From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.65; helo=mga03.intel.com; envelope-from=eric.dong@intel.com; receiver=edk2-devel@lists.01.org Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5D7C9202E614F for ; Sun, 15 Oct 2017 22:00:54 -0700 (PDT) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Oct 2017 22:04:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,385,1503385200"; d="scan'208";a="910273024" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by FMSMGA003.fm.intel.com with ESMTP; 15 Oct 2017 22:04:27 -0700 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 15 Oct 2017 22:04:27 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 15 Oct 2017 22:04:27 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.175]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.218]) with mapi id 14.03.0319.002; Mon, 16 Oct 2017 13:04:25 +0800 From: "Dong, Eric" To: "Bi, Dandan" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [edk2] [patch] Security/OpalHii.c: Handle NULL Request or Request with no elements Thread-Index: AQHTRjAbRA0xkuzE20mXKAMZwXwvS6Ll6/vQ Date: Mon, 16 Oct 2017 05:04:24 +0000 Message-ID: References: <1508125028-85644-1-git-send-email-dandan.bi@intel.com> In-Reply-To: <1508125028-85644-1-git-send-email-dandan.bi@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [patch] Security/OpalHii.c: Handle NULL Request or Request with no elements X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 05:00:55 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Eric Dong > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Dandan Bi > Sent: Monday, October 16, 2017 11:37 AM > To: edk2-devel@lists.01.org > Cc: Dong, Eric ; Zhang, Chao B > > Subject: [edk2] [patch] Security/OpalHii.c: Handle NULL Request or Reques= t > with no elements >=20 > According to UEFI spec, for the ExtractConfig function in > EFI_HII_CONFIG_ACCESS_PROTOCOL,If a NULL is passed in for the Request > field or if a ConfigHdr is passed in with no request elements, all of the > settings being abstracted by this function will be returned in the Result= s field. >=20 > The implementation of ExtractConfig function in OpalHii.c misses to handl= e > above cases.This patch is to do the enhancements. >=20 > Cc: Chao Zhang > Cc: Eric Dong > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Dandan Bi > --- > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 46 > +++++++++++++++++++++++++- > 1 file changed, 45 insertions(+), 1 deletion(-) >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > index 4881e72..e3bde42 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > @@ -1278,10 +1278,16 @@ ExtractConfig( > EFI_STRING *Progress, > EFI_STRING *Results > ) > { > EFI_STATUS Status; > + EFI_STRING ConfigRequest; > + EFI_STRING ConfigRequestHdr; > + UINTN BufferSize; > + UINTN Size; > + BOOLEAN AllocatedRequest; > + EFI_HANDLE DriverHandle; >=20 > // > // Check for valid parameters > // > if (Progress =3D=3D NULL || Results =3D=3D NULL) { @@ -1292,22 +1298,6= 0 @@ > ExtractConfig( > if ((Request !=3D NULL) && > !HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, > OpalPasswordStorageName)) { > return EFI_NOT_FOUND; > } >=20 > + AllocatedRequest =3D FALSE; > + BufferSize =3D sizeof (OPAL_HII_CONFIGURATION); ConfigRequest =3D > + Request; if ((Request =3D=3D NULL) || (StrStr (Request, L"OFFSET") =3D= =3D > + NULL)) { > + // > + // Request has no request element, construct full request string. > + // Allocate and fill a buffer large enough to hold the > template > + // followed by "&OFFSET=3D0&WIDTH=3DWWWWWWWWWWWWWWWW" > followed by a Null-terminator > + // > + DriverHandle =3D HiiGetDriverImageHandleCB(); > + ConfigRequestHdr =3D HiiConstructConfigHdr (&gHiiSetupVariableGuid, > OpalPasswordStorageName, DriverHandle); > + Size =3D (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); > + ConfigRequest =3D AllocateZeroPool (Size); > + if (ConfigRequest =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + AllocatedRequest =3D TRUE; > + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=3D0&WIDTH=3D%016LX", > ConfigRequestHdr, (UINT64)BufferSize); > + FreePool (ConfigRequestHdr); > + } > + > // > // Convert Buffer Data to by helper function BlockToConfi= g( ) > // > Status =3D gHiiConfigRouting->BlockToConfig( > gHiiConfigRouting, > - Request, > + ConfigRequest, > (UINT8*)&gHiiConfiguration, > sizeof(OPAL_HII_CONFIGURATION), > Results, > Progress > ); >=20 > + // > + // Free the allocated config request string. > + // > + if (AllocatedRequest) { > + FreePool (ConfigRequest); > + ConfigRequest =3D NULL; > + } > + > + // > + // Set Progress string to the original request string. > + // > + if (Request =3D=3D NULL) { > + *Progress =3D NULL; > + } else if (StrStr (Request, L"OFFSET") =3D=3D NULL) { > + *Progress =3D Request + StrLen (Request); } > + > return (Status); > } >=20 >=20 > /** > -- > 1.9.5.msysgit.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel