From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.136; helo=mga12.intel.com;
 envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 760EA208F60E0
 for <edk2-devel@lists.01.org>; Mon, 11 Feb 2019 05:02:52 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 11 Feb 2019 05:02:51 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,358,1544515200"; d="scan'208";a="319391732"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by fmsmga005.fm.intel.com with ESMTP; 11 Feb 2019 05:02:51 -0800
Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Mon, 11 Feb 2019 05:02:51 -0800
Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by
 fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Mon, 11 Feb 2019 05:02:51 -0800
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.102]) by
 SHSMSX107.ccr.corp.intel.com ([169.254.9.162]) with mapi id 14.03.0415.000;
 Mon, 11 Feb 2019 21:02:49 +0800
From: "Wu, Hao A" <hao.a.wu@intel.com>
To: "Chen, Chen A" <chen.a.chen@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Gao, Liming" <liming.gao@intel.com>
Thread-Topic: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL
 pointer dereference issue
Thread-Index: AQHUwdCpcOylVdmyI0St4DOXLrfZy6XakHNg
Date: Mon, 11 Feb 2019 13:02:48 +0000
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A093C895CC7@SHSMSX104.ccr.corp.intel.com>
References: <20190211061126.45552-1-chen.a.chen@intel.com>
In-Reply-To: <20190211061126.45552-1-chen.a.chen@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL pointer dereference issue
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 13:02:52 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ch=
en
> A Chen
> Sent: Monday, February 11, 2019 2:11 PM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A; Gao, Liming
> Subject: [edk2] [PATCH] MdeModulePkg/CapsuleApp: Fix potential NULL point=
er
> dereference issue
>=20
> To avoid potential NULL pointer dereference issue. Initialize them at
> the beginning of the function. This patch is a supplement which was misse=
d
> at e98212cb5d59fff8f385d9179ad7f1a3ce9cf215 commit.
>=20
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
> ---
>  MdeModulePkg/Application/CapsuleApp/CapsuleDump.c  | 23
> +++++++++++++---------
>  .../Application/CapsuleApp/CapsuleOnDisk.c         |  5 ++++-
>  2 files changed, 18 insertions(+), 10 deletions(-)
>=20
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> index 33d2ecc582..cbbfda1424 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleDump.c
> @@ -1001,12 +1001,15 @@ DumpProvisionedCapsule (
>    EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Fs;
>    EFI_SHELL_PROTOCOL              *ShellProtocol;
>=20
> -  ShellProtocol =3D GetShellProtocol ();
> -
>    Index             =3D 0;
>    CapsuleDataPtr64  =3D NULL;
>    BootNext          =3D NULL;
> -  ShellProtocol     =3D NULL;
> +
> +  ShellProtocol =3D GetShellProtocol ();
> +  if (ShellProtocol =3D=3D NULL) {
> +    Print (L"Get Shell Protocol Fail\n");
> +    return ;
> +  }
>=20
>    //
>    // Dump capsule provisioned on Memory
> @@ -1033,16 +1036,16 @@ DumpProvisionedCapsule (
>                (VOID **) &CapsuleDataPtr64,
>                NULL
>                );
> -    if (EFI_ERROR (Status)) {
> +    if (EFI_ERROR (Status) || CapsuleDataPtr64 =3D=3D NULL) {
>        if (Index =3D=3D 0) {
>          Print (L"No data.\n");
>        }
>        break;
> -    } else {
> -      Index++;
> -      Print (L"Capsule Description at 0x%08x\n", *CapsuleDataPtr64);
> -      DumpBlockDescriptors ((EFI_CAPSULE_BLOCK_DESCRIPTOR*) (UINTN)
> *CapsuleDataPtr64, DumpCapsuleInfo);
>      }
> +
> +    Index++;
> +    Print (L"Capsule Description at 0x%08x\n", *CapsuleDataPtr64);
> +    DumpBlockDescriptors ((EFI_CAPSULE_BLOCK_DESCRIPTOR*) (UINTN)
> *CapsuleDataPtr64, DumpCapsuleInfo);
>    }
>=20
>    //
> @@ -1057,7 +1060,9 @@ DumpProvisionedCapsule (
>               (VOID **) &BootNext,
>               NULL
>              );
> -  if (!EFI_ERROR (Status)) {
> +  if (EFI_ERROR (Status) || BootNext =3D=3D NULL) {
> +    Print (L"Get BootNext Variable Fail. Status =3D %r\n", Status);
> +  } else {
>      UnicodeSPrint (BootOptionName, sizeof (BootOptionName), L"Boot%04x",
> *BootNext);
>      Status =3D EfiBootManagerVariableToLoadOption (BootOptionName,
> &BootNextOptionEntry);
>      if (!EFI_ERROR (Status)) {
> diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> index 4faa863bca..f6e46cbdb1 100644
> --- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> +++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
> @@ -445,7 +445,10 @@ GetUpdateFileSystem (
>                 (VOID **)&BootNextData,
>                 NULL
>                 );
> -    if (!EFI_ERROR (Status)) {
> +    if (EFI_ERROR (Status) || BootNextData =3D=3D NULL) {
> +      Print (L"Get Boot Next Data Fail. Status =3D %r\n", Status);
> +      return EFI_NOT_FOUND;
> +    } else {

Reviewed-by: Hao Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu

>        UnicodeSPrint (BootOptionName, sizeof (BootOptionName), L"Boot%04x=
",
> *BootNextData);
>        Status =3D EfiBootManagerVariableToLoadOption (BootOptionName,
> &BootNextOption);
>        if (!EFI_ERROR (Status)) {
> --
> 2.16.2.windows.1
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel