public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wu, Hao A" <hao.a.wu@intel.com>
To: "Chen, Chen A" <chen.a.chen@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Gao, Liming" <liming.gao@intel.com>
Subject: Re: [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer dereference issue
Date: Mon, 11 Feb 2019 13:02:48 +0000	[thread overview]
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A093C895CC7@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <20190211061126.45552-1-chen.a.chen@intel.com>

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Chen
> A Chen
> Sent: Monday, February 11, 2019 2:11 PM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A; Gao, Liming
> Subject: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer
> dereference issue
> 
> To avoid potential NULL pointer dereference issue. Initialize them at
> the beginning of the function. This patch is a supplement which was missed
> at e98212cb5d59fff8f385d9179ad7f1a3ce9cf215 commit.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
> ---
>  MdeModulePkg/Application/CapsuleApp/CapsuleDump.c  | 23
> +++++++++++++---------
>  .../Application/CapsuleApp/CapsuleOnDisk.c         |  5 ++++-
>  2 files changed, 18 insertions(+), 10 deletions(-)
> 
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> index 33d2ecc582..cbbfda1424 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> @@ -1001,12 +1001,15 @@ DumpProvisionedCapsule (
>    EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Fs;
>    EFI_SHELL_PROTOCOL              *ShellProtocol;
> 
> -  ShellProtocol = GetShellProtocol ();
> -
>    Index             = 0;
>    CapsuleDataPtr64  = NULL;
>    BootNext          = NULL;
> -  ShellProtocol     = NULL;
> +
> +  ShellProtocol = GetShellProtocol ();
> +  if (ShellProtocol == NULL) {
> +    Print (L"Get Shell Protocol Fail\n");
> +    return ;
> +  }
> 
>    //
>    // Dump capsule provisioned on Memory
> @@ -1033,16 +1036,16 @@ DumpProvisionedCapsule (
>                (VOID **) &CapsuleDataPtr64,
>                NULL
>                );
> -    if (EFI_ERROR (Status)) {
> +    if (EFI_ERROR (Status) || CapsuleDataPtr64 == NULL) {
>        if (Index == 0) {
>          Print (L"No data.\n");
>        }
>        break;
> -    } else {
> -      Index++;
> -      Print (L"Capsule Description at 0x%08x\n", *CapsuleDataPtr64);
> -      DumpBlockDescriptors ((EFI_CAPSULE_BLOCK_DESCRIPTOR*) (UINTN)
> *CapsuleDataPtr64, DumpCapsuleInfo);
>      }
> +
> +    Index++;
> +    Print (L"Capsule Description at 0x%08x\n", *CapsuleDataPtr64);
> +    DumpBlockDescriptors ((EFI_CAPSULE_BLOCK_DESCRIPTOR*) (UINTN)
> *CapsuleDataPtr64, DumpCapsuleInfo);
>    }
> 
>    //
> @@ -1057,7 +1060,9 @@ DumpProvisionedCapsule (
>               (VOID **) &BootNext,
>               NULL
>              );
> -  if (!EFI_ERROR (Status)) {
> +  if (EFI_ERROR (Status) || BootNext == NULL) {
> +    Print (L"Get BootNext Variable Fail. Status = %r\n", Status);
> +  } else {
>      UnicodeSPrint (BootOptionName, sizeof (BootOptionName), L"Boot%04x",
> *BootNext);
>      Status = EfiBootManagerVariableToLoadOption (BootOptionName,
> &BootNextOptionEntry);
>      if (!EFI_ERROR (Status)) {
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> index 4faa863bca..f6e46cbdb1 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> @@ -445,7 +445,10 @@ GetUpdateFileSystem (
>                 (VOID **)&BootNextData,
>                 NULL
>                 );
> -    if (!EFI_ERROR (Status)) {
> +    if (EFI_ERROR (Status) || BootNextData == NULL) {
> +      Print (L"Get Boot Next Data Fail. Status = %r\n", Status);
> +      return EFI_NOT_FOUND;
> +    } else {

Reviewed-by: Hao Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu

>        UnicodeSPrint (BootOptionName, sizeof (BootOptionName), L"Boot%04x",
> *BootNextData);
>        Status = EfiBootManagerVariableToLoadOption (BootOptionName,
> &BootNextOption);
>        if (!EFI_ERROR (Status)) {
> --
> 2.16.2.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


  reply	other threads:[~2019-02-11 13:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-11  6:11 [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer dereference issue Chen A Chen
2019-02-11 13:02 ` Wu, Hao A [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-02-01  2:06 Chen A Chen
2019-02-02  5:21 ` Gao, Liming

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=B80AF82E9BFB8E4FBD8C89DA810C6A093C895CC7@SHSMSX104.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox