From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.92.23.70]) by mx.groups.io with SMTP id smtpd.web11.10887.1596165340714818518 for ; Thu, 30 Jul 2020 20:15:40 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=Fkjcn2OR; spf=pass (domain: outlook.com, ip: 40.92.23.70, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E3Eno354PKFQnIysy88xzcmOpDtHHKYLmYQS2oITTN0gp3MAiF+Vk5WfvZygoyB+r9IgZ3XG8cdxkSFBA/RKdZPVSgbZuxW67a3szCxSE0etea0bG+aeCJSHZrfW5wkyj7ncL1ncVhPNZw4HIrdoQb74bu0XEg9G8a5otNIwLc8zR/KPYhOwyL2mtprXsxGYY6Aajfhv9WZAFjn4XirUt6nB/6+CdDxZhb1QC/KUPfd8/cN/IkvKUbFiXYyIJWaYxktW1+Kz8WENgJeyKAyaOnkbuDLB6jrCcjrHTxGwuQ6u244sJyNYLpWrx9/iEvlxti6DiObJ+5aK6jBSaGjlFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0md93D9JcrF15eoH7dHFoEbAItgHjTyM4PTdFnuTpr4=; b=Hj7uW7k8dJLKuPxIH3NJuftj7XKMJyP2QHPwaWrKggoVCYEx1ykJ4xapw7usMwYpMSTamBi8l4SRUfCPB1R6ar3U+w0ksm1zYzgsV6cinVdGimJSnIo65h6Ij626y8wsRuwepQIAAesoOmbKrv6aLo24qmVQdlwCOHYt7WjjbagDzQUo8mZht/DizQYHxFazOrd+yfYuJy1ykZW8yryczwNMSLO1wSMp1SkhbhaJDPU40odYTqx0OqWdW2ghSGQe2gc0cnqYzFPZCUGsoLnkBP/5j3K7cLScA7eDnd/nObHnRBufeLmbs4JbUc+DU4HFce9j4Q6p9kxrih53cM420A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0md93D9JcrF15eoH7dHFoEbAItgHjTyM4PTdFnuTpr4=; b=Fkjcn2OR/hzWY5aRQVkifDHbqpg92Br7AkMu6lYEolKRPwb9iq67kPi4ARu2CmXR27hIBhgS+mEEUbcl1CChLlRLbBZECGXbcF58BTtPc+pMkJGsssBpJJQQNbAZMKn9rE8/Kor/e9wuKDcnvXkz7es2LTz/9adAO04cJlNCbkA3szHiIc3CJoMTJ/AA1snW9uqteCE1Nd5Gyl5gMhcHmk035SsF1z7Qv01Gvu+h/y0NrnwBrzypvT5N0dSZif5/utaRn7CgOyAnrmW41XXdv7s/4k3jWseJC3uOwU/kxgEb8ayQw07GgzKMpu8VLF87IIhH/XUeycuantynQ7WrcQ== Received: from MW2NAM12FT019.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::49) by MW2NAM12HT099.eop-nam12.prod.protection.outlook.com (2a01:111:e400:fc65::239) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.14; Fri, 31 Jul 2020 03:15:39 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:fc65::4c) by MW2NAM12FT019.mail.protection.outlook.com (2a01:111:e400:fc65::86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.14 via Frontend Transport; Fri, 31 Jul 2020 03:15:39 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:15AA54CC43FB6A0A4F18FA2E654B01AC78876A8C02489C5AEAC9C8B203D0ADDC;UpperCasedChecksum:176BD2A97CC7D42EA3E9A31F8F628021FCCE61B9F5AFAA04CAEF29DE0C43322D;SizeAsReceived:7727;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e%7]) with mapi id 15.20.3216.033; Fri, 31 Jul 2020 03:15:39 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Liming Gao , Michael D Kinney Subject: [PATCH v1 3/7] FmpDevicePkg/FmpDependencyLib: Handle version string overflow Date: Thu, 30 Jul 2020 20:14:44 -0700 Message-ID: X-Mailer: git-send-email 2.27.0.windows.1 In-Reply-To: <20200731031448.1103-1-michael.kubacki@outlook.com> References: <20200731031448.1103-1-michael.kubacki@outlook.com> X-ClientProxiedBy: CO2PR04CA0115.namprd04.prod.outlook.com (2603:10b6:104:7::17) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200731031448.1103-4-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:0:8072:23b8:48ea:d2c1) by CO2PR04CA0115.namprd04.prod.outlook.com (2603:10b6:104:7::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.18 via Frontend Transport; Fri, 31 Jul 2020 03:15:39 +0000 X-Mailer: git-send-email 2.27.0.windows.1 X-Microsoft-Original-Message-ID: <20200731031448.1103-4-michael.kubacki@outlook.com> X-TMN: [2ZNg0Gr/DvBg4HmBkNUUdJum+8CZukLlGvI1x5WhX3+fmHMVe4dsko7v534VQjYS] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 24332d45-4ed5-49cc-6970-08d835000023 X-MS-TrafficTypeDiagnostic: MW2NAM12HT099: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: P6Nzahr64XppDs0e2lHmBlj7RIH+Z9vDJ+kOEf9xbKoeBUG3TflMMgY+Bp9xbxm812fMQdw7F2mBn6Or9/P5ZnUi+Rf82FWa4w2csavwhi3E7BS+rDbkpcDxKPaurl357HJK3dwn+Xm5C0p+c0X4K9WHu4fynufziD8W/6Inszqh8oKER7mCi65QJw3EyoWyJlOWTWvWf8uarwFdBb3/rg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: KhYelXZMOW977s2+UhEymdlFboYBt7WFSchPnG6FA99WuzEkDlE191XnrYYjYPHpfTFGk0fbxWHtKfy60C1XEzarybn/LgkwpwQNvCs9SN51SdXJOiBT+e+GKeM4yQ8FPySgtZASP6fmJBsMz7+UFnkhjFGFsJtNDVBNAjZqyPFyML1zusAWyxBDUakzaukZUXeZRvK/KdYnPYBz+JjoNw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 24332d45-4ed5-49cc-6970-08d835000023 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jul 2020 03:15:39.3107 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: MW2NAM12FT019.eop-nam12.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2NAM12HT099 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Michael Kubacki This change recognizes the condition of the DEPEX version string extending beyond the end of the dependency expression as an error. Cc: Liming Gao Cc: Michael D Kinney Signed-off-by: Michael Kubacki --- Notes: This is particularly helpful for the user to isolate the issue when stepping through the control flow as this case will be the last executed before jumping to the Error label to return from the function. FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c b/Fmp= DevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c index ba89eb22d9f0..5ef25d2415cf 100644 --- a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c +++ b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c @@ -286,6 +286,7 @@ EvaluateDependency ( Iterator +=3D AsciiStrnLenS ((CHAR8 *) Iterator, DependenciesSize - = (Iterator - Dependencies->Dependencies)); if (Iterator =3D=3D (UINT8 *) Dependencies->Dependencies + Dependenc= iesSize) { DEBUG ((DEBUG_ERROR, "EvaluateDependency: STRING extends beyond en= d of dependency expression!\n")); + goto Error; } break; case EFI_FMP_DEP_AND: --=20 2.27.0.windows.1