From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 6DC4F81F1B
 for <edk2-devel@lists.01.org>; Thu, 17 Nov 2016 00:46:16 -0800 (PST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga105.fm.intel.com with ESMTP; 17 Nov 2016 00:46:21 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,504,1473145200"; d="scan'208";a="1060572656"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
 by orsmga001.jf.intel.com with ESMTP; 17 Nov 2016 00:46:21 -0800
Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 17 Nov 2016 00:46:20 -0800
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 17 Nov 2016 00:46:20 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.239]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.96]) with mapi id 14.03.0248.002;
 Thu, 17 Nov 2016 16:46:18 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Dong, Eric" <eric.dong@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Tian, Feng" <feng.tian@intel.com>
Thread-Topic: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
Thread-Index: AQHSP9D9KIjvJKmLV02O4j75Sf6h96Dc3m2g
Date: Thu, 17 Nov 2016 08:46:16 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386D66C1@shsmsx102.ccr.corp.intel.com>
References: <1479276930-31360-1-git-send-email-eric.dong@intel.com>
 <1479276930-31360-2-git-send-email-eric.dong@intel.com>
In-Reply-To: <1479276930-31360-2-git-send-email-eric.dong@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 08:46:16 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: jiewen.yao@intel.com

> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, November 16, 2016 2:15 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer.
>=20
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> ---
>  SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c |  1 +
>  SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c    | 17
> +++++++++++++----
>  2 files changed, 14 insertions(+), 4 deletions(-)
>=20
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> index 718d49e..0a32ee2 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
> @@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword (
>    }
>=20
>    UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1);
> +  ZeroMem (Unicode, sizeof (Unicode));
>=20
>    return Ascii;
>  }
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> index 5e3106a..5937ce2 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
> @@ -694,6 +694,8 @@ HiiPsidRevert(
>      Ret =3D OpalSupportPsidRevert(&Session, Psid.Psid,
> (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath);
>    }
>=20
> +  ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH);
> +
>    if (Ret =3D=3D TcgResultSuccess) {
>      AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert:
> Success" );
>    } else {
> @@ -1099,8 +1101,8 @@ HiiPasswordEntered(
>    EFI_STRING_ID            Str
>    )
>  {
> -  OPAL_DISK*                    OpalDisk;
> -  CHAR8
> Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
> +  OPAL_DISK*                   OpalDisk;
> +  CHAR8
> Password[MAX_PASSWORD_CHARACTER_LENGTH + 1];
>    CHAR16*                      UniStr;
>    UINT32                       PassLength;
>    EFI_STATUS                   Status;
> @@ -1124,15 +1126,20 @@ HiiPasswordEntered(
>    if (UniStr =3D=3D NULL) {
>      return EFI_NOT_FOUND;
>    }
> +
> +  HiiSetString(gHiiPackageListHandle, Str, L"", NULL);
> +
>    PassLength =3D (UINT32) StrLen (UniStr);
>    if (PassLength >=3D sizeof(Password)) {
>      HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password
> too long");
> -    gBS->FreePool(UniStr);
> +    ZeroMem (UniStr, StrSize (UniStr));
> +    FreePool(UniStr);
>      return EFI_BUFFER_TOO_SMALL;
>    }
>=20
>    UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password));
> -  gBS->FreePool(UniStr);
> +  ZeroMem (UniStr, StrSize (UniStr));
> +  FreePool(UniStr);
>=20
>    if (gHiiConfiguration.SelectedAction =3D=3D HII_KEY_ID_GOTO_UNLOCK) {
>      Status =3D HiiUnlock (OpalDisk, Password, PassLength);
> @@ -1154,6 +1161,8 @@ HiiPasswordEntered(
>      Status =3D HiiSetPassword(OpalDisk, Password, PassLength);
>    }
>=20
> +  ZeroMem (Password, sizeof (Password));
> +
>    OpalHiiSetBrowserData ();
>=20
>    return Status;
> --
> 2.6.4.windows.1