public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH] ShellPkg: add array index check for shell delay option
@ 2019-02-18  8:28 Zhichao Gao
  2019-02-19 15:27 ` Carsey, Jaben
  2019-02-20 14:27 ` Gao, Liming
  0 siblings, 2 replies; 3+ messages in thread
From: Zhichao Gao @ 2019-02-18  8:28 UTC (permalink / raw)
  To: edk2-devel; +Cc: Liming Gao, Ray Ni

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1528

Shell delay option without parameters do not check the
index of shell parameter argv. Add index check to avoid
invalid pointer references.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>

Cc: Liming Gao <liming.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
---
 ShellPkg/Application/Shell/Shell.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ShellPkg/Application/Shell/Shell.c b/ShellPkg/Application/Shell/Shell.c
index 104f4c8961..ec344137d3 100644
--- a/ShellPkg/Application/Shell/Shell.c
+++ b/ShellPkg/Application/Shell/Shell.c
@@ -1,7 +1,7 @@
 /** @file
   This is THE shell (application)
 
-  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
   (C) Copyright 2013-2014 Hewlett-Packard Development Company, L.P.<BR>
   Copyright 2015-2018 Dell Technologies.<BR>
   This program and the accompanying materials
@@ -1002,7 +1002,11 @@ ProcessCommandLine(
                                  ) == 0) {
       ShellInfoObject.ShellInitSettings.BitUnion.Bits.Delay        = TRUE;
       // Check for optional delay value following "-delay"
-      DelayValueStr = gEfiShellParametersProtocol->Argv[LoopVar + 1];
+      if ((LoopVar + 1) >= gEfiShellParametersProtocol->Argc) {
+        DelayValueStr = NULL;
+      } else {
+        DelayValueStr = gEfiShellParametersProtocol->Argv[LoopVar + 1];
+      }
       if (DelayValueStr != NULL){
         if (*DelayValueStr == L':') {
           DelayValueStr++;
-- 
2.16.2.windows.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] ShellPkg: add array index check for shell delay option
  2019-02-18  8:28 [PATCH] ShellPkg: add array index check for shell delay option Zhichao Gao
@ 2019-02-19 15:27 ` Carsey, Jaben
  2019-02-20 14:27 ` Gao, Liming
  1 sibling, 0 replies; 3+ messages in thread
From: Carsey, Jaben @ 2019-02-19 15:27 UTC (permalink / raw)
  To: Gao, Zhichao, edk2-devel@lists.01.org; +Cc: Gao, Liming

Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Zhichao Gao
> Sent: Monday, February 18, 2019 12:28 AM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>
> Subject: [edk2] [PATCH] ShellPkg: add array index check for shell delay
> option
> Importance: High
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1528
> 
> Shell delay option without parameters do not check the
> index of shell parameter argv. Add index check to avoid
> invalid pointer references.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
>  ShellPkg/Application/Shell/Shell.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/ShellPkg/Application/Shell/Shell.c
> b/ShellPkg/Application/Shell/Shell.c
> index 104f4c8961..ec344137d3 100644
> --- a/ShellPkg/Application/Shell/Shell.c
> +++ b/ShellPkg/Application/Shell/Shell.c
> @@ -1,7 +1,7 @@
>  /** @file
>    This is THE shell (application)
> 
> -  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
>    (C) Copyright 2013-2014 Hewlett-Packard Development Company, L.P.<BR>
>    Copyright 2015-2018 Dell Technologies.<BR>
>    This program and the accompanying materials
> @@ -1002,7 +1002,11 @@ ProcessCommandLine(
>                                   ) == 0) {
>        ShellInfoObject.ShellInitSettings.BitUnion.Bits.Delay        = TRUE;
>        // Check for optional delay value following "-delay"
> -      DelayValueStr = gEfiShellParametersProtocol->Argv[LoopVar + 1];
> +      if ((LoopVar + 1) >= gEfiShellParametersProtocol->Argc) {
> +        DelayValueStr = NULL;
> +      } else {
> +        DelayValueStr = gEfiShellParametersProtocol->Argv[LoopVar + 1];
> +      }
>        if (DelayValueStr != NULL){
>          if (*DelayValueStr == L':') {
>            DelayValueStr++;
> --
> 2.16.2.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] ShellPkg: add array index check for shell delay option
  2019-02-18  8:28 [PATCH] ShellPkg: add array index check for shell delay option Zhichao Gao
  2019-02-19 15:27 ` Carsey, Jaben
@ 2019-02-20 14:27 ` Gao, Liming
  1 sibling, 0 replies; 3+ messages in thread
From: Gao, Liming @ 2019-02-20 14:27 UTC (permalink / raw)
  To: Gao, Zhichao, edk2-devel@lists.01.org

Reviewed-by: Liming Gao <liming.gao@intel.com>

> -----Original Message-----
> From: Gao, Zhichao
> Sent: Monday, February 18, 2019 4:28 PM
> To: edk2-devel@lists.01.org
> Cc: Gao, Liming <liming.gao@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: [PATCH] ShellPkg: add array index check for shell delay option
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1528
> 
> Shell delay option without parameters do not check the
> index of shell parameter argv. Add index check to avoid
> invalid pointer references.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
>  ShellPkg/Application/Shell/Shell.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/ShellPkg/Application/Shell/Shell.c b/ShellPkg/Application/Shell/Shell.c
> index 104f4c8961..ec344137d3 100644
> --- a/ShellPkg/Application/Shell/Shell.c
> +++ b/ShellPkg/Application/Shell/Shell.c
> @@ -1,7 +1,7 @@
>  /** @file
>    This is THE shell (application)
> 
> -  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
>    (C) Copyright 2013-2014 Hewlett-Packard Development Company, L.P.<BR>
>    Copyright 2015-2018 Dell Technologies.<BR>
>    This program and the accompanying materials
> @@ -1002,7 +1002,11 @@ ProcessCommandLine(
>                                   ) == 0) {
>        ShellInfoObject.ShellInitSettings.BitUnion.Bits.Delay        = TRUE;
>        // Check for optional delay value following "-delay"
> -      DelayValueStr = gEfiShellParametersProtocol->Argv[LoopVar + 1];
> +      if ((LoopVar + 1) >= gEfiShellParametersProtocol->Argc) {
> +        DelayValueStr = NULL;
> +      } else {
> +        DelayValueStr = gEfiShellParametersProtocol->Argv[LoopVar + 1];
> +      }
>        if (DelayValueStr != NULL){
>          if (*DelayValueStr == L':') {
>            DelayValueStr++;
> --
> 2.16.2.windows.1



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-02-20 14:27 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-18  8:28 [PATCH] ShellPkg: add array index check for shell delay option Zhichao Gao
2019-02-19 15:27 ` Carsey, Jaben
2019-02-20 14:27 ` Gao, Liming

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox