From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.61])
 by mx.groups.io with SMTP id smtpd.web11.95250.1674792361287052997
 for <devel@edk2.groups.io>;
 Thu, 26 Jan 2023 20:06:01 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=Ask7OHk4;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.61, mailfrom: abner.chang@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=VjEYqLE6Cecj+3WnKuJBJhaAk7oEafxFri+qseRV0VkXvdK2IjfMVUFCFPdoJDpHmauKie4jyJNKWRCjxsgUFev/kAZz4fulTwzK8TM0LBpOHKukjaa7NyV+3l0ndGPVgTpbS0XU7FE+KjYNh8p0W6HtCESgdbEXKc/0jVdKMW5qz2Dxc+u6guRTCS2+klpbzGlYbU+yGcL3yikLqwdyMrtqBREB0mIELt8o6aQFf5+tHo2C6reiyVCl83agthT4XpzS0SfIF1kQihSeoHUdEQ//T8joU2DfAmwakjvjyIK0H3sIz3w44dSNFEHSL/s4Gzbh19SSOCn9G/mI3MvcyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=vZuogYKQ0i1MShv9qo3FQXdTjTRtGiHMH2NmuD6Bfrc=;
 b=jW8W6XPBNd+6VVB+eJm36aKB29Z5kcgPLphsm7hVjwORzWGZTBYxFR0u5ybaCndKMESmY5QE4TSwY3tX4+jyCpK+J9JlCTqwiXuTgljbwedifg24yaLey+81SPlPXsx8hG2O35mIdzhTVfMmMtbOn42kNcqQpz1yODPjQsKmKlwndh/YAeVuuPUlNNM0iloxiavbVnUYG9hCBsVk5kCLraWHgr1r1X3j833M5WhrWUNMpGzCrw9DQItGIaPPx/WlCDiXs9B+6yM9M04uSWuyp6Lsf7LscVbKMBmMaX1u0rhTJrUtyOThwFzQNV5kJT/BdVgnOUq6US8rdQWLm2/msg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=vZuogYKQ0i1MShv9qo3FQXdTjTRtGiHMH2NmuD6Bfrc=;
 b=Ask7OHk445k6DOhPPFzWf8OaJbGIA/hv9AfmtYybFgKGWfnRFCYvjzRA4ZMuAIJNH47B8xyonwMw/jLGPsf7smgOkzeufw7CusXz81UY+RfiAG4V8vJuggo5fihR3kjmItVinzTI0KZI9KGgiMC6pLsRB9ch80C3T3ilJJZBNGo=
Received: from MN2PR12MB3966.namprd12.prod.outlook.com (2603:10b6:208:165::18)
 by DM4PR12MB7599.namprd12.prod.outlook.com (2603:10b6:8:109::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Fri, 27 Jan
 2023 04:05:59 +0000
Received: from MN2PR12MB3966.namprd12.prod.outlook.com
 ([fe80::d606:ab63:cf3:5d36]) by MN2PR12MB3966.namprd12.prod.outlook.com
 ([fe80::d606:ab63:cf3:5d36%7]) with mapi id 15.20.6043.022; Fri, 27 Jan 2023
 04:05:59 +0000
From: "Chang, Abner" <abner.chang@amd.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "houjingyi647@gmail.com"
	<houjingyi647@gmail.com>
Subject: Re: [edk2-devel] [PATCH] RedfishPkg/RedfishLib: Avoid possible overflow in memcpy
Thread-Topic: [edk2-devel] [PATCH] RedfishPkg/RedfishLib: Avoid possible
 overflow in memcpy
Thread-Index: AQHZMN7uR+BpPrwZ8USwNepXoZi9i66xpzKg
Date: Fri, 27 Jan 2023 04:05:59 +0000
Message-ID: 
 <MN2PR12MB3966A20E511853EA1B6C4CC0EACC9@MN2PR12MB3966.namprd12.prod.outlook.com>
References: 
 <CAN1eSkuRgusN=ozdcKrxQG5UNUeWcZ1=z_wZJ93=3u+vdjrvkg@mail.gmail.com>
In-Reply-To: 
 <CAN1eSkuRgusN=ozdcKrxQG5UNUeWcZ1=z_wZJ93=3u+vdjrvkg@mail.gmail.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Enabled=true;
 MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SetDate=2023-01-27T04:05:58Z;
 MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Method=Standard;
 MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_Name=General;
 MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d;
 MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ActionId=84caf01f-1ff6-4cc7-b9ef-8403810cee18;
 MSIP_Label_4342314e-0df4-4b58-84bf-38bed6170a0f_ContentBits=1
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=amd.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR12MB3966:EE_|DM4PR12MB7599:EE_
x-ms-office365-filtering-correlation-id: aec503f6-602f-4fd4-a087-08db001bcc2a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 U6BNSr4Z6lyvWUlbsQk40jI+Na9ibwP9tEL9wX/hAkk+jqGSCc5xN34iT4PhBHzcp5MxdSTLmjVLXDn6WDJKnurIBdw1yeQCVR/1p/+Bw3dxXF7tFKR4O4EL/rIOlIxn1rpk4o+OvrNKItA4HEUs4zMoQIuwow6i4K9ACULczVaT2eD9/BEN9VN1jzDxIkPx+tuCGli3fsiGxhsn/VwDzU96yRLHdj0pTP95hpCZqHfKHal7mi8TWyxk9ZRMmR4EFU8nqt5YTOAaF7B9Dhe0jP/5ONo3Rb1vtP2mg+S8jScSOPFCzBTghhVmVX9oEY9FR60jdpY2qr90bjYqNMGjrcuyDLyqxFEbuhemEUyYKRchOvMqrcPt6toyUQT7ZfHQBT9IAO96js6bnUH0XUShFPYD3uBt1ywXz7ORSgRJj/PUGIBPCxLm5l9wM3BUwya1PUSW4sG1Cf1wcFO7gVyhtQ1c8FGR5qoa+DcBNRlA48BHWU/ThdwcXUZyBzoH3U+xHe3ebyXJBohy3C8xbUcfRcUJfnlm7Vv0yBorHm3U+F3i+yKp3T8V2GI5+N+L3yYF8jvgQfdyNDvYphZ56d3IunGAhoE+v7ex7WOuCcGGyjeV6SajDWu1+AHKNXI145NXAqtykVCaEPaQYUFUub8MkEL+C12O613VfX+S//B3/FzVCtLJJ8ZDguTm0XkCcrCHtxrcrpDoI6B7Iy9GXUgeFcbm5DFFaSCCofFFMKX3y9dP0qI/1puE3Iz3yJQIVgcOiTDiCezYsT7J+frXO4coig==
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR12MB3966.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(136003)(346002)(396003)(376002)(39860400002)(366004)(451199018)(186003)(86362001)(478600001)(55016003)(7696005)(316002)(110136005)(38100700002)(76116006)(2906002)(5660300002)(66946007)(66446008)(52536014)(33656002)(8676002)(41300700001)(64756008)(66556008)(66476007)(38070700005)(6506007)(8936002)(122000001)(71200400001)(53546011)(76236004)(166002)(26005)(83380400001)(9686003)(66899018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?us-ascii?Q?McIeU3hRFSEEnCUWVWXg5Y6uMysrl0gG3Rr9uFqgXVBj7KDlVmq2SMVTLhLV?=
 =?us-ascii?Q?wWPMA2QZOJLYx6B70xIxIr4U5MP2nGNXv1agSawjgvfdtYA7w3ZFWRRTxV8Q?=
 =?us-ascii?Q?w1uTBiS9zEpolSaTJkzG85GK1MPKjwqA6Lt9lrTYT//gsZIRMlpXt9zoL834?=
 =?us-ascii?Q?tawNliXRdTeVrc0LPK4XuuEkN4mGd0a2iu95VGx3d010voqiqJtMWKTwvkzc?=
 =?us-ascii?Q?AB4cBTu9BBRCllDCNeQpAi6YilkHqCTHAxb4Snrh1dmOzOxbHyEqZEzaDJYM?=
 =?us-ascii?Q?OzgN9UXWGNOnwbvfxbUbnvAlGH5BpKMeRo6+gE30dUoY4M9PlfuOFYuWqNMC?=
 =?us-ascii?Q?AuqTFvhl1Qx9P7F7OXNItzHlmyK5PmaklO+HZLc+d9Ax9VB5BgURh0SPXlgE?=
 =?us-ascii?Q?aTJL9mqBTIZjzNfI0ZbuTzrOJI7evnIci5woIbwetKh23gBsv1Y/EoFQaLbC?=
 =?us-ascii?Q?iD2Kd0Suw2eKbVVZYvivFSJ+WvYWYRDDvE4vFE0uJ/dl7cnhyUpSH61pu2CJ?=
 =?us-ascii?Q?PHSngkgr810n/8ZKVKNQTP8R1Si/e1NktokBc3nRe2+H7s/IoFXRQNP1ZD63?=
 =?us-ascii?Q?aIkM9NLOO0PtuXvenPKBHbLlUuk+6Mb9OTBzHVdRoMtjhCwoWmo5xDylIpUh?=
 =?us-ascii?Q?hYwQAQajlhQxv3NQVPbkJ5p0Cw9Pt7NW6ndHgy0O1/vvxSHZ49UxrY71Rfdy?=
 =?us-ascii?Q?xQaMt8fx7Z+TBkLkKY6+8ZR5XOOFvgRV3+5TRKAr8q38WkiqUWozSwKjN9mo?=
 =?us-ascii?Q?J9dAVclbnRqR9Lyvp8qiX95cE9kecRTCZsdlo/HA9XeGMgEjMCIHtBLLx+yK?=
 =?us-ascii?Q?INWNYcRH19m9lNEl10mZKIaDEtel5fUUUU1nGkztW1TLsHbpXmodxFEUgbAn?=
 =?us-ascii?Q?m8+w4FnvGOMp7nClbh7zKUfCyMX1bS38PPVvrx72H4PF9ZclHGjiiF7naLIK?=
 =?us-ascii?Q?cgRX4Ps+jPZ4MbCe0WQVaCcNc8YuCV4ZIMjYsST35qtwQ5a2sZZQvcCHWjMZ?=
 =?us-ascii?Q?yhHM4DKx54Q8M5kqD1CqLFZrESpcQPUV30IDSpzCMwubL+rawDV9W5Y9jIWL?=
 =?us-ascii?Q?fb5xGsbaZe0DQ7d4M46+efpv/A8srXpWBXNZDaLWSnilzjvnUm+eTk/o2ITf?=
 =?us-ascii?Q?Xr/vAXGl0pFSas8M60PBHqjgvN/e32oyk/jMP5NY0Wh2EqTXrX4RVbnFPykt?=
 =?us-ascii?Q?6oScg6PfEzecCOw+y8JpUUw/dSvahryX0XULGS/ns8VgBjLIwVnL0Dgi4Sih?=
 =?us-ascii?Q?V3agpafs2xfUE+mk9QI/9t+cGX1bcr4WCKglks22AuKZtiAHgQcFW45ZOV0t?=
 =?us-ascii?Q?nVerOA+tQtUcY7s8Ugb36wg4YUqN4LCbVW/e8AVb+OFLtCFijPBVH9jmxOAi?=
 =?us-ascii?Q?8jxDIUXSatNzzSXuv+4jX36WwUNE7aOr/QhaV7lb798TmagBijcP3KWuxJ9Y?=
 =?us-ascii?Q?4zikcT39tCg0EFIv5WkMp4CQCGYl5bhraWnHduXJ7MCsSTaUdmCpo1bvWSXs?=
 =?us-ascii?Q?CEX8y56fdQ9CMWT9gUeFKkuWHn76DDcorEgjmAjb0YPEVS341CNH5he9NDBd?=
 =?us-ascii?Q?OUxlqrADB7pqlt2Ctuk=3D?=
MIME-Version: 1.0
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR12MB3966.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aec503f6-602f-4fd4-a087-08db001bcc2a
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2023 04:05:59.2051
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9dtWbj9nP9u3blkMZFPb8zO46bnkigZCVIYYxMaLMdMRC7GudPH8hH8ipCbf1PB/9RZrurt42ApcrCjZ2daJ0w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7599
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_MN2PR12MB3966A20E511853EA1B6C4CC0EACC9MN2PR12MB3966namp_"

--_000_MN2PR12MB3966A20E511853EA1B6C4CC0EACC9MN2PR12MB3966namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

[AMD Official Use Only - General]

Hi houjingyi,
May I know why there are two messages with the same subject? Are these two =
identical?
Thanks
Abner
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of houjingyi vi=
a groups.io
Sent: Wednesday, January 25, 2023 10:23 PM
To: devel@edk2.groups.io
Subject: [edk2-devel] [PATCH] RedfishPkg/RedfishLib: Avoid possible overflo=
w in memcpy

Caution: This message originated from an External Source. Use proper cautio=
n when opening attachments, clicking links, or responding.

>>From 0541928e66eb01802a855bbbae125ef0b02259d6 Mon Sep 17 00:00:00 2001
From: houjingyi233 <houjingyi647@gmail.com<mailto:houjingyi647@gmail.com>>
Date: Wed, 25 Jan 2023 22:11:31 +0800
Subject: [PATCH] RedfishPkg/RedfishLib: Avoid possible overflow in memcpy

It is possible that when the third argument of the memcpy is unequal
to the first argument of malloc will cause overflow, when +1 in malloc
cause int overflow malloc a very small size of memory and followed memcpy
will cause heap overflow.

Signed-off-by: houjingyi233 <houjingyi647@gmail.com<mailto:houjingyi647@gma=
il.com>>
---
 .../RedfishLib/edk2libredfish/src/redpath.c           | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpat=
h.c b/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpath.c
index cf5ab85165..a1523938f7 100644
--- a/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpath.c
+++ b/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpath.c
@@ -175,6 +175,10 @@ parseNode (
     return;
   }

+  if ((opChars - index)+1 < opChars - index) {
+    return;
+  }
+
   node->next->propName =3D (char *)malloc ((opChars - index)+1);
   memcpy (node->next->propName, index, (opChars - index));
   node->next->propName[(opChars - index)] =3D 0;
@@ -189,6 +193,9 @@ parseNode (
     break;
   }

+  if (tmpIndex+1 < tmpIndex) {
+    return;
+  }
   node->next->op =3D (char *)malloc (tmpIndex+1);
   memcpy (node->next->op, opChars, tmpIndex);
   node->next->op[tmpIndex] =3D 0;
@@ -217,6 +224,10 @@ getStringTill (
     return strdup (string);
   }

+  if ((end-string)+1 < end-string) {
+    return;
+  }
+
   ret =3D (char *)malloc ((end-string)+1);
   memcpy (ret, string, (end-string));
   ret[(end-string)] =3D 0;
--
2.37.3


--_000_MN2PR12MB3966A20E511853EA1B6C4CC0EACC9MN2PR12MB3966namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:PMingLiU;
	panose-1:2 1 6 1 0 1 1 1 1 1;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@PMingLiU";
	panose-1:2 1 6 1 0 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
p.msipheaderdf3d92d6, li.msipheaderdf3d92d6, div.msipheaderdf3d92d6
	{mso-style-name:msipheaderdf3d92d6;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple" style=3D"word-wrap:brea=
k-word">
<div class=3D"WordSection1">
<p class=3D"msipheaderdf3d92d6" style=3D"margin:0in"><span style=3D"font-si=
ze:10.0pt;font-family:&quot;Arial&quot;,sans-serif;color:blue">[AMD Officia=
l Use Only - General]</span><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Hi houjingyi,<o:p></o:p></p>
<p class=3D"MsoNormal">May I know why there are two messages with the same =
subject? Are these two identical?<o:p></o:p></p>
<p class=3D"MsoNormal">Thanks<o:p></o:p></p>
<p class=3D"MsoNormal">Abner<o:p></o:p></p>
<div style=3D"border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt">
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> devel@edk2.groups.io &lt;devel@edk2.gro=
ups.io&gt; <b>
On Behalf Of </b>houjingyi via groups.io<br>
<b>Sent:</b> Wednesday, January 25, 2023 10:23 PM<br>
<b>To:</b> devel@edk2.groups.io<br>
<b>Subject:</b> [edk2-devel] [PATCH] RedfishPkg/RedfishLib: Avoid possible =
overflow in memcpy<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<table class=3D"MsoNormalTable" border=3D"0" cellspacing=3D"0" cellpadding=
=3D"0" align=3D"left" width=3D"100%" style=3D"width:100.0%">
<tbody>
<tr>
<td style=3D"background:#FFB900;padding:5.0pt 2.0pt 5.0pt 2.0pt"></td>
<td width=3D"100%" style=3D"width:100.0%;background:#FFF8E5;padding:5.0pt 4=
.0pt 5.0pt 12.0pt">
<div>
<p class=3D"MsoNormal" style=3D"mso-element:frame;mso-element-frame-hspace:=
2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-el=
ement-anchor-horizontal:column;mso-height-rule:exactly">
<b><span style=3D"color:#222222">Caution:</span></b><span style=3D"color:#2=
22222"> This message originated from an External Source. Use proper caution=
 when opening attachments, clicking links, or responding.
<o:p></o:p></span></p>
</div>
</td>
</tr>
</tbody>
</table>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt">From 0541928e66eb0180=
2a855bbbae125ef0b02259d6 Mon Sep 17 00:00:00 2001<br>
From: houjingyi233 &lt;<a href=3D"mailto:houjingyi647@gmail.com">houjingyi6=
47@gmail.com</a>&gt;<br>
Date: Wed, 25 Jan 2023 22:11:31 +0800<br>
Subject: [PATCH] RedfishPkg/RedfishLib: Avoid possible overflow in memcpy<b=
r>
<br>
It is possible that when the third argument of the memcpy is unequal<br>
to the first argument of malloc will cause overflow, when +1 in malloc<br>
cause int overflow malloc a very small size of memory and followed memcpy<b=
r>
will cause heap overflow.<br>
<br>
Signed-off-by: houjingyi233 &lt;<a href=3D"mailto:houjingyi647@gmail.com">h=
oujingyi647@gmail.com</a>&gt;<br>
---<br>
&nbsp;.../RedfishLib/edk2libredfish/src/redpath.c &nbsp; &nbsp; &nbsp; &nbs=
p; &nbsp; | 11 +++++++++++<br>
&nbsp;1 file changed, 11 insertions(+)<br>
<br>
diff --git a/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpat=
h.c b/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpath.c<br>
index cf5ab85165..a1523938f7 100644<br>
--- a/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpath.c<br>
+++ b/RedfishPkg/PrivateLibrary/RedfishLib/edk2libredfish/src/redpath.c<br>
@@ -175,6 +175,10 @@ parseNode (<br>
&nbsp; &nbsp; &nbsp;return;<br>
&nbsp; &nbsp;}<br>
&nbsp;<br>
+ &nbsp;if ((opChars - index)+1 &lt; opChars - index) {<br>
+ &nbsp; &nbsp;return;<br>
+ &nbsp;}<br>
+<br>
&nbsp; &nbsp;node-&gt;next-&gt;propName =3D (char *)malloc ((opChars - inde=
x)+1);<br>
&nbsp; &nbsp;memcpy (node-&gt;next-&gt;propName, index, (opChars - index));=
<br>
&nbsp; &nbsp;node-&gt;next-&gt;propName[(opChars - index)] =3D 0;<br>
@@ -189,6 +193,9 @@ parseNode (<br>
&nbsp; &nbsp; &nbsp;break;<br>
&nbsp; &nbsp;}<br>
&nbsp;<br>
+ &nbsp;if (tmpIndex+1 &lt; tmpIndex) {<br>
+ &nbsp; &nbsp;return;<br>
+ &nbsp;}<br>
&nbsp; &nbsp;node-&gt;next-&gt;op =3D (char *)malloc (tmpIndex+1);<br>
&nbsp; &nbsp;memcpy (node-&gt;next-&gt;op, opChars, tmpIndex);<br>
&nbsp; &nbsp;node-&gt;next-&gt;op[tmpIndex] =3D 0;<br>
@@ -217,6 +224,10 @@ getStringTill (<br>
&nbsp; &nbsp; &nbsp;return strdup (string);<br>
&nbsp; &nbsp;}<br>
&nbsp;<br>
+ &nbsp;if ((end-string)+1 &lt; end-string) {<br>
+ &nbsp; &nbsp;return;<br>
+ &nbsp;}<br>
+<br>
&nbsp; &nbsp;ret =3D (char *)malloc ((end-string)+1);<br>
&nbsp; &nbsp;memcpy (ret, string, (end-string));<br>
&nbsp; &nbsp;ret[(end-string)] =3D 0;<br>
-- <br>
2.37.3<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>

--_000_MN2PR12MB3966A20E511853EA1B6C4CC0EACC9MN2PR12MB3966namp_--