From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6DC4F81F1B for ; Thu, 17 Nov 2016 00:46:16 -0800 (PST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP; 17 Nov 2016 00:46:21 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,504,1473145200"; d="scan'208";a="1060572656" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga001.jf.intel.com with ESMTP; 17 Nov 2016 00:46:21 -0800 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 17 Nov 2016 00:46:20 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 17 Nov 2016 00:46:20 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.239]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.96]) with mapi id 14.03.0248.002; Thu, 17 Nov 2016 16:46:18 +0800 From: "Yao, Jiewen" To: "Dong, Eric" , "edk2-devel@lists.01.org" CC: "Tian, Feng" Thread-Topic: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer. Thread-Index: AQHSP9D9KIjvJKmLV02O4j75Sf6h96Dc3m2g Date: Thu, 17 Nov 2016 08:46:16 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386D66C1@shsmsx102.ccr.corp.intel.com> References: <1479276930-31360-1-git-send-email-eric.dong@intel.com> <1479276930-31360-2-git-send-email-eric.dong@intel.com> In-Reply-To: <1479276930-31360-2-git-send-email-eric.dong@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2016 08:46:16 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: jiewen.yao@intel.com > -----Original Message----- > From: Dong, Eric > Sent: Wednesday, November 16, 2016 2:15 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; Yao, Jiewen > Subject: [Patch 1/2] SecurityPkg OpalPasswordDxe: Clean password buffer. >=20 > Cc: Feng Tian > Cc: Jiewen Yao > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Eric Dong > --- > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 1 + > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 17 > +++++++++++++---- > 2 files changed, 14 insertions(+), 4 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > index 718d49e..0a32ee2 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > @@ -240,6 +240,7 @@ OpalDriverPopUpHddPassword ( > } >=20 > UnicodeStrToAsciiStrS (Unicode, Ascii, MAX_PASSWORD_SIZE + 1); > + ZeroMem (Unicode, sizeof (Unicode)); >=20 > return Ascii; > } > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > index 5e3106a..5937ce2 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > @@ -694,6 +694,8 @@ HiiPsidRevert( > Ret =3D OpalSupportPsidRevert(&Session, Psid.Psid, > (UINT32)sizeof(Psid.Psid), OpalDisk->OpalDevicePath); > } >=20 > + ZeroMem (Psid.Psid, PSID_CHARACTER_LENGTH); > + > if (Ret =3D=3D TcgResultSuccess) { > AsciiSPrint( Response, DEFAULT_RESPONSE_SIZE, "%a", "PSID Revert: > Success" ); > } else { > @@ -1099,8 +1101,8 @@ HiiPasswordEntered( > EFI_STRING_ID Str > ) > { > - OPAL_DISK* OpalDisk; > - CHAR8 > Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; > + OPAL_DISK* OpalDisk; > + CHAR8 > Password[MAX_PASSWORD_CHARACTER_LENGTH + 1]; > CHAR16* UniStr; > UINT32 PassLength; > EFI_STATUS Status; > @@ -1124,15 +1126,20 @@ HiiPasswordEntered( > if (UniStr =3D=3D NULL) { > return EFI_NOT_FOUND; > } > + > + HiiSetString(gHiiPackageListHandle, Str, L"", NULL); > + > PassLength =3D (UINT32) StrLen (UniStr); > if (PassLength >=3D sizeof(Password)) { > HiiSetFormString(STRING_TOKEN(STR_ACTION_STATUS), "Password > too long"); > - gBS->FreePool(UniStr); > + ZeroMem (UniStr, StrSize (UniStr)); > + FreePool(UniStr); > return EFI_BUFFER_TOO_SMALL; > } >=20 > UnicodeStrToAsciiStrS (UniStr, Password, sizeof (Password)); > - gBS->FreePool(UniStr); > + ZeroMem (UniStr, StrSize (UniStr)); > + FreePool(UniStr); >=20 > if (gHiiConfiguration.SelectedAction =3D=3D HII_KEY_ID_GOTO_UNLOCK) { > Status =3D HiiUnlock (OpalDisk, Password, PassLength); > @@ -1154,6 +1161,8 @@ HiiPasswordEntered( > Status =3D HiiSetPassword(OpalDisk, Password, PassLength); > } >=20 > + ZeroMem (Password, sizeof (Password)); > + > OpalHiiSetBrowserData (); >=20 > return Status; > -- > 2.6.4.windows.1