From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9D9CE223FCF48 for ; Thu, 15 Mar 2018 06:59:46 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 07:06:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,311,1517904000"; d="scan'208";a="25518751" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga008.jf.intel.com with ESMTP; 15 Mar 2018 07:06:10 -0700 Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 15 Mar 2018 07:06:09 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 15 Mar 2018 07:06:09 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.80]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.166]) with mapi id 14.03.0319.002; Thu, 15 Mar 2018 22:06:07 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Dong, Eric" , "Zhang, Chao B" Thread-Topic: [PATCH V2] SecurityPkg OpalPasswordDxe:Fix wrong BufferSize input to UnicodeSPrint Thread-Index: AQHTvCHiC8pDXIzK20ecWqV0vcgbRKPRVThA Date: Thu, 15 Mar 2018 14:06:06 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AB0009E@shsmsx102.ccr.corp.intel.com> References: <1521093174-105584-1-git-send-email-star.zeng@intel.com> In-Reply-To: <1521093174-105584-1-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMjg0OWMxN2EtMTdiZS00MTNlLTlkZTQtYWUwNjNiYzcyMTY3IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJxWWVBTDRIQ1dHQW4zN2JVMk45YVlBSDluNHA4SjM0Y2FnQkhxb2lRYjRcL3dqOUNqSVl6VjBuYlFLZUpkaWVDeCJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH V2] SecurityPkg OpalPasswordDxe:Fix wrong BufferSize input to UnicodeSPrint X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 13:59:47 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Thursday, March 15, 2018 1:53 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Dong, Eric ; Zhang, Chao B > Subject: [PATCH V2] SecurityPkg OpalPasswordDxe:Fix wrong BufferSize inpu= t to > UnicodeSPrint >=20 > Current code uses string length as BufferSize input to UnicodeSPrint, > it is wrong and makes the pop up string trimmed. The BufferSize input > to UnicodeSPrint should be the size, in bytes, of the output buffer. >=20 > This is to use sizeof (mPopUpString) as the BufferSize input to > UnicodeSPrint, it also updates array size of mPopUpString from 256 to > 100 that is enough, otherwise the pop up string may be too long. >=20 > Cc: Jiewen Yao > Cc: Eric Dong > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Star Zeng > --- > SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 15 +++++---------- > 1 file changed, 5 insertions(+), 10 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > index 1b55bbe4ecb8..6344deb86750 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > @@ -27,7 +27,7 @@ EFI_GUID mOpalDeviceNvmeGuid =3D > OPAL_DEVICE_NVME_GUID; > BOOLEAN mOpalEndOfDxe =3D FALSE; > OPAL_REQUEST_VARIABLE *mOpalRequestVariable =3D NULL; > UINTN mOpalRequestVariableSize =3D 0; > -CHAR16 mPopUpString[256]; > +CHAR16 mPopUpString[100]; >=20 > typedef struct { > UINT32 Address; > @@ -908,9 +908,9 @@ OpalDriverPopUpPasswordInput ( > } >=20 > /** > - Check if disk is locked, show popup window and ask for password if it = is. > + Get pop up string. >=20 > - @param[in] Dev The device which need to be unlocked. > + @param[in] Dev The OPAL device. > @param[in] RequestString Request string. >=20 > **/ > @@ -920,15 +920,10 @@ OpalGetPopUpString ( > IN CHAR16 *RequestString > ) > { > - UINTN StrLength; > - > - StrLength =3D StrLen (RequestString) + 1 + MAX (StrLen (Dev->Name16), = StrLen > (L"Disk")); > - ASSERT (StrLength < sizeof (mPopUpString) / sizeof (CHAR16)); > - > if (Dev->Name16 =3D=3D NULL) { > - UnicodeSPrint (mPopUpString, StrLength + 1, L"%s Disk", RequestStrin= g); > + UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s Disk", > RequestString); > } else { > - UnicodeSPrint (mPopUpString, StrLength + 1, L"%s %s", RequestString, > Dev->Name16); > + UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s %s", > RequestString, Dev->Name16); > } >=20 > return mPopUpString; > -- > 2.7.0.windows.1