From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.92.23.22]) by mx.groups.io with SMTP id smtpd.web11.392.1596663625574390938 for ; Wed, 05 Aug 2020 14:40:25 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=rqGSuPdy; spf=pass (domain: outlook.com, ip: 40.92.23.22, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AoiOi35EU4XvaUtACBaYe4kX6sZVIzdJUkpKRlildq/zLdPoGz8nXLXtY+1chTO9J/jcpv7KMXkwioGK1ZCWgpgFJTAd8JpAYqqOdetyx6SJeB/MVVNDp9SozbowwCJOpDXcMxrXomUXRrRBHB+vxntgOZvgjqRtFAVZgD6mwEeT4aFEXhLzzaskh3NYkMPKHtW7eOf07qvjDccYdBcc39wkZfzKqub2V725r6tZM4HXjTpj51lXAd3hGMkbZ/4lN618RA1F1pdm2dAaIvQdyF7AXudXgTsdKO93+Kx13BPGbeFY0kZ83sY+boO+KVj/17wnvrBRS70g0N5gwMGT/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qYomsTd6oR4Lj3y5BLP3yhORE9xgCsWQKGOFVTKjunA=; b=FJF+1XMES+1FgW8X/ycIS4WzprFX6ycq2/Q1+Y2teMmcIHQqvz9YrEYoDcPG3I+RuVrEVTjT83IvEl6CPlVd/WTFK2QpCWg1l5CgX6Q4yshqCI4rzHL4mgg/py4f6yziedWxdRZ4gBOrHMp8c1uGEaTRsRsYLfGPfD8mYi5TxWR/4aMBRgRQTGHokaupVupdF5SD7RAfdqtBLxNwyNMiRFA7TGzfWPWbIX5gPd5L9mgcEzEwJSWZmDbZJ12As8vLECRFoLRF5EA4enbvhulufv87WioUOBM+59jwvwwd5B0jyvbSkptl+AuIIvWOwIDU5OVmDX/wmIhYdcEAgjOTJQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qYomsTd6oR4Lj3y5BLP3yhORE9xgCsWQKGOFVTKjunA=; b=rqGSuPdyb6eV04OsCkY74k+JzBMMvz86taQvW02495bSXX5qBnDzFOL0JMHpswJtNnAsHOPnpdKrDlR1UyTFWjY+ki2LYxQyx9YaEECFMJvFsZrh3pTFGGFYdzRxGK/EnEgYT+BS1L5teHlNBvgesBMGMEdpFSC98+MmoB71xekuH4uGh9hh3cvXIHALRMJuQ7VJGygPpJfbR4k9PYxOsaf7v089tNn5zBfie1tCBClXqXlVWiJBns/bj0xvVtZ6oVZiqZfPo39W4O9KNyOQMqpvvpQreXLUwWW0u1/okY1QATI7iCgFfgocTDvN/V0uOuvDfSIFw1WHhnKnOKHFpw== Received: from MW2NAM12FT045.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::41) by MW2NAM12HT227.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::342) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.10; Wed, 5 Aug 2020 21:40:24 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:fc65::42) by MW2NAM12FT045.mail.protection.outlook.com (2a01:111:e400:fc65::268) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.10 via Frontend Transport; Wed, 5 Aug 2020 21:40:24 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:95226510A6EEF1D09C64F93E80CD00AFEF742A7F1DFAC046FD00DC65834222E3;UpperCasedChecksum:2FC90277301BF9EC9D7D5BB950357B96C938B7B4D0BD41825519563A39F0BE1F;SizeAsReceived:7804;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e%7]) with mapi id 15.20.3239.022; Wed, 5 Aug 2020 21:40:24 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Liming Gao , Michael D Kinney , Guomin Jiang , Wei6 Xu Subject: [PATCH v2 3/7] FmpDevicePkg/FmpDependencyLib: Handle version string overflow Date: Wed, 5 Aug 2020 14:39:40 -0700 Message-ID: X-Mailer: git-send-email 2.27.0.windows.1 In-Reply-To: <20200805213944.1811-1-michael.kubacki@outlook.com> References: <20200805213944.1811-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MWHPR2001CA0014.namprd20.prod.outlook.com (2603:10b6:301:15::24) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200805213944.1811-4-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:a:f5bb:f844:3092:4e93) by MWHPR2001CA0014.namprd20.prod.outlook.com (2603:10b6:301:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17 via Frontend Transport; Wed, 5 Aug 2020 21:40:24 +0000 X-Mailer: git-send-email 2.27.0.windows.1 X-Microsoft-Original-Message-ID: <20200805213944.1811-4-michael.kubacki@outlook.com> X-TMN: [AdPIjMjsGRkgo2bgQofEk2d6TzojwrezJIZDjCHPDyNqDP7+pet2zsnlCCBJydZ3] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: b961e336-7ecf-4a09-a96f-08d839882930 X-MS-TrafficTypeDiagnostic: MW2NAM12HT227: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: R2Fn8Y07HAre9qlCHHSIcM82SrU80nxo1QPZmfXuZtp4N2hTiYI1eAsUMJbAGUI9RQQYcL/dlkFToq16bgqtnGeuVVydgKHMXssV0IuYtVaCgLhpdCBL89oFBzdGaJhXdmOiBBf98H4PBp76iEIT+Gf3babtYkDXaSaYDoAAJJ5b5AasO2cRLWn27pIaXrNpD7FZihnpFpTlR4tR5i+TMQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: eiCfEAsUChxxmlPqImoXwfgkzNdqRcVjg+AH+uBtjEht/cOTQYiVWmwqrn4qTlX9xFaCRmB0j5QP1W0AECBDccvo7R3EzjtpiMrd4EQBtU1pNnhXXi6EFskQ6P3sVYhqv4Fr8qzOjn/YMOoC1UAwwT/ri8udF7ZpvyTiVGcc+6aPWiEtTTD4xvo5sJdBycMiawHTpSHHfISpQGUrs3DGYg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b961e336-7ecf-4a09-a96f-08d839882930 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2020 21:40:24.4854 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: MW2NAM12FT045.eop-nam12.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2NAM12HT227 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Michael Kubacki This change recognizes the condition of the DEPEX version string extending beyond the end of the dependency expression as an error. Cc: Liming Gao Cc: Michael D Kinney Cc: Guomin Jiang Cc: Wei6 Xu Signed-off-by: Michael Kubacki Reviewed-by: Michael D Kinney Reviewed-by: Guomin Jiang Reviewed-by: Wei6 Xu --- Notes: This is particularly helpful for the user to isolate the issue when stepping through the control flow as this case will be the last executed before jumping to the Error label to return from the function. FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c b/Fmp= DevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c index ba89eb22d9f0..5ef25d2415cf 100644 --- a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c +++ b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c @@ -286,6 +286,7 @@ EvaluateDependency ( Iterator +=3D AsciiStrnLenS ((CHAR8 *) Iterator, DependenciesSize - = (Iterator - Dependencies->Dependencies)); if (Iterator =3D=3D (UINT8 *) Dependencies->Dependencies + Dependenc= iesSize) { DEBUG ((DEBUG_ERROR, "EvaluateDependency: STRING extends beyond en= d of dependency expression!\n")); + goto Error; } break; case EFI_FMP_DEP_AND: --=20 2.27.0.windows.1