From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by mx.groups.io with SMTP id smtpd.web09.7175.1573146325074672612 for ; Thu, 07 Nov 2019 09:05:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@akeo-ie.20150623.gappssmtp.com header.s=20150623 header.b=dEMH5lsJ; spf=none, err=permanent DNS error (domain: akeo.ie, ip: 209.85.221.66, mailfrom: pete@akeo.ie) Received: by mail-wr1-f66.google.com with SMTP id i10so3881903wrs.7 for ; Thu, 07 Nov 2019 09:05:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akeo-ie.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=pOBM5CXJpt9vx9q+kpw1qh1U8cFR33+N6cTkCLVyGZw=; b=dEMH5lsJvCtqs17KeWSd4AHbC/RY+2sKqb1tX6vwfDKiRiLeMrfvU1RTpNIN1RaTyA K716Ur2j6ziKVJOHFNUTk5yohrd9wanO2eovLWjeQfhAo00hePffSqi4n1ouyTVCyYyx ro/bh0KOMKXRkyT+zwhHKvi+iWABtjc1fHucEtvBOX0zp6wHvpFSG9Mae9hM4p7XMfQq nu9bmsmWlSih6BV1OtJfLPMc7JTpDhTbJDKrn6GXS/bqWjAvvhX31Wk8Aqgoq/EocFn6 9wZF+42dc4E3joR72rsnOFxZKi2EN0NfohA9/z0eko8cmsYd32CL7Wt4ZaO6wyPlPNzR TUBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=pOBM5CXJpt9vx9q+kpw1qh1U8cFR33+N6cTkCLVyGZw=; b=j5iAfZDlnJQ72n14EEvr6hz9YYH0O54fIEczKR5KG0b92PfxzlBT2BWuOyorEFARK8 rQFpflAYnQ9lqO3F8lEbY8VGKpjD1TSYGA2JfG9DrexxYB8Vh7FmVV/pQg5IGCUStxLU TLYJdJRscv1vH4agIfNH4kQi9lXcDdVZJrqhw6ySFHU8hXRSXvGkKr11bfTPTB49C9vJ xeHDzfs5Dz+bzHHm10myGQ6NKjIEeni5lgTrFZW6ZLq6PsBbnQE7VUysUN1BKJ+/obdz y5NTp5N93boTqzWOjFB4dnE5CYwq45v2/9AQBXTyD5HXKuot7R7XYq5ZMoLXZeEdsak0 QvdQ== X-Gm-Message-State: APjAAAWznW9ALVRKor8HEEAgcd5dfodSNbt0K+zCj7YsHljnBqegJBJx D+ZC53JV6KJreoBuLuHUfZmurQ== X-Google-Smtp-Source: APXvYqzMAZnZHAnZtWW2aYAZ/SDZpaQRaMTIoeJ1VltnBqA6R0SWPOEPp0Ze6akWenLyv8SLKstiyA== X-Received: by 2002:adf:eec4:: with SMTP id a4mr4089252wrp.239.1573146323602; Thu, 07 Nov 2019 09:05:23 -0800 (PST) Return-Path: Received: from [10.0.0.122] ([84.203.91.209]) by smtp.googlemail.com with ESMTPSA id f19sm4943745wrf.23.2019.11.07.09.05.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Nov 2019 09:05:22 -0800 (PST) Subject: Re: [edk2-platforms][PATCH 1/1] Platform/RPi: Prevent buffer over-read when the command line is empty To: Leif Lindholm Cc: devel@edk2.groups.io, ard.biesheuvel@linaro.org, philmd@redhat.com References: <20191104160617.11036-1-pete@akeo.ie> <20191107162130.GQ16820@bivouac.eciton.net> From: "Pete Batard" Message-ID: <27d409b1-1761-8fe6-5c51-c4f53df3ce60@akeo.ie> Date: Thu, 7 Nov 2019 17:05:20 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <20191107162130.GQ16820@bivouac.eciton.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit Hi Leif, On 2019.11.07 16:21, Leif Lindholm wrote: > Patch looks good, but the term "command line" is a bit confusing. > > I assume we're talking about whatever way parameters are passed from > pre-edk2 firmware to edk2, right? Yes. This is basically what the Raspberry Pi VideoCore bootcode digests and passes as boot arguments to the ARM boot loader (i.e. our TF-A + EFI firmware executable). It contains options that the user may have set in their 'config.txt' as well as other data. > Is there a more precise term for this? Would "boot arguments" or "external boot arguments" work for you? Or if you prefer "(external) boot parameters" should be applicable too. Regards, /Pete > > / > Leif > > On Mon, Nov 04, 2019 at 04:06:17PM +0000, Pete Batard wrote: >> From: Andrei Warkentin >> >> It is possible for the command line to be empty >> (Cmd->TagHead.TagValueSize = 0), in which case the code should not >> attempt to read the value at CommandLine[-1]. >> >> Signed-off-by: Pete Batard >> --- >> Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c >> index 5a9d4c3f1787..9b4aa068857c 100644 >> --- a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c >> +++ b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c >> @@ -927,7 +927,8 @@ RpiFirmwareGetCommmandLine ( >> >> CopyMem (CommandLine, Cmd->CommandLine, Cmd->TagHead.TagValueSize); >> >> - if (CommandLine[Cmd->TagHead.TagValueSize - 1] != '\0') { >> + if (Cmd->TagHead.TagValueSize == 0 || >> + CommandLine[Cmd->TagHead.TagValueSize - 1] != '\0') { >> // >> // Add a NUL terminator if required. >> // >> -- >> 2.21.0.windows.1 >>