From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <liming.gao@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.100; helo=mga07.intel.com;
 envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 9B73F211C7F0E
 for <edk2-devel@lists.01.org>; Fri,  1 Feb 2019 21:21:32 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 01 Feb 2019 21:21:31 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,551,1539673200"; d="scan'208";a="315710213"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by fmsmga006.fm.intel.com with ESMTP; 01 Feb 2019 21:21:31 -0800
Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Fri, 1 Feb 2019 21:21:30 -0800
Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by
 fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Fri, 1 Feb 2019 21:21:30 -0800
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.102]) by
 SHSMSX107.ccr.corp.intel.com ([169.254.9.162]) with mapi id 14.03.0415.000;
 Sat, 2 Feb 2019 13:21:28 +0800
From: "Gao, Liming" <liming.gao@intel.com>
To: "Chen, Chen A" <chen.a.chen@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Wu, Hao A" <hao.a.wu@intel.com>
Thread-Topic: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL
 pointer dereference issue
Thread-Index: AQHUudLf0nd1cvEL9kCgxW55JKPEVaXL+pNA
Date: Sat, 2 Feb 2019 05:21:27 +0000
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E3D5016@SHSMSX104.ccr.corp.intel.com>
References: <20190201020649.15672-1-chen.a.chen@intel.com>
In-Reply-To: <20190201020649.15672-1-chen.a.chen@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ctpclassification: CTP_NT
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNzZhMDQ3MWItNDY4NS00YTZlLWE3ZjItYTZiODE1YTZjZjcyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQnlMSmNWOWlQb29TVkNzRkF0Wnl4NGV1T3g1amJtWEVwWjgzeW40UEl5VzVmUjVVcklvRzR3T1ZFeFdhQk41QSJ9
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer dereference issue
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Feb 2019 05:21:32 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Liming Gao <liming.gao@intel.com>

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ch=
en A Chen
> Sent: Friday, February 1, 2019 10:07 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>
> Subject: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL point=
er dereference issue
>=20
> To avoid potential NULL pointer dereference issue. Initialize them at
> the beginning of the function.
>=20
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao Wu <hao.a.wu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
> ---
>  MdeModulePkg/Application/CapsuleApp/CapsuleApp.c    |  5 +++--
>  MdeModulePkg/Application/CapsuleApp/CapsuleDump.c   | 17 +++++++++++----=
--
>  MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c | 17 +++++++++++++++=
--
>  3 files changed, 29 insertions(+), 10 deletions(-)
>=20
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c b/MdeModule=
Pkg/Application/CapsuleApp/CapsuleApp.c
> index 896acd3304..198a63555d 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleApp.c
> @@ -916,8 +916,9 @@ UefiMain (
>    EFI_GUID                      ImageTypeId;
>    UINTN                         ImageIndex;
>=20
> -  MapFsStr =3D NULL;
> -  CapsuleNum =3D 0;
> +  BlockDescriptors  =3D NULL;
> +  MapFsStr          =3D NULL;
> +  CapsuleNum        =3D 0;
>=20
>    Status =3D GetArg();
>    if (EFI_ERROR(Status)) {
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c b/MdeModul=
ePkg/Application/CapsuleApp/CapsuleDump.c
> index 5bf617c5f6..7bef5a1378 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> @@ -795,11 +795,13 @@ DumpCapsuleFromDisk (
>    UINTN                                         FileCount;
>    BOOLEAN                                       NoFile;
>=20
> -  DirHandle  =3D NULL;
> -  FileHandle =3D NULL;
> -  Index      =3D 0;
> -  FileCount  =3D 0;
> -  NoFile     =3D FALSE;
> +  DirHandle       =3D NULL;
> +  FileHandle      =3D NULL;
> +  Index           =3D 0;
> +  FileInfoBuffer  =3D NULL;
> +  FileInfo        =3D NULL;
> +  FileCount       =3D 0;
> +  NoFile          =3D FALSE;
>=20
>    Status =3D Fs->OpenVolume (Fs, &Root);
>    if (EFI_ERROR (Status)) {
> @@ -970,7 +972,10 @@ DumpProvisionedCapsule (
>=20
>    ShellProtocol =3D GetShellProtocol ();
>=20
> -  Index =3D 0;
> +  Index             =3D 0;
> +  CapsuleDataPtr64  =3D NULL;
> +  BootNext          =3D NULL;
> +  ShellProtocol     =3D NULL;
>=20
>    //
>    // Dump capsule provisioned on Memory
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c b/MdeMod=
ulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> index 393b7ae7db..4faa863bca 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> @@ -151,9 +151,14 @@ DumpAllEfiSysPartition (
>    UINTN                      NumberEfiSystemPartitions;
>    EFI_SHELL_PROTOCOL         *ShellProtocol;
>=20
> -  ShellProtocol =3D GetShellProtocol ();
>    NumberEfiSystemPartitions =3D 0;
>=20
> +  ShellProtocol =3D GetShellProtocol ();
> +  if (ShellProtocol =3D=3D NULL) {
> +    Print (L"Get Shell Protocol Fail\n");;
> +    return ;
> +  }
> +
>    Print (L"EFI System Partition list:\n");
>=20
>    gBS->LocateHandleBuffer (
> @@ -421,7 +426,13 @@ GetUpdateFileSystem (
>    EFI_BOOT_MANAGER_LOAD_OPTION    NewOption;
>=20
>    MappedDevicePath =3D NULL;
> +  BootOptionBuffer =3D NULL;
> +
>    ShellProtocol =3D GetShellProtocol ();
> +  if (ShellProtocol =3D=3D NULL) {
> +    Print (L"Get Shell Protocol Fail\n");;
> +    return EFI_NOT_FOUND;
> +  }
>=20
>    //
>    // 1. If Fs is not assigned and there are capsule provisioned before,
> @@ -468,7 +479,9 @@ GetUpdateFileSystem (
>    // 2. Get EFI system partition form boot options.
>    //
>    BootOptionBuffer =3D EfiBootManagerGetLoadOptions (&BootOptionCount, L=
oadOptionTypeBoot);
> -  if (BootOptionCount =3D=3D 0 && Map =3D=3D NULL) {
> +  if ( (BootOptionBuffer =3D=3D NULL) ||
> +       (BootOptionCount =3D=3D 0 && Map =3D=3D NULL)
> +     ) {
>      return EFI_NOT_FOUND;
>    }
>=20
> --
> 2.16.2.windows.1
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel