From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id C37E5AC1631 for ; Wed, 26 Jun 2024 16:35:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=aFALZAl6ay2a9KxugJmwNl+oEBXnz6wF5t4IpJwriYE=; c=relaxed/simple; d=groups.io; h=Subject:To:From:User-Agent:MIME-Version:Date:Message-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1719419708; v=1; b=oNOXfr4WRvReuYlka6YUXenrDBcDlVpVTOUojDYJVLc/kzXab9VueN0Ix9NGQ12DWe0wa2KT s3Snn2r1t4l50cumAZXQzG5uf8T/IocoQ9Wh71jey4tSVHBJqXAZDZfT7EnAM4aAkK/3b8fJitE Fot+jtSWVw15OEb/YCoGfg+J3hpGgVAxkqyib/YYwQQqoAWY4H+ZQBUQWMx1U4sFOYPBAKveTHZ mQmi8nxiHE5R4byu8003NIZxq3jb9WsZN10WWgfMqkU3tl1Q3E5Lqk0aGTQpG9ZRA1XjjTiOYVz 10rMNEzkoNTOf+j8idyuqMCMHQQZgRILDDnUu5ehJ+/tw== X-Received: by 127.0.0.2 with SMTP id CBCMYY7687511xLqtGqD8mQp; Wed, 26 Jun 2024 09:35:07 -0700 Subject: [edk2-devel] - BasePrintLib buffer overflow (PrintLibInternal.c#L1162) To: devel@edk2.groups.io From: "Nmnm via groups.io" X-Originating-Location: Zurich, CH (31.7.62.62) X-Originating-Platform: Windows Firefox 127 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Sun, 16 Jun 2024 19:18:46 -0700 Message-ID: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mm0108@protonmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: rL34Eo1nnHJqhz986Zi3r65Wx7686176AA= Content-Type: multipart/alternative; boundary="O2ZgfsmrFOtnYFQIfoh7" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=oNOXfr4W; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --O2ZgfsmrFOtnYFQIfoh7 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, i am unsure on how to post a bug-report, forgive me if i am not in t= he right place. In PrintLibInternal.c at line 1162 there is the possibility of a buffer ove= rflow, if you specify the string precision it will anyway try to count unti= l the null terminator, if the string is not null terminated it can overflow >From my understanding there is no way to avoid this automatic string length= counting using any formatting I was forced to edit the source for myself Thank you -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119719): https://edk2.groups.io/g/devel/message/119719 Mute This Topic: https://groups.io/mt/106892893/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --O2ZgfsmrFOtnYFQIfoh7 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, i am unsure on how to post a bug-report, forgive me if i am not in t= he right place.

In PrintLibInternal.c at line 1162 there is the = possibility of a buffer overflow, if you specify the string precision it wi= ll anyway try to count until the null terminator, if the string is not null= terminated it can overflow
From my understanding there is no way to a= void this automatic string length counting using any formatting
I was = forced to edit the source for myself

Thank you
_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#119719) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--O2ZgfsmrFOtnYFQIfoh7--