From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.2635.1593743450567315456 for ; Thu, 02 Jul 2020 19:30:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=XvauEHc5; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: zhiguang.liu@intel.com) IronPort-SDR: D9veTYrnwYRqeWT2s769fCQy++rikqAbp+lbx36bImUTMRgoRwg8haTi4StzeEYNGEdvjtbrwk jdOEfYPzoaXg== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="212097351" X-IronPort-AV: E=Sophos;i="5.75,306,1589266800"; d="scan'208";a="212097351" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jul 2020 19:30:49 -0700 IronPort-SDR: lyWQfddZOdTatmadHI3+a4ncdQVwsfmKCUtWo/n8JGEWPXp+UCRWXn07r2j1vSSTmGyb5W3LY1 Irg//fZFL4FQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,306,1589266800"; d="scan'208";a="314324398" Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133]) by fmsmga002.fm.intel.com with ESMTP; 02 Jul 2020 19:30:48 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 2 Jul 2020 19:30:48 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 2 Jul 2020 19:30:48 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Thu, 2 Jul 2020 19:30:48 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.36.54) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 2 Jul 2020 19:30:45 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sgym+d1Wo6IjECWEOUz/ElVB+Zzk9NhZgfLnzilPnRuMhfCC8r7Zd8+zdugR+apr/Kqt5F2cPV1OOGUoFSbzN9Ys7tr2qH14XT7biPj2JBk/h303c2TZh6R7qeb6idjd4r2wjeJLhVB8WrSFUlBW4ljz3tphfLIIHuuf5jQztdplm2P+Y6PGueDCYVFiEFH5DiJP60vOc78b758IOw0IDKGSRo3js83RsC2TSzFWAhcIibZ+kVeqAdTIoILfoRHwva7w6umaj0g/hSLlofTT0NvPh68YuE0jXvvmIpsnJCbpo+QeHCA3BnW3HYtQXFhlXYilo3v+LmzNXhXO6gFoHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xUc3GcjGdiklrh5POjSssIPHxF8AEhggbwpkJ99CqA0=; b=gLr6VLZVRfz7YlkBJ0CJSFPH0+ejWgStADSuSQnX9/sepgRt9AHaSk7+O12Y1/AUCOzMvyhzzRILpcxn4Xh0LEX7BLVFGWOXD5NoTyViv8TuICa/x16UZSkeiV0U5EW4TFniGMCOakdnRRlZU0OAaSathSwq81XHDGdnKi+EK36twZgJTkyktj0xZw596hqZdA/cCJQTPNLnioXqJ8L2ZDDSvQdH8XkQKIT0zm5W9g2hL4KvUtmWTmytnW8KcqZ6hrjJPFDBWFELxbcrgA2iP5Xt5bdsFelFAi6QsRYRkbD+U1s+/19WStw7CPgRnt5WTbKODW0MVs4xVvNW4kBWOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xUc3GcjGdiklrh5POjSssIPHxF8AEhggbwpkJ99CqA0=; b=XvauEHc51+EkCTNsztJK0cHGXXQLzG6D93TCRX4+2F6u/QTk4DfePjeHA1FSGizUPQXbmeWx9W86MmWZkl4yrgK9hjQ0Edm4aU8nzMaoKHjAeZMH+duu1XEsX4EI8AmVLtvbIpArWOOEAmF7FZIdrUTLC0bKO1mPSwz403Yf2kc= Received: from CY4PR11MB1687.namprd11.prod.outlook.com (2603:10b6:903:2e::11) by CY4PR11MB1365.namprd11.prod.outlook.com (2603:10b6:903:22::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.27; Fri, 3 Jul 2020 02:30:44 +0000 Received: from CY4PR11MB1687.namprd11.prod.outlook.com ([fe80::1490:81c1:9ca1:df58]) by CY4PR11MB1687.namprd11.prod.outlook.com ([fe80::1490:81c1:9ca1:df58%9]) with mapi id 15.20.3153.027; Fri, 3 Jul 2020 02:30:44 +0000 From: "Zhiguang Liu" To: "devel@edk2.groups.io" , "vladimir.olovyannikov@broadcom.com" CC: "Kinney, Michael D" , "Gao, Liming" Subject: Re: [edk2-devel] [PATCH v2 1/1] MdePkg : UefiFileHandleLib: fix buffer overrun in FileHandleReadLine() Thread-Topic: [edk2-devel] [PATCH v2 1/1] MdePkg : UefiFileHandleLib: fix buffer overrun in FileHandleReadLine() Thread-Index: AQHWUBj1wuLDnQaaKkK0HvSYb2BOJqj1I4YA Date: Fri, 3 Jul 2020 02:30:44 +0000 Message-ID: References: <20200702023113.10517-1-vladimir.olovyannikov@broadcom.com> In-Reply-To: <20200702023113.10517-1-vladimir.olovyannikov@broadcom.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.102.204.38] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 81b1739f-a568-446d-68a3-08d81ef9164d x-ms-traffictypediagnostic: CY4PR11MB1365: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3968; x-forefront-prvs: 045315E1EE x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: M1hoTA3jqngZ05tIINliK+D5dV4FCpa9JUSnMSX+JDasAIEz5uCFJBfnb+PQ9tD5cEHnHexSRaczPBqUNgzOBiDBopTl8kcBoZwvKxEKJd9f1sm8OQ+IPm4Ou1jEYtBLVtb9UPJfzJ7764KlY1GWzduqmLZYdllIdejUV/dFdrrIfEgj1bWnInO1voGG0Ig/faOKYS6owq5Zom3PvgIasJ918qBYJfbxh1TLVA/+88GNM0Mlj9JDeND6kJy8JtWw8YwZOwk2QqSyxwTfzfDhEa55/ZfpP7h5Ld9GOwr4DsxuIJnMXTBuFitkF2em8PoLsrA5QLNHXQNyVucyyA4igTlePTw5COGXgpXySXyFeiyAInSdNjqp+AH8tazcgGqjNlNE4/OFeyX9m47tfy2HFg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1687.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(136003)(366004)(376002)(39860400002)(346002)(107886003)(83380400001)(86362001)(5660300002)(2906002)(66476007)(8936002)(8676002)(66946007)(76116006)(66556008)(64756008)(66446008)(966005)(478600001)(7696005)(186003)(26005)(6506007)(53546011)(54906003)(4326008)(110136005)(55016002)(52536014)(71200400001)(9686003)(33656002)(316002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 7tXu7aHpZoBnS0ZHWusjeGtQp3QNi87mUQAg+8pURJ/Ual5ct4i2b159RFnqOG0FK/PLvZqshMp+l2aVCBACirCN+AAoYeV9nVCT6KB2jppy3ujukGuJHx6k6b7B+Pdvt0rMXcszL0D/ukVqRlsWcych/yE0lOQ06MLoSFjH5WdW4fgwqTCmpmSY2OYxI91XWsdQULhsvz5NiOb5uQ0SKaLALDoHl/4aH+aHi/BW3rgI2BS9HvMuNO6CE+gcNBSew5eNqyvmo1iOieXq1TfSAmGFrkrXul6ZT8mZXjRdTyW6YaLLCW4fu9mQ6+cvrYcpAYxYVE+3cjlMlR4q4hMIVEc6uVrP3vaypXbt8KV/Gf8XULFTIMiGGC1v7Z8LNslft2mQnBkvx5VbDPNO9PJazvJqMv1IyWAjF+6vdOOrH9oiMqz+Un9vSEst2njW6gRmI8Gs7R5utnY3NY+WXy6AramK3xLmhgJ/KgVyDeqkMQjb8vDteYjHg7UrKQgn+2XK MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1687.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 81b1739f-a568-446d-68a3-08d81ef9164d X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2020 02:30:44.1227 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 7G/a76zUMJ31NFadfTWWhnhoFi9v5AitjJFoRagJpeJCn9/0WbNmkEfJXH03ykjsjsvymMzgE74IhDgBCQgRRg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1365 Return-Path: zhiguang.liu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Zhiguang Liu > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Vladimir > Olovyannikov via groups.io > Sent: Thursday, July 2, 2020 10:31 AM > To: devel@edk2.groups.io > Cc: Vladimir Olovyannikov ; Kinney, > Michael D ; Gao, Liming > ; Liu, Zhiguang > Subject: [edk2-devel] [PATCH v2 1/1] MdePkg : UefiFileHandleLib: fix buff= er > overrun in FileHandleReadLine() >=20 > If the size of the supplied buffer in FileHandleReadLine(), module > UefiFileHandleLib.c, was not 0, but was not enough to fit in > the line, the size is increased, and then the Buffer of the new > size is zeroed. This size is always larger than the supplied buffer size, > causing supplied buffer overrun. Fix the issue by using the > supplied buffer size in ZeroMem(). >=20 > Signed-off-by: Vladimir Olovyannikov > > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > --- > MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c > b/MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c > index 28e28e5f67d5..ab34e6ccd5f4 100644 > --- a/MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c > +++ b/MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.c > @@ -969,6 +969,7 @@ FileHandleReadLine( > UINTN CharSize; >=20 > UINTN CountSoFar; >=20 > UINTN CrCount; >=20 > + UINTN OldSize; >=20 > UINT64 OriginalFilePosition; >=20 >=20 >=20 > if (Handle =3D=3D NULL >=20 > @@ -1039,10 +1040,11 @@ FileHandleReadLine( > // if we ran out of space tell when... >=20 > // >=20 > if ((CountSoFar+1-CrCount)*sizeof(CHAR16) > *Size){ >=20 > + OldSize =3D *Size; >=20 > *Size =3D (CountSoFar+1-CrCount)*sizeof(CHAR16); >=20 > if (!Truncate) { >=20 > - if (Buffer !=3D NULL && *Size !=3D 0) { >=20 > - ZeroMem(Buffer, *Size); >=20 > + if (Buffer !=3D NULL && OldSize !=3D 0) { >=20 > + ZeroMem(Buffer, OldSize); >=20 > } >=20 > FileHandleSetPosition(Handle, OriginalFilePosition); >=20 > return (EFI_BUFFER_TOO_SMALL); >=20 > -- > 2.26.2.266.ge870325ee8 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. >=20 > View/Reply Online (#61938): https://edk2.groups.io/g/devel/message/61938 > Mute This Topic: https://groups.io/mt/75251007/1779286 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [zhiguang.liu@intel.com] > -=3D-=3D-=3D-=3D-=3D-=3D