From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"rebecca@nuviainc.com" <rebecca@nuviainc.com>,
Daryl McDaniel <edk2-lists@mc2research.org>,
"Carsey, Jaben" <jaben.carsey@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [edk2-libc PATCH 1/1] Update LibC to use safe string functions
Date: Fri, 13 Aug 2021 02:16:27 +0000 [thread overview]
Message-ID: <CO1PR11MB49296465E0D1386611727C4FD2FA9@CO1PR11MB4929.namprd11.prod.outlook.com> (raw)
In-Reply-To: <CO1PR11MB49293299D195AF3D665CC68DD2FA9@CO1PR11MB4929.namprd11.prod.outlook.com>
Pushed 66dd218b89c6cf84b439618338c563274ed0ae4c
Mike
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Thursday, August 12, 2021 7:10 PM
> To: devel@edk2.groups.io; rebecca@nuviainc.com; Daryl McDaniel <edk2-lists@mc2research.org>; Carsey, Jaben
> <jaben.carsey@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>
> Subject: RE: [edk2-devel] [edk2-libc PATCH 1/1] Update LibC to use safe string functions
>
> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
>
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Rebecca Cran
> > Sent: Monday, June 7, 2021 9:22 AM
> > To: devel@edk2.groups.io; Daryl McDaniel <edk2-lists@mc2research.org>; Carsey, Jaben <jaben.carsey@intel.com>
> > Cc: Rebecca Cran <rebecca@nuviainc.com>
> > Subject: [edk2-devel] [edk2-libc PATCH 1/1] Update LibC to use safe string functions
> >
> > The insecure string functions such as StrCpy were removed a while ago,
> > breaking the StdLib build. Migrate StdLib/LibC to the safe string
> > versions.
> >
> > Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> > ---
> > StdLib/LibC/StdLib/Environs.c | 11 ++++++-----
> > StdLib/LibC/StdLib/realpath.c | 5 +++--
> > StdLib/LibC/String/Concatenation.c | 7 +++++--
> > StdLib/LibC/String/Copying.c | 7 +++++--
> > StdLib/LibC/Uefi/Devices/Utility/Path.c | 3 ++-
> > StdLib/LibC/Uefi/SysCalls.c | 5 +++--
> > StdLib/LibC/Wchar/Concatenation.c | 6 ++++--
> > StdLib/LibC/Wchar/Copying.c | 4 ++--
> > 8 files changed, 30 insertions(+), 18 deletions(-)
> >
> > diff --git a/StdLib/LibC/StdLib/Environs.c b/StdLib/LibC/StdLib/Environs.c
> > index a29cb9954cf9..ad56629554df 100644
> > --- a/StdLib/LibC/StdLib/Environs.c
> > +++ b/StdLib/LibC/StdLib/Environs.c
> > @@ -151,7 +151,7 @@ system(const char *string)
> > if( string == NULL) {
> > return 1;
> > }
> > - (void)AsciiStrToUnicodeStr( string, gMD->UString);
> > + (void)AsciiStrToUnicodeStrS (string, gMD->UString, UNICODE_STRING_MAX);
> > OpStat = ShellExecute( &MyHandle, gMD->UString, FALSE, NULL, &CmdStat);
> > if(OpStat == RETURN_SUCCESS) {
> > EFIerrno = CmdStat;
> > @@ -177,10 +177,11 @@ char *getenv(const char *name)
> > const CHAR16 *EfiEnv;
> > char *retval = NULL;
> >
> > - (void)AsciiStrToUnicodeStr( name, gMD->UString);
> > + (void)AsciiStrToUnicodeStrS (name, gMD->UString, UNICODE_STRING_MAX);
> > EfiEnv = ShellGetEnvironmentVariable(gMD->UString);
> > if(EfiEnv != NULL) {
> > - retval = UnicodeStrToAsciiStr( EfiEnv, gMD->ASgetenv);
> > + (void)UnicodeStrToAsciiStrS (EfiEnv, gMD->ASgetenv, UNICODE_STRING_MAX);
> > + retval = gMD->ASgetenv;
> > }
> >
> > return retval;
> > @@ -238,8 +239,8 @@ setenv (
> > //
> > // Convert the strings
> > //
> > - AsciiStrToUnicodeStr ( name, UName );
> > - AsciiStrToUnicodeStr ( value, UValue );
> > + AsciiStrToUnicodeStrS (name, UName, UNICODE_STRING_MAX);
> > + AsciiStrToUnicodeStrS (value, UValue, UNICODE_STRING_MAX);
> >
> > //
> > // Determine if the string is already present
> > diff --git a/StdLib/LibC/StdLib/realpath.c b/StdLib/LibC/StdLib/realpath.c
> > index 6d75f17a394d..a8ff1e9d5b1d 100644
> > --- a/StdLib/LibC/StdLib/realpath.c
> > +++ b/StdLib/LibC/StdLib/realpath.c
> > @@ -14,6 +14,7 @@
> > #include <Library/BaseLib.h>
> > #include <Library/MemoryAllocationLib.h>
> > #include <errno.h>
> > +#include <limits.h>
> >
> > /** The realpath() function shall derive, from the pathname pointed to by
> > file_name, an absolute pathname that names the same file, whose resolution
> > @@ -47,8 +48,8 @@ realpath(
> > errno = ENOMEM;
> > return (NULL);
> > }
> > - AsciiStrToUnicodeStr(file_name, Temp);
> > + AsciiStrToUnicodeStrS (file_name, Temp, UNICODE_STRING_MAX);
> > PathCleanUpDirectories(Temp);
> > - UnicodeStrToAsciiStr(Temp, resolved_name);
> > + UnicodeStrToAsciiStrS (Temp, resolved_name, UNICODE_STRING_MAX);
> > return (resolved_name);
> > }
> > diff --git a/StdLib/LibC/String/Concatenation.c b/StdLib/LibC/String/Concatenation.c
> > index e76bea0bf858..f78836fbe0d6 100644
> > --- a/StdLib/LibC/String/Concatenation.c
> > +++ b/StdLib/LibC/String/Concatenation.c
> > @@ -15,6 +15,7 @@
> >
> > #include <LibConfig.h>
> >
> > +#include <limits.h>
> > #include <string.h>
> >
> > /** The strcat function appends a copy of the string pointed to by s2
> > @@ -28,7 +29,8 @@
> > char *
> > strcat(char * __restrict s1, const char * __restrict s2)
> > {
> > - return AsciiStrCat( s1, s2);
> > + AsciiStrCatS (s1, UNICODE_STRING_MAX, s2);
> > + return s1;
> > }
> >
> > /** The strncat function appends not more than n characters (a null character
> > @@ -43,7 +45,8 @@ strcat(char * __restrict s1, const char * __restrict s2)
> > char *
> > strncat(char * __restrict s1, const char * __restrict s2, size_t n)
> > {
> > - return AsciiStrnCat( s1, s2, n);
> > + AsciiStrnCatS (s1, UNICODE_STRING_MAX, s2, n);
> > + return s1;
> > }
> >
> > /** The strncatX function appends not more than n characters (a null character
> > diff --git a/StdLib/LibC/String/Copying.c b/StdLib/LibC/String/Copying.c
> > index 3234eccf0808..cc2077a5b80a 100644
> > --- a/StdLib/LibC/String/Copying.c
> > +++ b/StdLib/LibC/String/Copying.c
> > @@ -16,6 +16,7 @@
> >
> > #include <LibConfig.h>
> >
> > +#include <limits.h>
> > #include <stdlib.h>
> > #include <string.h>
> >
> > @@ -73,7 +74,8 @@ strcpy(char * __restrict s1, const char * __restrict s2)
> >
> > //while ( *s1++ = *s2++) /* Empty Body */;
> > //return(s1ret);
> > - return AsciiStrCpy( s1, s2);
> > + AsciiStrCpyS (s1, UNICODE_STRING_MAX, s2);
> > + return s1;
> > }
> >
> > /** The strncpy function copies not more than n characters (characters that
> > @@ -89,7 +91,8 @@ strcpy(char * __restrict s1, const char * __restrict s2)
> > **/
> > char *strncpy(char * __restrict s1, const char * __restrict s2, size_t n)
> > {
> > - return AsciiStrnCpy( s1, s2, n);
> > + AsciiStrnCpyS (s1, UNICODE_STRING_MAX, s2, n);
> > + return s1;
> > //char *dest = s1;
> >
> > //while(n != 0) {
> > diff --git a/StdLib/LibC/Uefi/Devices/Utility/Path.c b/StdLib/LibC/Uefi/Devices/Utility/Path.c
> > index 96392e018dac..d6728d3a647e 100644
> > --- a/StdLib/LibC/Uefi/Devices/Utility/Path.c
> > +++ b/StdLib/LibC/Uefi/Devices/Utility/Path.c
> > @@ -110,7 +110,8 @@ NormalizePath( const char *path)
> > wchar_t *NewPath;
> > size_t Length;
> >
> > - OldPath = AsciiStrToUnicodeStr(path, gMD->UString);
> > + AsciiStrToUnicodeStrS (path, gMD->UString, UNICODE_STRING_MAX);
> > + OldPath = gMD->UString;
> > Length = wcslen(OldPath) + 1;
> >
> > NewPath = calloc(Length, sizeof(wchar_t));
> > diff --git a/StdLib/LibC/Uefi/SysCalls.c b/StdLib/LibC/Uefi/SysCalls.c
> > index faa73ed7a4ee..e83b72308fbe 100644
> > --- a/StdLib/LibC/Uefi/SysCalls.c
> > +++ b/StdLib/LibC/Uefi/SysCalls.c
> > @@ -1320,7 +1320,8 @@ char
> > errno = ERANGE;
> > return (NULL);
> > }
> > - return (UnicodeStrToAsciiStr(Cwd, buf));
> > + UnicodeStrToAsciiStrS (Cwd, buf, UNICODE_STRING_MAX);
> > + return buf;
> > }
> >
> > /** Change the current working directory.
> > @@ -1358,7 +1359,7 @@ chdir (const char *path)
> > errno = ENOMEM;
> > return -1;
> > }
> > - AsciiStrToUnicodeStr(path, UnicodePath);
> > + AsciiStrToUnicodeStrS (path, UnicodePath, UNICODE_STRING_MAX);
> > Status = gEfiShellProtocol->SetCurDir(NULL, UnicodePath);
> > FreePool(UnicodePath);
> > if (EFI_ERROR(Status)) {
> > diff --git a/StdLib/LibC/Wchar/Concatenation.c b/StdLib/LibC/Wchar/Concatenation.c
> > index cf595a461f0e..7289240951aa 100644
> > --- a/StdLib/LibC/Wchar/Concatenation.c
> > +++ b/StdLib/LibC/Wchar/Concatenation.c
> > @@ -31,7 +31,8 @@
> > **/
> > wchar_t *wcscat(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> > {
> > - return (wchar_t *)StrCat( (CHAR16 *)s1, (CONST CHAR16 *)s2);
> > + StrCatS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2);
> > + return s1;
> > }
> >
> > /** The wcsncat function appends not more than n wide characters (a null wide
> > @@ -44,5 +45,6 @@ wchar_t *wcscat(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> > **/
> > wchar_t *wcsncat(wchar_t * __restrict s1, const wchar_t * __restrict s2, size_t n)
> > {
> > - return (wchar_t *)StrnCat( (CHAR16 *)s1, (CONST CHAR16 *)s2, (UINTN)n);
> > + StrnCatS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2, (UINTN)n);
> > + return s1;
> > }
> > diff --git a/StdLib/LibC/Wchar/Copying.c b/StdLib/LibC/Wchar/Copying.c
> > index 7075437965ad..848c83419ddb 100644
> > --- a/StdLib/LibC/Wchar/Copying.c
> > +++ b/StdLib/LibC/Wchar/Copying.c
> > @@ -29,7 +29,7 @@
> > **/
> > wchar_t *wcscpy(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> > {
> > - return (wchar_t *)StrCpy( (CHAR16 *)s1, (CONST CHAR16 *)s2);
> > + return (wchar_t *)StrCpyS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2);
> > }
> >
> > /** The wcsncpy function copies not more than n wide characters (those that
> > @@ -44,7 +44,7 @@ wchar_t *wcscpy(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> > **/
> > wchar_t *wcsncpy(wchar_t * __restrict s1, const wchar_t * __restrict s2, size_t n)
> > {
> > - return (wchar_t *)StrnCpy( (CHAR16 *)s1, (CONST CHAR16 *)s2, (UINTN)n);
> > + return (wchar_t *)StrnCpyS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2, (UINTN)n);
> > }
> >
> > /** The wmemcpy function copies n wide characters from the object pointed to by
> > --
> > 2.26.2
> >
> >
> >
> >
> >
next prev parent reply other threads:[~2021-08-13 2:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-07 16:21 [edk2-libc PATCH 1/1] Update LibC to use safe string functions Rebecca Cran
2021-08-13 2:10 ` [edk2-devel] " Michael D Kinney
2021-08-13 2:16 ` Michael D Kinney [this message]
2021-08-13 3:39 ` Rebecca Cran
[not found] <1686594EFA3CDA35.1617@groups.io>
2021-07-20 20:11 ` Rebecca Cran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO1PR11MB49296465E0D1386611727C4FD2FA9@CO1PR11MB4929.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox