public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	edk2-devel@ml01.01.org, leif.lindholm@linaro.org
Subject: Re: [PATCH 5/9] EmbeddedPkg/AndroidFastboot: eliminate deprecated string function calls
Date: Tue, 25 Oct 2016 14:40:44 +0200	[thread overview]
Message-ID: <de8a1143-e558-74d2-29e8-56a8d0833486@redhat.com> (raw)
In-Reply-To: <1477330907-13733-6-git-send-email-ard.biesheuvel@linaro.org>

On 10/24/16 19:41, Ard Biesheuvel wrote:
> Get rid of calls to unsafe string functions. These are deprecated and may
> be removed in the future.
> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  EmbeddedPkg/Application/AndroidFastboot/AndroidBootImg.c     | 3 ++-
>  EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c | 4 ++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/EmbeddedPkg/Application/AndroidFastboot/AndroidBootImg.c b/EmbeddedPkg/Application/AndroidFastboot/AndroidBootImg.c
> index bbca90fc08a2..f3e770bcc980 100644
> --- a/EmbeddedPkg/Application/AndroidFastboot/AndroidBootImg.c
> +++ b/EmbeddedPkg/Application/AndroidFastboot/AndroidBootImg.c
> @@ -84,7 +84,8 @@ ParseAndroidBootImg (
>                   + ALIGN_VALUE (Header->KernelSize, Header->PageSize));
>    }
>  
> -  AsciiStrnCpy (KernelArgs, Header->KernelArgs, BOOTIMG_KERNEL_ARGS_SIZE);
> +  AsciiStrnCpyS (KernelArgs, BOOTIMG_KERNEL_ARGS_SIZE, Header->KernelArgs,
> +    BOOTIMG_KERNEL_ARGS_SIZE);
>  
>    return EFI_SUCCESS;
>  }

This loses the zero padding, but I guess that's okay. Is fine otherwise.

> diff --git a/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c b/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c
> index 9ddc34f57cf4..960218b25241 100644
> --- a/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c
> +++ b/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c
> @@ -127,7 +127,7 @@ HandleDownload (
>    if (mDataBuffer == NULL) {
>      SEND_LITERAL ("FAILNot enough memory");
>    } else {
> -    AsciiStrnCpy (Response + 4, NumBytesString, 8);
> +    AsciiStrnCpyS (Response + 4, mNumDataBytes, NumBytesString, 8);
>      mTransport->Send (sizeof(Response), Response, &mFatalSendErrorEvent);
>  
>      mState = ExpectDataState;

I don't think this is right. Here we're trying to copy no more than 8
characters from NumBytesString into Response, after the "DATA" prefix.
mNumDataBytes is the decimal value of NumBytesString, and it's unrelated
to this formatting.

What we could do is

  AsciiStrnCpyS (Response + 4, sizeof Response - 4, NumBytesString, 8)

in order to remain "surgical". However, that's not right again, because
AsciiStrnCpyS() *always* NUL-terminates, and here we only have

  CHAR8       Response[12] = "DATA";

i.e., no room for values above 0x0FFF_FFFF. Another issue is that the
zero padding of AsciiStrnCpy() would be lost, and we actually send the
zero padding to the wire.

So, the real fix is, in my opinion:

* resize Response to 4 + 8 + 1 == 13 bytes,

* format it like this:
  ZeroMem (Response, sizeof Response);
  AsciiSPrint (Response, sizeof Response, "DATA%x",
    (UINT32)mNumDataBytes);

* send it like this:
  mTransport->Send (sizeof Response - 1, Response,
    &mFatalSendErrorEvent);


> @@ -257,7 +257,7 @@ AcceptCmd (
>    }
>  
>    // Commands aren't null-terminated. Let's get a null-terminated version.
> -  AsciiStrnCpy (Command, Data, Size);
> +  AsciiStrnCpyS (Command, sizeof Command, Data, Size);
>    Command[Size] = '\0';
>  
>    // Parse command
> 

This looks good, but the explicit NUL-termination can be dropped, as
AsciiStrnCpyS() enforces that internally.

Thanks
Laszlo


  reply	other threads:[~2016-10-25 12:40 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-24 17:41 [PATCH 0/9] EmbeddedPkg: eliminate calls to deprecated functions Ard Biesheuvel
2016-10-24 17:41 ` [PATCH 1/9] EmbeddedPkg/AndroidFastbootTransportTcpDxe: remove broken hostname handling Ard Biesheuvel
2016-10-24 17:41 ` [PATCH 2/9] EmbeddedPkg: remove unused PrePiHobListPointerLib Ard Biesheuvel
2016-10-24 17:41 ` [PATCH 3/9] EmbeddedPkg: add missing modules Ard Biesheuvel
2016-10-24 17:41 ` [PATCH 4/9] EmbeddedPkg/GdbDebugAgent: fix VOID* cast of incorrect size Ard Biesheuvel
2016-10-25 12:16   ` Laszlo Ersek
2016-10-24 17:41 ` [PATCH 5/9] EmbeddedPkg/AndroidFastboot: eliminate deprecated string function calls Ard Biesheuvel
2016-10-25 12:40   ` Laszlo Ersek [this message]
2016-10-24 17:41 ` [PATCH 6/9] EmbeddedPkg/Ebl: " Ard Biesheuvel
2016-10-25 13:34   ` Laszlo Ersek
2016-10-24 17:41 ` [PATCH 7/9] EmbeddedPkg/EfiFileLib: " Ard Biesheuvel
2016-10-25 14:20   ` Laszlo Ersek
2016-10-24 17:41 ` [PATCH 8/9] EmbeddedPkg/MmcDxe: " Ard Biesheuvel
2016-10-25 13:49   ` Laszlo Ersek
2016-10-24 17:41 ` [PATCH 9/9] EmbeddedPkg: enable -DDISABLE_NEW_DEPRECATED_INTERFACES Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=de8a1143-e558-74d2-29e8-56a8d0833486@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox