From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id CD92AD813EC for ; Mon, 4 Dec 2023 16:44:55 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=pBAremdvHxMnsoBT0XY3krrb2QNiEAMy3oFoK1hIXgU=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1701708294; v=1; b=tdIKitQMgPwRqN97ct9V7GJvFkKakW0Uyhl7OHXcbSdi0E7Hro4iXlWdLGMZvS3UnBrVIgcW R0I5C/j3rDPgeQBMAaeo9s7KFpM/q1/M5mKAdQQlLKyZw4FzRuRFwY3dBQMWy3D1oItZm1l2OMh 85I3cIInAmk9yKokkQCz9a+E= X-Received: by 127.0.0.2 with SMTP id MW9hYY7687511xyYp7vYpjlN; Mon, 04 Dec 2023 08:44:54 -0800 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.70]) by mx.groups.io with SMTP id smtpd.web10.74436.1701708293444007653 for ; Mon, 04 Dec 2023 08:44:53 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FwMhf3XkEz/2h2H2SDmAPLazATzh4eyggVHOAas3cCqr7rXjxfvZiNnXT8B7INSGRhWGksQrxD8U4EpUC/9ta16hILJtQUXZ7AMvQRnIuVfE+Il7h7jLXsaI8HeuKDzb0EHyTTmu+MvP+ny87yX368C+4Q8840/tdw181xf/8nzTQX1git7bp1Pd7oHmUTun74hWfVWJpo4XkELs6btwOZ3JKwri2FZ6ZSpqoAtcrW+9RJmKGNhiErDkIh7n6+z1UyA2ZiTfcbyCsw0Z9WsqYQ3e4nxGqPXvTpSjdyJvlSEBuxv8ZULPb7dYtteKZki0fwIbWUd9XSYOHGZgnVh++A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TelqJHD7kueOItpLutuTWaXP04coyBuVtrwSD2Hvguk=; b=DVJDKgiOAqeNEnZY+KAF7maaL+8iNbMfesVqKDnBcCeh9eCWnU46PFyIFScFB0EeahHQnTLM0feza9gb+V8rlG69sqkJNjo+6c3M1bi5wUrr67gWd7MquX/oPrbE6XdqbqkwsKFY3v7CRTh0+LG9qgXW4wdVeGbRN06Fxh1ntXrazjLOC1tMlpKmq2ywihi7GTr6WRV6PGuXtnvmRJS5PUmh0BBtd9797vCqoHkbE0hHouKZ2vjsmG2xmhrx7pu+xBLN/OmsOkMeXkF8ibx7h1uzzq2kvFeQOlQrLfqnsxbYmEUaH+RtSbQRAC0jIJmGHxFSyyCNqrxEhdh1d2JYew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ami.com; dmarc=pass action=none header.from=ami.com; dkim=pass header.d=ami.com; arc=none X-Received: from BLAPR10MB5185.namprd10.prod.outlook.com (2603:10b6:208:328::16) by DM4PR10MB5918.namprd10.prod.outlook.com (2603:10b6:8:ab::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7046.34; Mon, 4 Dec 2023 16:44:47 +0000 X-Received: from BLAPR10MB5185.namprd10.prod.outlook.com ([fe80::9dc0:d4e1:1d40:3e33]) by BLAPR10MB5185.namprd10.prod.outlook.com ([fe80::9dc0:d4e1:1d40:3e33%5]) with mapi id 15.20.7046.034; Mon, 4 Dec 2023 16:44:47 +0000 From: "Igor Kulchytskyy via groups.io" To: Nickle Wang , "devel@edk2.groups.io" CC: Abner Chang , Nick Ramirez Subject: Re: [edk2-devel] [edk2-redfish-client][PATCH v2] RedfishClientPkg/RedfishFeatureUtilityLib: validate string array Thread-Topic: [EXTERNAL] [edk2-redfish-client][PATCH v2] RedfishClientPkg/RedfishFeatureUtilityLib: validate string array Thread-Index: AQHaJpYA68QuvE5tgEmJ0y68ot33dbCZR7Dw Date: Mon, 4 Dec 2023 16:44:47 +0000 Message-ID: References: <20231204094044.23207-1-nicklew@nvidia.com> In-Reply-To: <20231204094044.23207-1-nicklew@nvidia.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BLAPR10MB5185:EE_|DM4PR10MB5918:EE_ x-ms-office365-filtering-correlation-id: 08da9e83-beb9-4cb2-56c5-08dbf4e85396 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: Dep0VJPWtFY+TCiuXuCweYtqYMausfFY9GiOBRC57LrotKjhyKHi/82wKrutrpM8aBG0GjxESKsEjViPY2dWXcUc5jOwFfJh2kpEpSN6Mu8KUp3XZCfyFHnyl3Xkm1WjRc0PlO8LhxmNEbrRGJVbKG9+8V0iRoChtwX0S0JzSD9Lc/s/MsEcVYuCDw9dUR28hwinYP1UmF9VKOMPLCUmCpbPJSFaKcqfnHAz7tw1MFVpxJR59qJjSgNttPUWp3Eb8B2Q0kRUPhd4slBdj7lg392UZDFiiYwgeMjGVbLdcSQXvmivnh1LX9iDgPhFZnl6HIdwfBD929KvRKVDSwTfRqHVWagYncl3G9KS7bwvdBJ1oOmJhsf1HzXJJ+0ngQzGuVVZagZBjXzsm9NMfFclVGlKaaxOaKiIOxrux6n873ZTrrYof/NjGez08btheAEHmnao5r/TSYIbwFrTCXVs3Tff9dKzQgJJWYELNGcyB0SXsS7tdLfuDDn7Bg+dUTMh3VXI6MXTLHmBE7rShXkw40kF2VSSF4xI+zBhimNEYYjSU4vh+bDAAahY1n8bP3ZWwxzJal7qHpxE19BdEYq5WczCIZM9dyrrfllqcJNB6kGtMuhqu5ts1fZGa3PsckriTS9oOPs4/m6iRanZgemXDKiZaFr7sTbQUE8W17ZjHX0= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?5g1DOIVWf+lhXLTHJNcLVSl6SpuSRIl49jVzAKmx0Az5Q4UnWzO+B77//xyb?= =?us-ascii?Q?LoJuMyF+oAvaT7EVpZunRIZDUZbfonpNwykcPrvVAV1FKzSwR63Pwg9L7w1K?= =?us-ascii?Q?SO+keQDDlC0q/j/vcZumEeb4KgKUx8W8QfCJuBX3dlMyxMFEzvhtTvyN8MT2?= =?us-ascii?Q?rgz1rQfgSkhrmfrFEVf+PdWOUlCDvQ9eiGlwnPoBDVV1FSaiN4jSvjVXpxdS?= =?us-ascii?Q?qYAHWtgVj4TAh/290Vumvaq0akbDkBYY01dCSYJJsqKLroDud6YgKqrURgeY?= =?us-ascii?Q?HlDvYYXfC3itHyu43LfvIoT0bpgugDxJOU1poezn+4ZDrAoVuXN7C4O6lVw6?= =?us-ascii?Q?SGscI53IBorXjPnLgkvFse40ehZauabxq5C2gAMPoaLeK+MqXWoZfpjftvy+?= =?us-ascii?Q?TufI3zSnVPnbZzaRnpYgc/bNg8FvhpRJWvK5SyYYW+wfCEcSMHkL8EFLRZcs?= =?us-ascii?Q?iz08jGVdfL/l1N82xE+MQgg6EranwOK9ez+mq9aBs9EU7+ia2mJyHtdHdW6p?= =?us-ascii?Q?gfaiuw/VoDxGnjib9Rdr9n0QSMMDHPt/7uuujWYZKJ0eox5Tce5AXY7+p9Im?= =?us-ascii?Q?UP75AIa8kmuXGpld26WywXP7fhCeklNrPe2iG2p61WTn6CJztUT8wHpVQQjM?= =?us-ascii?Q?/bhuSn0CxOAaAcwxYg1/9tLl8jUo2gtR+W/EiW/SnXQV2aKtubZgoR+NPbx5?= =?us-ascii?Q?2efk9D6jkw8FCP/pZF8ZfKWdyQ74DCLB+b8NEdoXGVOzxL20OJOxTPCewAn2?= =?us-ascii?Q?boSt1p6g1rquBpYU5nLTIEg07YLfuRoQzJU1tOLnWk2JbAmSznEE1c/UOn8r?= =?us-ascii?Q?Sv6fKKf9aDA2ajdqPb23l5/U/6zCWImw45ECVLinjri4tWv3kiDhUIGwqIJa?= =?us-ascii?Q?mJ+Yy36c6iWVIhANYAUd+X3Yp1c47EB5/8LKsVXV3tM2jEzcNm2qkje5qtnJ?= =?us-ascii?Q?ufasN1R9VB2vquI3q7Bl178Yoiz8bkqcErsIuEzepMOrIkbAAp6Z6/ulbMlp?= =?us-ascii?Q?bQ0t55fsz8KYxaYKurENnEzT18X+5xqKJa2J61id66Zt3QxopZN8OXfF5Aa2?= =?us-ascii?Q?/Anbbd/WTvQDnEvkbZVuh15o1n9pX8WVJHzNbp8065+TEhYShk7ca4Fs2PBd?= =?us-ascii?Q?85957mhk6IyrXCEQS/Y3W2cCPGTHUE6+7RhXi4TfITnRluVpOWpCGX1HsKl9?= =?us-ascii?Q?SYlr4Lx+Y0frlCYKt7m5B0mvxCizm2Vsc/6Xrt2B7Csb8jcc7jCxMK37zSx3?= =?us-ascii?Q?Mfx6WMFHxAMGHxgyctzEs2+zrZ9CBpvLleTtOK33kmY8NNWORiSgdVqv+iqt?= =?us-ascii?Q?1bl7gbQQwtcDBtDwhlDGYchsj4kmuBEsKEAL2uCHsUNLG6qf9pZJbMA3x5u1?= =?us-ascii?Q?9qmaBgCtSbpQpt2qdG7lGw5R2RqDLR0iAs+2T+tHb2wqhCwsnVkReTBgBhZW?= =?us-ascii?Q?GNQk/eLww5+RCyMG7lRv9oVopqbLtM3ZreM/++GPq22D3NUkPruojSxZU0Xn?= =?us-ascii?Q?mbmfm42KK4VF7I763OmIIT3kYkHj7xbDLM1z1+07+QEm/rXkiP70qRuzOR99?= =?us-ascii?Q?qXIPfem8PXyvE4qjoXI=3D?= MIME-Version: 1.0 X-OriginatorOrg: ami.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BLAPR10MB5185.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 08da9e83-beb9-4cb2-56c5-08dbf4e85396 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2023 16:44:47.4657 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 27e97857-e15f-486c-b58e-86c2b3040f93 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2tMB2J+7iBi0NeQVyUHRIsRrLtgBK2jX1RW9OJ7Y5IGCgvuynbt9oXu2nfRsWnN5 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR10MB5918 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,igork@ami.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: c872VsH9GnkXSnxuMWP9iPNlx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=tdIKitQM; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=none; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Reviewed-by: Igor Kulchytskyy Regards, Igor -----Original Message----- From: Nickle Wang Sent: Monday, December 4, 2023 4:41 AM To: devel@edk2.groups.io Cc: Abner Chang ; Igor Kulchytskyy ; Ni= ck Ramirez Subject: [EXTERNAL] [edk2-redfish-client][PATCH v2] RedfishClientPkg/Redfis= hFeatureUtilityLib: validate string array **CAUTION: The e-mail below is from an external source. Please exercise cau= tion before opening attachments, clicking links, or following guidance.** Add function ValidateRedfishStringArrayValues to validate Redfish request for string array type. There is case that user request invalid string array and feature driver can not find corresponding HII option. Signed-off-by: Nickle Wang Cc: Abner Chang Cc: Igor Kulchytskyy Cc: Nick Ramirez --- .../Library/RedfishFeatureUtilityLib.h | 28 +++ .../RedfishFeatureUtilityLib.c | 187 ++++++++++++++---- 2 files changed, 172 insertions(+), 43 deletions(-) diff --git a/RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h b/= RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h index 6347585c..24f0ad24 100644 --- a/RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h +++ b/RedfishClientPkg/Include/Library/RedfishFeatureUtilityLib.h @@ -990,4 +990,32 @@ GetPendingSettings ( OUT EFI_STRING *SettingUri ); +/** + This function goes through Head and StringArray to check below: + 1) Check and see if value in Redfish string array can be found in HII + configuration string array. This is to see if there is any invalid + values from Redfish. + 2) Check and see if size of Head is the same as ArraySize. + 3) Check and see if value in Redfish string array are all the same as th= e one + from HII configuration. + + @param[in] Head The head of string array. + @param[in] StringArray Input string array. + @param[in] ArraySize The size of StringArray. + @param[out] ValueChanged TRUE when The order of Head is not the same as= the order of StringArray. + FALSE when Head and StringArray are identical. + + @retval EFI_INVALID_PARAMETER Input parameter is NULL or ArraySize is = 0. + @retval EFI_NOT_FOUND The element in Head cannot be found in S= tringArray. This is invalid request. + @retval EFI_BAD_BUFFER_SIZE The size of Head is not the same as the = size of StringArray. This is invalid request. + +**/ +EFI_STATUS +ValidateRedfishStringArrayValues ( + IN RedfishCS_char_Array *Head, + IN CHAR8 **StringArray, + IN UINTN ArraySize, + OUT BOOLEAN *ValueChanged + ); + #endif diff --git a/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishFeatu= reUtilityLib.c b/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishF= eatureUtilityLib.c index 6652539c..07033488 100644 --- a/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishFeatureUtili= tyLib.c +++ b/RedfishClientPkg/Library/RedfishFeatureUtilityLib/RedfishFeatureUtili= tyLib.c @@ -866,6 +866,7 @@ ApplyFeatureSettingsStringArrayType ( EDKII_REDFISH_VALUE RedfishValue; UINTN Index; RedfishCS_char_Array *Buffer; + BOOLEAN ValueChanged; if (IS_EMPTY_STRING (Schema) || IS_EMPTY_STRING (Version) || IS_EMPTY_ST= RING (ConfigureLang) || (ArrayHead =3D=3D NULL)) { return EFI_INVALID_PARAMETER; @@ -886,61 +887,69 @@ ApplyFeatureSettingsStringArrayType ( } // - // If there is no change in array, do nothing + // Validate input string array from BMC to see: + // 1) String array from BMC is valid or not. + // 2) If there is no change in array, do nothing. // - if (!CompareRedfishStringArrayValues (ArrayHead, RedfishValue.Value.Stri= ngArray, RedfishValue.ArrayCount)) { - // - // Apply settings from redfish - // - DEBUG ((DEBUG_MANAGEABILITY, "%a: %a.%a apply %s for array\n", __func_= _, Schema, Version, ConfigureLang)); - FreeArrayTypeRedfishValue (&RedfishValue); - - // - // Convert array from RedfishCS_char_Array to EDKII_REDFISH_VALUE - // - RedfishValue.ArrayCount =3D 0; - Buffer =3D ArrayHead; - while (Buffer !=3D NULL) { - RedfishValue.ArrayCount +=3D 1; - Buffer =3D Buffer->Next; - } + Status =3D ValidateRedfishStringArrayValues (ArrayHead, RedfishValue.Val= ue.StringArray, RedfishValue.ArrayCount, &ValueChanged); + if (!EFI_ERROR (Status)) { + if (ValueChanged) { + // + // Apply settings from redfish + // + DEBUG ((DEBUG_MANAGEABILITY, "%a: %a.%a apply %s for array\n", __fun= c__, Schema, Version, ConfigureLang)); + FreeArrayTypeRedfishValue (&RedfishValue); - // - // Allocate pool for new values - // - RedfishValue.Value.StringArray =3D AllocatePool (RedfishValue.ArrayCou= nt *sizeof (CHAR8 *)); - if (RedfishValue.Value.StringArray =3D=3D NULL) { - ASSERT (FALSE); - return EFI_OUT_OF_RESOURCES; - } + // + // Convert array from RedfishCS_char_Array to EDKII_REDFISH_VALUE + // + RedfishValue.ArrayCount =3D 0; + Buffer =3D ArrayHead; + while (Buffer !=3D NULL) { + RedfishValue.ArrayCount +=3D 1; + Buffer =3D Buffer->Next; + } - Buffer =3D ArrayHead; - Index =3D 0; - while (Buffer !=3D NULL) { - RedfishValue.Value.StringArray[Index] =3D AllocateCopyPool (AsciiStr= Size (Buffer->ArrayValue), Buffer->ArrayValue); - if (RedfishValue.Value.StringArray[Index] =3D=3D NULL) { + // + // Allocate pool for new values + // + RedfishValue.Value.StringArray =3D AllocatePool (RedfishValue.ArrayC= ount *sizeof (CHAR8 *)); + if (RedfishValue.Value.StringArray =3D=3D NULL) { ASSERT (FALSE); - FreePool (RedfishValue.Value.StringArray); return EFI_OUT_OF_RESOURCES; } - Buffer =3D Buffer->Next; - Index++; - } + Buffer =3D ArrayHead; + Index =3D 0; + while (Buffer !=3D NULL) { + RedfishValue.Value.StringArray[Index] =3D AllocateCopyPool (AsciiS= trSize (Buffer->ArrayValue), Buffer->ArrayValue); + if (RedfishValue.Value.StringArray[Index] =3D=3D NULL) { + ASSERT (FALSE); + FreePool (RedfishValue.Value.StringArray); + return EFI_OUT_OF_RESOURCES; + } - ASSERT (Index <=3D RedfishValue.ArrayCount); + Buffer =3D Buffer->Next; + Index++; + } - Status =3D RedfishPlatformConfigSetValue (Schema, Version, ConfigureLa= ng, RedfishValue); - if (!EFI_ERROR (Status)) { - // - // Configuration changed. Enable system reboot flag. - // - REDFISH_ENABLE_SYSTEM_REBOOT (); + ASSERT (Index <=3D RedfishValue.ArrayCount); + + Status =3D RedfishPlatformConfigSetValue (Schema, Version, Configure= Lang, RedfishValue); + if (!EFI_ERROR (Status)) { + // + // Configuration changed. Enable system reboot flag. + // + REDFISH_ENABLE_SYSTEM_REBOOT (); + } else { + DEBUG ((DEBUG_ERROR, "%a: apply %s array failed: %r\n", __func__, = ConfigureLang, Status)); + } } else { - DEBUG ((DEBUG_ERROR, "%a: apply %s array failed: %r\n", __func__, Co= nfigureLang, Status)); + DEBUG ((DEBUG_ERROR, "%a: %a.%a %s array value has no change\n", __f= unc__, Schema, Version, ConfigureLang)); } } else { - DEBUG ((DEBUG_ERROR, "%a: %a.%a %s array value has no change\n", __fun= c__, Schema, Version, ConfigureLang)); + DEBUG ((DEBUG_ERROR, "%a: %a.%a %s array value has invalid element, sk= ip!\n", __func__, Schema, Version, ConfigureLang)); + Status =3D EFI_DEVICE_ERROR; } for (Index =3D 0; Index < RedfishValue.ArrayCount; Index++) { @@ -3817,6 +3826,98 @@ CompareRedfishPropertyVagueValues ( return TRUE; } +/** + This function goes through Head and StringArray to check below: + 1) Check and see if value in Redfish string array can be found in HII + configuration string array. This is to see if there is any invalid + values from Redfish. + 2) Check and see if size of Head is the same as ArraySize. + 3) Check and see if value in Redfish string array are all the same as th= e one + from HII configuration. + + @param[in] Head The head of string array. + @param[in] StringArray Input string array. + @param[in] ArraySize The size of StringArray. + @param[out] ValueChanged TRUE when The order of Head is not the same as= the order of StringArray. + FALSE when Head and StringArray are identical. + + @retval EFI_INVALID_PARAMETER Input parameter is NULL or ArraySize is = 0. + @retval EFI_NOT_FOUND The element in Head cannot be found in S= tringArray. This is invalid request. + @retval EFI_BAD_BUFFER_SIZE The size of Head is not the same as the = size of StringArray. This is invalid request. + +**/ +EFI_STATUS +ValidateRedfishStringArrayValues ( + IN RedfishCS_char_Array *Head, + IN CHAR8 **StringArray, + IN UINTN ArraySize, + OUT BOOLEAN *ValueChanged + ) +{ + UINTN Index; + UINTN ArrayIndex; + UINTN FirstMismatch; + RedfishCS_char_Array *CharArrayBuffer; + + if ((Head =3D=3D NULL) || (StringArray =3D=3D NULL) || (ArraySize =3D=3D= 0) || (ValueChanged =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + *ValueChanged =3D FALSE; + CharArrayBuffer =3D Head; + Index =3D 0; + FirstMismatch =3D 0; + while (CharArrayBuffer !=3D NULL) { + // + // If the size of Head is bigger than StringArray, we still like to kn= ow how many + // element in Head. So we have this check to prevent buffer overflow. + // + if (Index < ArraySize) { + // + // Check to see if CharArrayBuffer and StringArray are identical at = same position. + // + if (AsciiStrCmp (StringArray[Index], CharArrayBuffer->ArrayValue) != =3D 0) { + if (*ValueChanged =3D=3D FALSE) { + *ValueChanged =3D TRUE; + FirstMismatch =3D Index; + } + + // + // CharArrayBuffer is not the same as the StringArray at Index. So= the + // value is changed. But we still have to go through StringArray t= o see + // if CharArrayBuffer can be found in StringArray or not. If not, = Head + // is invalid input from BMC. + // + for (ArrayIndex =3D FirstMismatch; ArrayIndex < ArraySize; ArraySi= ze++) { + if (AsciiStrCmp (StringArray[ArrayIndex], CharArrayBuffer->Array= Value) =3D=3D 0) { + break; + } + } + + if (ArrayIndex =3D=3D ArraySize) { + DEBUG ((DEBUG_ERROR, "%a: input string: %a is not found in HII s= tring list\n", __func__, CharArrayBuffer->ArrayValue)); + return EFI_NOT_FOUND; + } + } + } + + Index++; + CharArrayBuffer =3D CharArrayBuffer->Next; + } + + // + // Check to see if the number of string from Redfish equals to the + // number of string returned by HII. HII only accepts the same + // number of string array due to the design or HII ordered list. + // + if (Index !=3D ArraySize) { + DEBUG ((DEBUG_ERROR, "%a: input string size: %d is not the same as HII= string list size: %d\n", __func__, Index, ArraySize)); + return EFI_BAD_BUFFER_SIZE; + } + + return EFI_SUCCESS; +} + /** Install Boot Maintenance Manager Menu driver. -- 2.17.1 -The information contained in this message may be confidential and propriet= ary to American Megatrends (AMI). This communication is intended to be read= only by the individual or entity to whom it is addressed or by their desig= nee. If the reader of this message is not the intended recipient, you are o= n notice that any distribution of this message, in any form, is strictly pr= ohibited. Please promptly notify the sender by reply e-mail or by telephone= at 770-246-8600, and then delete or destroy all copies of the transmission= . -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112047): https://edk2.groups.io/g/devel/message/112047 Mute This Topic: https://groups.io/mt/102967620/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-