Re: [PATCH v1 3/7] FmpDevicePkg/FmpDependencyLib: Handle version string overflow

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "michael.kubacki@outlook.com" <michael.kubacki@outlook.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "Gao, Liming" <liming.gao@intel.com>
Subject: Re: [PATCH v1 3/7] FmpDevicePkg/FmpDependencyLib: Handle version string overflow
Date: Wed, 5 Aug 2020 16:13:02 +0000	[thread overview]
Message-ID: <MN2PR11MB4461309C994AFAF9F70DA948D24B0@MN2PR11MB4461.namprd11.prod.outlook.com> (raw)
In-Reply-To: <MWHPR07MB34409633E74ABDCED3DD5786E94E0@MWHPR07MB3440.namprd07.prod.outlook.com>

Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

> -----Original Message-----
> From: michael.kubacki@outlook.com
> <michael.kubacki@outlook.com>
> Sent: Thursday, July 30, 2020 8:15 PM
> To: devel@edk2.groups.io
> Cc: Gao, Liming <liming.gao@intel.com>; Kinney, Michael
> D <michael.d.kinney@intel.com>
> Subject: [PATCH v1 3/7] FmpDevicePkg/FmpDependencyLib:
> Handle version string overflow
> 
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> This change recognizes the condition of the DEPEX
> version string
> extending beyond the end of the dependency expression as
> an error.
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Michael Kubacki
> <michael.kubacki@microsoft.com>
> ---
> 
> Notes:
>     This is particularly helpful for the user to isolate
> the issue
>     when stepping through the control flow as this case
> will be the
>     last executed before jumping to the Error label to
> return from
>     the function.
> 
> 
> FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
> | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git
> a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> index ba89eb22d9f0..5ef25d2415cf 100644
> ---
> a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> +++
> b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> @@ -286,6 +286,7 @@ EvaluateDependency (
>        Iterator += AsciiStrnLenS ((CHAR8 *) Iterator,
> DependenciesSize - (Iterator - Dependencies-
> >Dependencies));
>        if (Iterator == (UINT8 *) Dependencies-
> >Dependencies + DependenciesSize) {
>          DEBUG ((DEBUG_ERROR, "EvaluateDependency:
> STRING extends beyond end of dependency
> expression!\n"));
> +        goto Error;
>        }
>        break;
>      case EFI_FMP_DEP_AND:
> --
> 2.27.0.windows.1

next prev parent reply	other threads:[~2020-08-05 16:13 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20200731031448.1103-1-michael.kubacki@outlook.com>
2020-07-31  3:14 ` [PATCH v1 1/7] FmpDevicePkg/FmpDependencyLib: Correct ValidateDependency() documentation Michael Kubacki
2020-08-05 16:19   ` Michael D Kinney
2020-07-31  3:14 ` [PATCH v1 2/7] FmpDevicePkg/FmpDependencyLib: Fix "exression" typo Michael Kubacki
2020-08-05 16:08   ` Michael D Kinney
2020-07-31  3:14 ` [PATCH v1 3/7] FmpDevicePkg/FmpDependencyLib: Handle version string overflow Michael Kubacki
2020-08-05 16:13   ` Michael D Kinney [this message]
2020-07-31  3:14 ` [PATCH v1 4/7] FmpDevicePkg/FmpDependencyCheckLib: Return unsatisfied on handle failure Michael Kubacki
2020-08-05 16:16   ` Michael D Kinney
2020-07-31  3:14 ` [PATCH v1 5/7] FmpDevicePkg/FmpDxe: Better warn of potential ImageTypeId misconfig Michael Kubacki
2020-08-05 16:17   ` Michael D Kinney
2020-07-31  3:14 ` [PATCH v1 6/7] FmpDevicePkg/FmpDxe: Indicate ESRT GUID on invalid ImageIdName Michael Kubacki
2020-08-05 16:17   ` [edk2-devel] " Michael D Kinney
2020-07-31  3:14 ` [PATCH v1 7/7] FmpDevicePkg/FmpDxe: Improve function parameter validation Michael Kubacki
2020-08-05 16:51   ` Michael D Kinney
2020-08-05 20:42     ` Michael Kubacki
2020-08-05 23:30       ` Michael D Kinney
2020-08-06  0:30         ` [edk2-devel] " Michael Kubacki
2020-08-06 16:06           ` Michael D Kinney
2020-08-06 18:22             ` Michael Kubacki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MN2PR11MB4461309C994AFAF9F70DA948D24B0@MN2PR11MB4461.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox