Re: [PATCH] MdeModulePkg/Bds: Check variable name even OptionNumber is NULL

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Laszlo Ersek <lersek@redhat.com>
To: Ruiyu Ni <ruiyu.ni@intel.com>, edk2-devel@lists.01.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH] MdeModulePkg/Bds: Check variable name even OptionNumber is NULL
Date: Tue, 10 Oct 2017 18:59:48 +0200	[thread overview]
Message-ID: <e0cbf589-1107-184e-385c-6d3f70d1cecf@redhat.com> (raw)
In-Reply-To: <20171010085803.307284-1-ruiyu.ni@intel.com>

On 10/10/17 10:58, Ruiyu Ni wrote:
> Current implementation skips to check whether the last four
> characters are digits when the OptionNumber is NULL.
> Even worse, it may incorrectly return FALSE when OptionNumber is
> NULL.
> 
> The patch fixes it to always check the variable name even
> OptionNumber is NULL.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Laszlo Ersek <lersek@redhat.com>
> ---
>  .../Library/UefiBootManagerLib/BmLoadOption.c      | 45 ++++++++++++++--------
>  1 file changed, 30 insertions(+), 15 deletions(-)
> 
> diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> index b0a35058d0..32918caf32 100644
> --- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
> @@ -785,6 +785,8 @@ EfiBootManagerIsValidLoadOptionVariableName (
>    UINTN                             VariableNameLen;
>    UINTN                             Index;
>    UINTN                             Uint;
> +  EFI_BOOT_MANAGER_LOAD_OPTION_TYPE LocalOptionType;
> +  UINT16                            LocalOptionNumber;
>  
>    if (VariableName == NULL) {
>      return FALSE;
> @@ -792,39 +794,52 @@ EfiBootManagerIsValidLoadOptionVariableName (
>  
>    VariableNameLen = StrLen (VariableName);
>  
> +  //
> +  // Return FALSE when the variable name length is too small.
> +  //
>    if (VariableNameLen <= 4) {
>      return FALSE;
>    }
>  
> -  for (Index = 0; Index < ARRAY_SIZE (mBmLoadOptionName); Index++) {
> -    if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[Index])) &&
> -        (StrnCmp (VariableName, mBmLoadOptionName[Index], VariableNameLen - 4) == 0)
> +  //
> +  // Return FALSE when the variable name doesn't start with Driver/SysPrep/Boot/PlatformRecovery.
> +  //
> +  for (LocalOptionType = 0; LocalOptionType < ARRAY_SIZE (mBmLoadOptionName); LocalOptionType++) {
> +    if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[LocalOptionType])) &&
> +        (StrnCmp (VariableName, mBmLoadOptionName[LocalOptionType], VariableNameLen - 4) == 0)
>          ) {
>        break;
>      }
>    }
> +  if (LocalOptionType == ARRAY_SIZE (mBmLoadOptionName)) {
> +    return FALSE;
> +  }
>  
> -  if (Index == ARRAY_SIZE (mBmLoadOptionName)) {
> +  //
> +  // Return FALSE when the last four characters are not hex digits.
> +  //
> +  LocalOptionNumber = 0;
> +  for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) {
> +    Uint = BmCharToUint (VariableName[Index]);
> +    if (Uint == -1) {
> +      break;
> +    } else {
> +      LocalOptionNumber = (UINT16) Uint + LocalOptionNumber * 0x10;
> +    }
> +  }
> +  if (Index != VariableNameLen) {
>      return FALSE;
>    }
>  
>    if (OptionType != NULL) {
> -    *OptionType = (EFI_BOOT_MANAGER_LOAD_OPTION_TYPE) Index;
> +    *OptionType = LocalOptionType;
>    }
>  
>    if (OptionNumber != NULL) {
> -    *OptionNumber = 0;
> -    for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) {
> -      Uint = BmCharToUint (VariableName[Index]);
> -      if (Uint == -1) {
> -        break;
> -      } else {
> -        *OptionNumber = (UINT16) Uint + *OptionNumber * 0x10;
> -      }
> -    }
> +    *OptionNumber = LocalOptionNumber;
>    }
>  
> -  return (BOOLEAN) (Index == VariableNameLen);
> +  return TRUE;
>  }
>  
>  /**
> 

I have some superficial comments:

- I think the subject should say

MdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL

- I'm not a huge fan of using enum types for loop counters; however, in
this case, I verified that there is LoadOptionTypeMax, and it equals
ARRAY_SIZE (mBmLoadOptionName). So it should be safe. If we want to be
more explicit about this, we could replace

  CHAR16 *mBmLoadOptionName[] = {

with

  CHAR16 *mBmLoadOptionName[LoadOptionTypeMax] = {

Anyway,

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Ard, can you test this patch in your original environment?

Thanks!
Laszlo

next prev parent reply	other threads:[~2017-10-10 16:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-10  8:58 [PATCH] MdeModulePkg/Bds: Check variable name even OptionNumber is NULL Ruiyu Ni
2017-10-10 16:59 ` Laszlo Ersek [this message]
2017-10-11 16:10   ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e0cbf589-1107-184e-385c-6d3f70d1cecf@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox