From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66])
 by mx.groups.io with SMTP id smtpd.web09.7175.1573146325074672612
 for <devel@edk2.groups.io>;
 Thu, 07 Nov 2019 09:05:25 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@akeo-ie.20150623.gappssmtp.com header.s=20150623 header.b=dEMH5lsJ;
 spf=none, err=permanent DNS error (domain: akeo.ie, ip: 209.85.221.66, mailfrom: pete@akeo.ie)
Received: by mail-wr1-f66.google.com with SMTP id i10so3881903wrs.7
        for <devel@edk2.groups.io>; Thu, 07 Nov 2019 09:05:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=akeo-ie.20150623.gappssmtp.com; s=20150623;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=pOBM5CXJpt9vx9q+kpw1qh1U8cFR33+N6cTkCLVyGZw=;
        b=dEMH5lsJvCtqs17KeWSd4AHbC/RY+2sKqb1tX6vwfDKiRiLeMrfvU1RTpNIN1RaTyA
         K716Ur2j6ziKVJOHFNUTk5yohrd9wanO2eovLWjeQfhAo00hePffSqi4n1ouyTVCyYyx
         ro/bh0KOMKXRkyT+zwhHKvi+iWABtjc1fHucEtvBOX0zp6wHvpFSG9Mae9hM4p7XMfQq
         nu9bmsmWlSih6BV1OtJfLPMc7JTpDhTbJDKrn6GXS/bqWjAvvhX31Wk8Aqgoq/EocFn6
         9wZF+42dc4E3joR72rsnOFxZKi2EN0NfohA9/z0eko8cmsYd32CL7Wt4ZaO6wyPlPNzR
         TUBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=pOBM5CXJpt9vx9q+kpw1qh1U8cFR33+N6cTkCLVyGZw=;
        b=j5iAfZDlnJQ72n14EEvr6hz9YYH0O54fIEczKR5KG0b92PfxzlBT2BWuOyorEFARK8
         rQFpflAYnQ9lqO3F8lEbY8VGKpjD1TSYGA2JfG9DrexxYB8Vh7FmVV/pQg5IGCUStxLU
         TLYJdJRscv1vH4agIfNH4kQi9lXcDdVZJrqhw6ySFHU8hXRSXvGkKr11bfTPTB49C9vJ
         xeHDzfs5Dz+bzHHm10myGQ6NKjIEeni5lgTrFZW6ZLq6PsBbnQE7VUysUN1BKJ+/obdz
         y5NTp5N93boTqzWOjFB4dnE5CYwq45v2/9AQBXTyD5HXKuot7R7XYq5ZMoLXZeEdsak0
         QvdQ==
X-Gm-Message-State: APjAAAWznW9ALVRKor8HEEAgcd5dfodSNbt0K+zCj7YsHljnBqegJBJx
	D+ZC53JV6KJreoBuLuHUfZmurQ==
X-Google-Smtp-Source: APXvYqzMAZnZHAnZtWW2aYAZ/SDZpaQRaMTIoeJ1VltnBqA6R0SWPOEPp0Ze6akWenLyv8SLKstiyA==
X-Received: by 2002:adf:eec4:: with SMTP id a4mr4089252wrp.239.1573146323602;
        Thu, 07 Nov 2019 09:05:23 -0800 (PST)
Return-Path: <pete@akeo.ie>
Received: from [10.0.0.122] ([84.203.91.209])
        by smtp.googlemail.com with ESMTPSA id f19sm4943745wrf.23.2019.11.07.09.05.20
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 07 Nov 2019 09:05:22 -0800 (PST)
Subject: Re: [edk2-platforms][PATCH 1/1] Platform/RPi: Prevent buffer over-read when the command line is empty
To: Leif Lindholm <leif.lindholm@linaro.org>
Cc: devel@edk2.groups.io, ard.biesheuvel@linaro.org, philmd@redhat.com
References: <20191104160617.11036-1-pete@akeo.ie>
 <20191107162130.GQ16820@bivouac.eciton.net>
From: "Pete Batard" <pete@akeo.ie>
Message-ID: <27d409b1-1761-8fe6-5c51-c4f53df3ce60@akeo.ie>
Date: Thu, 7 Nov 2019 17:05:20 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <20191107162130.GQ16820@bivouac.eciton.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit

Hi Leif,

On 2019.11.07 16:21, Leif Lindholm wrote:
> Patch looks good, but the term "command line" is a bit confusing.
> 
> I assume we're talking about whatever way parameters are passed from
> pre-edk2 firmware to edk2, right?

Yes. This is basically what the Raspberry Pi VideoCore bootcode digests 
and passes as boot arguments to the ARM boot loader (i.e. our TF-A + EFI 
firmware executable). It contains options that the user may have set in 
their 'config.txt' as well as other data.

> Is there a more precise term for this?

Would "boot arguments" or "external boot arguments" work for you? Or if 
you prefer "(external) boot parameters" should be applicable too.

Regards,

/Pete

> 
> /
>      Leif
> 
> On Mon, Nov 04, 2019 at 04:06:17PM +0000, Pete Batard wrote:
>> From: Andrei Warkentin <andrey.warkentin@gmail.com>
>>
>> It is possible for the command line to be empty
>> (Cmd->TagHead.TagValueSize = 0), in which case the code should not
>> attempt to read the value at CommandLine[-1].
>>
>> Signed-off-by: Pete Batard <pete@akeo.ie>
>> ---
>>   Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c
>> index 5a9d4c3f1787..9b4aa068857c 100644
>> --- a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c
>> +++ b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c
>> @@ -927,7 +927,8 @@ RpiFirmwareGetCommmandLine (
>>   
>>     CopyMem (CommandLine, Cmd->CommandLine, Cmd->TagHead.TagValueSize);
>>   
>> -  if (CommandLine[Cmd->TagHead.TagValueSize - 1] != '\0') {
>> +  if (Cmd->TagHead.TagValueSize == 0 ||
>> +      CommandLine[Cmd->TagHead.TagValueSize - 1] != '\0') {
>>       //
>>       // Add a NUL terminator if required.
>>       //
>> -- 
>> 2.21.0.windows.1
>>