePkg/UefiDevicePathLib: Fix buffer overflows in DevPathToTextAcpiEx Albecki, Mateusz
2023-09-26 15:28 ` Albecki, Mateusz [this message]
2023-09-27 11:33 ` [edk2-devel] [PATCH 1/1] MdePkg/UefiDevicePathLib: Fix AcpiEx print logic Albecki, Mateusz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230926152830.1394883-2-mateusz.albecki@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox