From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (NAM02-CY1-obe.outbound.protection.outlook.com [40.92.4.89]) by mx.groups.io with SMTP id smtpd.web10.13701.1596740780811918978 for ; Thu, 06 Aug 2020 12:06:21 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=OYhXfHwy; spf=pass (domain: outlook.com, ip: 40.92.4.89, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J8327us8kELoO6X9L4Ry2QWb904JrglkX4tbMGiirabG3w1cIJ1s+0oXyErN1+YZ3tQ+f1B9ofKUEnEyPdC2fGebpC7lsltwqMIAPtbGu3nhJ3HXmvs3CC7Rr+r1fo1PYvF/D89Dtv44xt7bBGi2BeqjeJobDaUeKvsO+6VED7twWiAXXZflYM8WpodgG8Wj7hP982DZxuDH4dG7hV6Qhq9QOpqUWtf7EDatctT72Io9zU23nH3R+dfYfmJQUseD4apg+UcbDXnfqAHyKeI/sAV+tWF1aWcaWcdoOlbslRWEwBKfdjok4O1aLUl5UlQ6BHIhJfpOkUdigHQWA22eFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qYomsTd6oR4Lj3y5BLP3yhORE9xgCsWQKGOFVTKjunA=; b=mAUbG7lPaHcQVcfUskZqv2ixoTYveztBZKmi3pYrt4cIbP5B40laIPt7p+2RDzhLZQOywwUv2aCdZu4X3b5hnTY4dMnreOsiVCOZ8BhAWmXKWUe5beF3pnKjMld49PCK8/84zYEVSeTemyVLhuiQe/zuv9OLZVKgOV24WR8qP6Q/TIH/sgqH9k8B/xXFHZz3m4ENGZyN6strRQdaHIsKlSnGTItWED5/KV+Q6+W4+cWiFKpjFhtZvYwQfx//5D4oiYEHTvsDY5mrAGAmo7S25m+od/OYZmUxsL7mnujzbPDK6IOFvaGumQnb66Ww2n++a9QhHUu/G/4F96Er5y4yxw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qYomsTd6oR4Lj3y5BLP3yhORE9xgCsWQKGOFVTKjunA=; b=OYhXfHwyGZfWZuBNM7R2JqWEGkb1WPvck7yHwzbZHY9sOKWLmr0hmFiUEnxzMZrvbPU9PQkMTVWPlIoS1IwZXxcXw2sPzPH2efZp+zPLqK8oryl15c8yWf9Cbp7PUDBR8DmYh5g5JpOHuI0MpGgBRY7btvUumzqpGtOJw4nSLtaPjre2SNUFlVgmMCk50VOO8ZhWVjtfk314joWtrO6Y1PzPiMKtrE6ywQZ12+9kFPG6jhuR+17CXDmZAHdSGWF4qz2Yfb2lKe6thEcDBKrc0RbaZ3b/XfYxHhVFs7dcIgvh3bFlh6YDlNvRME+R24fD7oowNVHq7MufX7osNHCNRw== Received: from BL2NAM02FT035.eop-nam02.prod.protection.outlook.com (10.152.76.51) by BL2NAM02HT174.eop-nam02.prod.protection.outlook.com (10.152.77.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19; Thu, 6 Aug 2020 19:06:19 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e46::41) by BL2NAM02FT035.mail.protection.outlook.com (2a01:111:e400:7e46::413) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19 via Frontend Transport; Thu, 6 Aug 2020 19:06:19 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:0AFA494C12336948432C7699D8BFDD331E910FF0FFCC94643AD70867782DFDE9;UpperCasedChecksum:40E0B4F9108AD4423D6DF01A92456D9CFCCA542604D1B0E17E5852216ABFDA01;SizeAsReceived:7789;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::9856:570e:1735:974e%7]) with mapi id 15.20.3261.019; Thu, 6 Aug 2020 19:06:19 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Liming Gao , Michael D Kinney , Guomin Jiang , Wei6 Xu Subject: [PATCH v3 3/7] FmpDevicePkg/FmpDependencyLib: Handle version string overflow Date: Thu, 6 Aug 2020 12:05:38 -0700 Message-ID: X-Mailer: git-send-email 2.27.0.windows.1 In-Reply-To: <20200806190542.959-1-michael.kubacki@outlook.com> References: <20200806190542.959-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MW2PR16CA0055.namprd16.prod.outlook.com (2603:10b6:907:1::32) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200806190542.959-4-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:9:a161:5170:12c:6904) by MW2PR16CA0055.namprd16.prod.outlook.com (2603:10b6:907:1::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.18 via Frontend Transport; Thu, 6 Aug 2020 19:06:19 +0000 X-Mailer: git-send-email 2.27.0.windows.1 X-Microsoft-Original-Message-ID: <20200806190542.959-4-michael.kubacki@outlook.com> X-TMN: [aNtWXQWmxRRhnHfP5bPVi15HMtWzTmI7YykKdAXc2SZpR1ts4dHx/S+nd/ughhYl] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 0cd4b1c8-9df5-4b1b-9e08-08d83a3bcd52 X-MS-TrafficTypeDiagnostic: BL2NAM02HT174: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CGjWK+XaSqj2Ne70jAnesPB3bCwnVKNrBQzK8BezEI0Exzojz1xRIfzJd+jwnWIq4Me1+LoRqTJyfkA9a9bVtgK5E0Y4m81qsFXdeHwXpzmDlVnEQNXFQeip3PCbDVtt1CWx475NLtPRD272qYaKBJgcY63O8ZYziyalikDxzKwuIAqXnDNHEcpH8El4YlqfbWeDJU4qqsA3lu1ehNUrlA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: bcJrwTKrPoutje/ksYgrr+BMlJHU0h7KD1gBBCFViLu8GkzUDJWzZvh9pPaACm+vHpD/IAkVnn8DMaPC6enPDh4DUdvLhbLerOWqsH8pBFiWRzBR8FxzFtctPwrkjnQE/rXDGxmDJpkZBWdPtIcyur+bn6BMa2PkuvFnWWwPR3drD8baLLYMMvb+/H44Z07YggmgAfRZmRYYdUTX35hj9g== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0cd4b1c8-9df5-4b1b-9e08-08d83a3bcd52 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2020 19:06:19.7139 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: BL2NAM02FT035.eop-nam02.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT174 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Michael Kubacki This change recognizes the condition of the DEPEX version string extending beyond the end of the dependency expression as an error. Cc: Liming Gao Cc: Michael D Kinney Cc: Guomin Jiang Cc: Wei6 Xu Signed-off-by: Michael Kubacki Reviewed-by: Michael D Kinney Reviewed-by: Guomin Jiang Reviewed-by: Wei6 Xu --- Notes: This is particularly helpful for the user to isolate the issue when stepping through the control flow as this case will be the last executed before jumping to the Error label to return from the function. FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c b/Fmp= DevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c index ba89eb22d9f0..5ef25d2415cf 100644 --- a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c +++ b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c @@ -286,6 +286,7 @@ EvaluateDependency ( Iterator +=3D AsciiStrnLenS ((CHAR8 *) Iterator, DependenciesSize - = (Iterator - Dependencies->Dependencies)); if (Iterator =3D=3D (UINT8 *) Dependencies->Dependencies + Dependenc= iesSize) { DEBUG ((DEBUG_ERROR, "EvaluateDependency: STRING extends beyond en= d of dependency expression!\n")); + goto Error; } break; case EFI_FMP_DEP_AND: --=20 2.27.0.windows.1