From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sebastian.witt@siemens.com>
Received: from gecko.sbs.de (gecko.sbs.de [194.138.37.40])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B257281EE6
 for <edk2-devel@lists.01.org>; Tue, 24 Jan 2017 05:14:03 -0800 (PST)
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
 by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id v0ODE1Kn026330
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <edk2-devel@lists.01.org>; Tue, 24 Jan 2017 14:14:01 +0100
Received: from DEFTHW99ERNMSX.ww902.siemens.net
 (defthw99ernmsx.ww902.siemens.net [139.22.70.141])
 by mail2.sbs.de (8.15.2/8.15.2) with ESMTPS id v0ODE1hM032327
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
 for <edk2-devel@lists.01.org>; Tue, 24 Jan 2017 14:14:01 +0100
Received: from DENBGAT9ERQMSX.ww902.siemens.net (139.22.70.196) by
 DEFTHW99ERNMSX.ww902.siemens.net (139.22.70.141) with Microsoft SMTP Server
 (TLS) id 14.3.339.0; Tue, 24 Jan 2017 14:14:00 +0100
Received: from DEFTHW99EK3MSX.ww902.siemens.net ([169.254.4.42]) by
 DENBGAT9ERQMSX.ww902.siemens.net ([139.22.70.196]) with mapi id
 14.03.0339.000; Tue, 24 Jan 2017 14:14:00 +0100
From: "Witt, Sebastian" <sebastian.witt@siemens.com>
To: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Thread-Topic: [PATCH] Fix edit on screens with more than 200 columns
Thread-Index: AdJ2ODiu1mdD8bRPQUiM1SL7j7EOggACzgCQ
Date: Tue, 24 Jan 2017 13:13:59 +0000
Message-ID: <5964EF557D87964BB107B86316EE26D21E0F4BB8@DEFTHW99EK3MSX.ww902.siemens.net>
Accept-Language: de-DE, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [139.22.70.10]
MIME-Version: 1.0
Subject: [PATCH] Fix edit on screens with more than 200 columns
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2017 13:14:04 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

If the shell edit command is used on a screen with more than
200 columns, we get a buffer overflow. This increases the default buffer si=
ze to 400 columns and allocates a pool when this is not enough.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>

---
 .../UefiShellDebug1CommandsLib.c                          | 15 +++++++++++=
+++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1Com=
mandsLib.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1Com=
mandsLib.c
index 6ebf002..d81dd01 100644
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLi=
b.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLi=
b.c
@@ -302,12 +302,21 @@ EditorClearLine (
   IN UINTN LastRow
   )
 {
-  CHAR16 Line[200];
+  CHAR16 Buffer[400];
+  CHAR16 *Line =3D Buffer;
=20
   if (Row =3D=3D 0) {
     Row =3D 1;
   }
=20
+  // If there are more columns than our buffer can contain, allocate new b=
uffer
+  if (LastCol >=3D (sizeof (Buffer) / sizeof (CHAR16))) {
+    Line =3D AllocateZeroPool (LastCol*(sizeof(CHAR16) + 1));
+    if (Line =3D=3D NULL) {
+      return;
+    }
+  }
+ =20
   //
   // prepare a blank line
   //
@@ -326,6 +335,10 @@ EditorClearLine (
   // print out the blank line
   //
   ShellPrintEx (0, ((INT32)Row) - 1, Line);
+ =20
+  // Free if allocated
+  if (Line !=3D Buffer)
+    FreePool (Line);
 }
=20
 /**
--=20
2.1.4

With best regards,
Sebastian Witt

Siemens AG
Digital Factory Division
Factory Automation
Automation Products and Systems
DF FA AS DH KHE 1
Oestliche Rheinbrueckenstr. 50
76187 Karlsruhe, Germany
Tel.: +49 721 595-5326
mailto:sebastian.witt@siemens.com

www.siemens.com/ingenuityforlife

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Crom=
me; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Off=
icer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Rus=
swurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Comm=
ercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE=
-Reg.-No. DE 23691322