BaseTools/EfiRom: Add checks for user/file inputs

[mirror_edk2.git] / BaseTools / Source / C / EfiRom / EfiRom.c

diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
index 622a12f04d89bda05630f2be433d59450cb99d2e..d95864abc919f4538e968368f75e959a53d775bb 100644 (file)
--- a/BaseTools/Source/C/EfiRom/EfiRom.c
+++ b/BaseTools/Source/C/EfiRom/EfiRom.c
@@ -979,7 +979,12 @@ Returns:
           Error (NULL, 0, 2000, "Invalid parameter", "Missing output file name with %s option!", Argv[0]);\r
           return STATUS_ERROR;\r
         }\r
-        strcpy (Options->OutFileName, Argv[1]);\r
+        if (strlen (Argv[1]) > MAX_PATH - 1) {\r
+          Error (NULL, 0, 2000, "Invalid parameter", "Output file name %s is too long!", Argv[1]);\r
+          return STATUS_ERROR;\r
+        }\r
+        strncpy (Options->OutFileName, Argv[1], MAX_PATH - 1);\r
+        Options->OutFileName[MAX_PATH - 1] = 0;\r
 \r
         Argv++;\r
         Argc--;\r