From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: dandan.bi@intel.com)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by groups.io with SMTP; Tue, 27 Aug 2019 17:29:00 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Aug 2019 17:28:59 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,439,1559545200"; 
   d="scan'208";a="192420560"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
  by orsmga002.jf.intel.com with ESMTP; 27 Aug 2019 17:28:59 -0700
Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 27 Aug 2019 17:28:58 -0700
Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by
 fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Tue, 27 Aug 2019 17:28:58 -0700
Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by
 fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5
 via Frontend Transport; Tue, 27 Aug 2019 17:28:58 -0700
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.112]) by
 SHSMSX153.ccr.corp.intel.com ([169.254.12.215]) with mapi id 14.03.0439.000;
 Wed, 28 Aug 2019 08:28:56 +0800
From: "Dandan Bi" <dandan.bi@intel.com>
To: "Kubacki, Michael A" <michael.a.kubacki@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Gao, Liming" <liming.gao@intel.com>
Subject: Re: [edk2-platforms][PATCH V1 1/1] UserInterfacePkg/UserAuthentication: Fix NULL pointer dereferences
Thread-Topic: [edk2-platforms][PATCH V1 1/1]
 UserInterfacePkg/UserAuthentication: Fix NULL pointer dereferences
Thread-Index: AQHVXHe6XyBoLWUdgk+idClrBYlX9KcPtgzQ
Date: Wed, 28 Aug 2019 00:28:56 +0000
Message-ID: <3C0D5C461C9E904E8F62152F6274C0BB40C43478@SHSMSX104.ccr.corp.intel.com>
References: <20190827013533.13768-1-michael.a.kubacki@intel.com>
In-Reply-To: <20190827013533.13768-1-michael.a.kubacki@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: dandan.bi@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Dandan Bi <dandan.bi@intel.com>


Thanks,
Dandan

> -----Original Message-----
> From: Kubacki, Michael A
> Sent: Tuesday, August 27, 2019 9:36 AM
> To: devel@edk2.groups.io
> Cc: Bi, Dandan <dandan.bi@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: [edk2-platforms][PATCH V1 1/1]
> UserInterfacePkg/UserAuthentication: Fix NULL pointer dereferences
>=20
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2115
>=20
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
> ---
>=20
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
> ation2Dxe.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>=20
> diff --git
> a/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> b/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> index 55b264f4ff..b4326d380f 100644
> ---
> a/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> +++
> b/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> @@ -300,13 +300,16 @@ UserAuthenticationCallback (
>          switch (mUserAuthenticationData->PasswordState) {
>          case BROWSER_STATE_VALIDATE_PASSWORD:
>            UserInputPassword =3D HiiGetString (mUserAuthenticationData-
> >HiiHandle, Value->string, NULL);
> +          if (UserInputPassword =3D=3D NULL) {
> +            return EFI_UNSUPPORTED;
> +          }
>            if ((StrLen (UserInputPassword) >=3D PASSWORD_MAX_SIZE)) {
>              Status =3D EFI_NOT_READY;
>              break;
>            }
>            if (UserInputPassword[0] =3D=3D 0) {
>              //
> -            // Setup will use a NULL password to check whether the old p=
assword
> is set,
> +            // Setup will use an empty password to check whether the old
> password is set,
>              // If the validation is successful, means there is no old pa=
ssword,
> return
>              // success to set the new password. Or need to return
> EFI_NOT_READY to
>              // let user input the old password.
> @@ -343,6 +346,9 @@ UserAuthenticationCallback (
>=20
>          case BROWSER_STATE_SET_PASSWORD:
>            UserInputPassword =3D HiiGetString (mUserAuthenticationData-
> >HiiHandle, Value->string, NULL);
> +          if (UserInputPassword =3D=3D NULL) {
> +            return EFI_UNSUPPORTED;
> +          }
>            if ((StrLen (UserInputPassword) >=3D PASSWORD_MAX_SIZE)) {
>              Status =3D EFI_NOT_READY;
>              break;
> --
> 2.16.2.windows.1