From: "Rebecca Cran" <rebecca@nuviainc.com>
To: devel@edk2.groups.io, Daryl McDaniel <edk2-lists@mc2research.org>,
Jaben Carsey <jaben.carsey@intel.com>
Subject: Re: [edk2-devel] [edk2-libc PATCH 1/1] Update LibC to use safe string functions
Date: Tue, 20 Jul 2021 14:11:43 -0600 [thread overview]
Message-ID: <d0024df1-8858-deda-3eff-640a9b8bb507@nuviainc.com> (raw)
In-Reply-To: <1686594EFA3CDA35.1617@groups.io>
This hasn't had any reviews yet. Could someone take a look at it please?
Thanks.
Rebecca Cran
On 6/7/21 10:21 AM, Rebecca Cran via groups.io wrote:
> The insecure string functions such as StrCpy were removed a while ago,
> breaking the StdLib build. Migrate StdLib/LibC to the safe string
> versions.
>
> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> ---
> StdLib/LibC/StdLib/Environs.c | 11 ++++++-----
> StdLib/LibC/StdLib/realpath.c | 5 +++--
> StdLib/LibC/String/Concatenation.c | 7 +++++--
> StdLib/LibC/String/Copying.c | 7 +++++--
> StdLib/LibC/Uefi/Devices/Utility/Path.c | 3 ++-
> StdLib/LibC/Uefi/SysCalls.c | 5 +++--
> StdLib/LibC/Wchar/Concatenation.c | 6 ++++--
> StdLib/LibC/Wchar/Copying.c | 4 ++--
> 8 files changed, 30 insertions(+), 18 deletions(-)
>
> diff --git a/StdLib/LibC/StdLib/Environs.c b/StdLib/LibC/StdLib/Environs.c
> index a29cb9954cf9..ad56629554df 100644
> --- a/StdLib/LibC/StdLib/Environs.c
> +++ b/StdLib/LibC/StdLib/Environs.c
> @@ -151,7 +151,7 @@ system(const char *string)
> if( string == NULL) {
> return 1;
> }
> - (void)AsciiStrToUnicodeStr( string, gMD->UString);
> + (void)AsciiStrToUnicodeStrS (string, gMD->UString, UNICODE_STRING_MAX);
> OpStat = ShellExecute( &MyHandle, gMD->UString, FALSE, NULL, &CmdStat);
> if(OpStat == RETURN_SUCCESS) {
> EFIerrno = CmdStat;
> @@ -177,10 +177,11 @@ char *getenv(const char *name)
> const CHAR16 *EfiEnv;
> char *retval = NULL;
>
> - (void)AsciiStrToUnicodeStr( name, gMD->UString);
> + (void)AsciiStrToUnicodeStrS (name, gMD->UString, UNICODE_STRING_MAX);
> EfiEnv = ShellGetEnvironmentVariable(gMD->UString);
> if(EfiEnv != NULL) {
> - retval = UnicodeStrToAsciiStr( EfiEnv, gMD->ASgetenv);
> + (void)UnicodeStrToAsciiStrS (EfiEnv, gMD->ASgetenv, UNICODE_STRING_MAX);
> + retval = gMD->ASgetenv;
> }
>
> return retval;
> @@ -238,8 +239,8 @@ setenv (
> //
> // Convert the strings
> //
> - AsciiStrToUnicodeStr ( name, UName );
> - AsciiStrToUnicodeStr ( value, UValue );
> + AsciiStrToUnicodeStrS (name, UName, UNICODE_STRING_MAX);
> + AsciiStrToUnicodeStrS (value, UValue, UNICODE_STRING_MAX);
>
> //
> // Determine if the string is already present
> diff --git a/StdLib/LibC/StdLib/realpath.c b/StdLib/LibC/StdLib/realpath.c
> index 6d75f17a394d..a8ff1e9d5b1d 100644
> --- a/StdLib/LibC/StdLib/realpath.c
> +++ b/StdLib/LibC/StdLib/realpath.c
> @@ -14,6 +14,7 @@
> #include <Library/BaseLib.h>
> #include <Library/MemoryAllocationLib.h>
> #include <errno.h>
> +#include <limits.h>
>
> /** The realpath() function shall derive, from the pathname pointed to by
> file_name, an absolute pathname that names the same file, whose resolution
> @@ -47,8 +48,8 @@ realpath(
> errno = ENOMEM;
> return (NULL);
> }
> - AsciiStrToUnicodeStr(file_name, Temp);
> + AsciiStrToUnicodeStrS (file_name, Temp, UNICODE_STRING_MAX);
> PathCleanUpDirectories(Temp);
> - UnicodeStrToAsciiStr(Temp, resolved_name);
> + UnicodeStrToAsciiStrS (Temp, resolved_name, UNICODE_STRING_MAX);
> return (resolved_name);
> }
> diff --git a/StdLib/LibC/String/Concatenation.c b/StdLib/LibC/String/Concatenation.c
> index e76bea0bf858..f78836fbe0d6 100644
> --- a/StdLib/LibC/String/Concatenation.c
> +++ b/StdLib/LibC/String/Concatenation.c
> @@ -15,6 +15,7 @@
>
> #include <LibConfig.h>
>
> +#include <limits.h>
> #include <string.h>
>
> /** The strcat function appends a copy of the string pointed to by s2
> @@ -28,7 +29,8 @@
> char *
> strcat(char * __restrict s1, const char * __restrict s2)
> {
> - return AsciiStrCat( s1, s2);
> + AsciiStrCatS (s1, UNICODE_STRING_MAX, s2);
> + return s1;
> }
>
> /** The strncat function appends not more than n characters (a null character
> @@ -43,7 +45,8 @@ strcat(char * __restrict s1, const char * __restrict s2)
> char *
> strncat(char * __restrict s1, const char * __restrict s2, size_t n)
> {
> - return AsciiStrnCat( s1, s2, n);
> + AsciiStrnCatS (s1, UNICODE_STRING_MAX, s2, n);
> + return s1;
> }
>
> /** The strncatX function appends not more than n characters (a null character
> diff --git a/StdLib/LibC/String/Copying.c b/StdLib/LibC/String/Copying.c
> index 3234eccf0808..cc2077a5b80a 100644
> --- a/StdLib/LibC/String/Copying.c
> +++ b/StdLib/LibC/String/Copying.c
> @@ -16,6 +16,7 @@
>
> #include <LibConfig.h>
>
> +#include <limits.h>
> #include <stdlib.h>
> #include <string.h>
>
> @@ -73,7 +74,8 @@ strcpy(char * __restrict s1, const char * __restrict s2)
>
> //while ( *s1++ = *s2++) /* Empty Body */;
> //return(s1ret);
> - return AsciiStrCpy( s1, s2);
> + AsciiStrCpyS (s1, UNICODE_STRING_MAX, s2);
> + return s1;
> }
>
> /** The strncpy function copies not more than n characters (characters that
> @@ -89,7 +91,8 @@ strcpy(char * __restrict s1, const char * __restrict s2)
> **/
> char *strncpy(char * __restrict s1, const char * __restrict s2, size_t n)
> {
> - return AsciiStrnCpy( s1, s2, n);
> + AsciiStrnCpyS (s1, UNICODE_STRING_MAX, s2, n);
> + return s1;
> //char *dest = s1;
>
> //while(n != 0) {
> diff --git a/StdLib/LibC/Uefi/Devices/Utility/Path.c b/StdLib/LibC/Uefi/Devices/Utility/Path.c
> index 96392e018dac..d6728d3a647e 100644
> --- a/StdLib/LibC/Uefi/Devices/Utility/Path.c
> +++ b/StdLib/LibC/Uefi/Devices/Utility/Path.c
> @@ -110,7 +110,8 @@ NormalizePath( const char *path)
> wchar_t *NewPath;
> size_t Length;
>
> - OldPath = AsciiStrToUnicodeStr(path, gMD->UString);
> + AsciiStrToUnicodeStrS (path, gMD->UString, UNICODE_STRING_MAX);
> + OldPath = gMD->UString;
> Length = wcslen(OldPath) + 1;
>
> NewPath = calloc(Length, sizeof(wchar_t));
> diff --git a/StdLib/LibC/Uefi/SysCalls.c b/StdLib/LibC/Uefi/SysCalls.c
> index faa73ed7a4ee..e83b72308fbe 100644
> --- a/StdLib/LibC/Uefi/SysCalls.c
> +++ b/StdLib/LibC/Uefi/SysCalls.c
> @@ -1320,7 +1320,8 @@ char
> errno = ERANGE;
> return (NULL);
> }
> - return (UnicodeStrToAsciiStr(Cwd, buf));
> + UnicodeStrToAsciiStrS (Cwd, buf, UNICODE_STRING_MAX);
> + return buf;
> }
>
> /** Change the current working directory.
> @@ -1358,7 +1359,7 @@ chdir (const char *path)
> errno = ENOMEM;
> return -1;
> }
> - AsciiStrToUnicodeStr(path, UnicodePath);
> + AsciiStrToUnicodeStrS (path, UnicodePath, UNICODE_STRING_MAX);
> Status = gEfiShellProtocol->SetCurDir(NULL, UnicodePath);
> FreePool(UnicodePath);
> if (EFI_ERROR(Status)) {
> diff --git a/StdLib/LibC/Wchar/Concatenation.c b/StdLib/LibC/Wchar/Concatenation.c
> index cf595a461f0e..7289240951aa 100644
> --- a/StdLib/LibC/Wchar/Concatenation.c
> +++ b/StdLib/LibC/Wchar/Concatenation.c
> @@ -31,7 +31,8 @@
> **/
> wchar_t *wcscat(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> {
> - return (wchar_t *)StrCat( (CHAR16 *)s1, (CONST CHAR16 *)s2);
> + StrCatS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2);
> + return s1;
> }
>
> /** The wcsncat function appends not more than n wide characters (a null wide
> @@ -44,5 +45,6 @@ wchar_t *wcscat(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> **/
> wchar_t *wcsncat(wchar_t * __restrict s1, const wchar_t * __restrict s2, size_t n)
> {
> - return (wchar_t *)StrnCat( (CHAR16 *)s1, (CONST CHAR16 *)s2, (UINTN)n);
> + StrnCatS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2, (UINTN)n);
> + return s1;
> }
> diff --git a/StdLib/LibC/Wchar/Copying.c b/StdLib/LibC/Wchar/Copying.c
> index 7075437965ad..848c83419ddb 100644
> --- a/StdLib/LibC/Wchar/Copying.c
> +++ b/StdLib/LibC/Wchar/Copying.c
> @@ -29,7 +29,7 @@
> **/
> wchar_t *wcscpy(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> {
> - return (wchar_t *)StrCpy( (CHAR16 *)s1, (CONST CHAR16 *)s2);
> + return (wchar_t *)StrCpyS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2);
> }
>
> /** The wcsncpy function copies not more than n wide characters (those that
> @@ -44,7 +44,7 @@ wchar_t *wcscpy(wchar_t * __restrict s1, const wchar_t * __restrict s2)
> **/
> wchar_t *wcsncpy(wchar_t * __restrict s1, const wchar_t * __restrict s2, size_t n)
> {
> - return (wchar_t *)StrnCpy( (CHAR16 *)s1, (CONST CHAR16 *)s2, (UINTN)n);
> + return (wchar_t *)StrnCpyS ((CHAR16 *)s1, UNICODE_STRING_MAX, (CONST CHAR16 *)s2, (UINTN)n);
> }
>
> /** The wmemcpy function copies n wide characters from the object pointed to by
next parent reply other threads:[~2021-07-20 20:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1686594EFA3CDA35.1617@groups.io>
2021-07-20 20:11 ` Rebecca Cran [this message]
2021-06-07 16:21 [edk2-libc PATCH 1/1] Update LibC to use safe string functions Rebecca Cran
2021-08-13 2:10 ` [edk2-devel] " Michael D Kinney
2021-08-13 2:16 ` Michael D Kinney
2021-08-13 3:39 ` Rebecca Cran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d0024df1-8858-deda-3eff-640a9b8bb507@nuviainc.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox