X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=MdeModulePkg%2FUniversal%2FHiiDatabaseDxe%2FConfigKeywordHandler.c;h=e88a0c45975fb9a3352d3069008d164902f48f29;hb=2295075793e53e4b158b1e2eddaac4e5b602e8a7;hp=c3cd064074a8213b3e736e3d16b255b7f183abf3;hpb=c24001450b0fcac86fde6d10c1564246e432e1f9;p=mirror_edk2.git diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c index c3cd064074..e88a0c4597 100644 --- a/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigKeywordHandler.c @@ -1321,10 +1321,12 @@ GetStringIdFromRecord ( HII_STRING_PACKAGE_INSTANCE *StringPackage; EFI_STATUS Status; CHAR8 *Name; + UINT32 RetVal; ASSERT (DatabaseRecord != NULL && NameSpace != NULL && KeywordValue != NULL); PackageListNode = DatabaseRecord->PackageList; + RetVal = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND; if (*NameSpace != NULL) { Name = *NameSpace; @@ -1338,7 +1340,8 @@ GetStringIdFromRecord ( if (AsciiStrnCmp(Name, StringPackage->StringPkgHdr->Language, AsciiStrLen (Name)) == 0) { Status = GetStringIdFromString (StringPackage, KeywordValue, StringId); if (EFI_ERROR (Status)) { - return KEYWORD_HANDLER_KEYWORD_NOT_FOUND; + RetVal = KEYWORD_HANDLER_KEYWORD_NOT_FOUND; + continue; } else { if (*NameSpace == NULL) { *NameSpace = AllocateCopyPool (AsciiStrSize (StringPackage->StringPkgHdr->Language), StringPackage->StringPkgHdr->Language); @@ -1351,7 +1354,7 @@ GetStringIdFromRecord ( } } - return KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND; + return RetVal; } /** @@ -1571,7 +1574,6 @@ GetWidth ( case EFI_IFR_TYPE_NUM_SIZE_64: return (UINT16) sizeof (UINT64) * ((EFI_IFR_ORDERED_LIST *) OpCodeData)->MaxContainers; - break; default: ASSERT (FALSE); @@ -1668,6 +1670,7 @@ ConstructConfigHdr ( CHAR16 *Name; CHAR8 *AsciiName; EFI_GUID *Guid; + UINTN MaxLen; ASSERT (OpCodeData != NULL); @@ -1731,7 +1734,8 @@ ConstructConfigHdr ( // GUID=32&NAME=NameLength&PATH=DevicePathSize // | 5 | sizeof (EFI_GUID) * 2 | 6 | NameStrLen*4 | 6 | DevicePathSize * 2 | 1 | // - String = AllocateZeroPool ((5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize * 2 + 1) * sizeof (CHAR16)); + MaxLen = 5 + sizeof (EFI_GUID) * 2 + 6 + NameLength * 4 + 6 + DevicePathSize * 2 + 1; + String = AllocateZeroPool (MaxLen * sizeof (CHAR16)); if (String == NULL) { return NULL; } @@ -1739,7 +1743,8 @@ ConstructConfigHdr ( // // Start with L"GUID=" // - ReturnString = StrCpy (String, L"GUID="); + StrCpyS (String, MaxLen, L"GUID="); + ReturnString = String; String += StrLen (String); if (Guid != NULL) { @@ -1754,7 +1759,7 @@ ConstructConfigHdr ( // // Append L"&NAME=" // - StrCpy (String, L"&NAME="); + StrCpyS (String, MaxLen, L"&NAME="); String += StrLen (String); if (Name != NULL) { @@ -1769,7 +1774,7 @@ ConstructConfigHdr ( // // Append L"&PATH=" // - StrCpy (String, L"&PATH="); + StrCpyS (String, MaxLen, L"&PATH="); String += StrLen (String); // @@ -1989,7 +1994,7 @@ ExtractConfigRequest ( UINT16 Width; CHAR16 *ConfigHdr; CHAR16 *RequestElement; - UINTN Length; + UINTN MaxLen; CHAR16 *StringPtr; ASSERT (DatabaseRecord != NULL && OpCodeData != NULL && ConfigRequest != NULL); @@ -2028,9 +2033,10 @@ ExtractConfigRequest ( } RequestElement = ConstructRequestElement(Name, Offset, Width); ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle); + ASSERT (ConfigHdr != NULL); - Length = (StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1) * sizeof (CHAR16); - *ConfigRequest = AllocatePool (Length); + MaxLen = StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1; + *ConfigRequest = AllocatePool (MaxLen * sizeof (CHAR16)); if (*ConfigRequest == NULL) { FreePool (ConfigHdr); FreePool (RequestElement); @@ -2038,13 +2044,13 @@ ExtractConfigRequest ( } StringPtr = *ConfigRequest; - StrCpy (StringPtr, ConfigHdr); + StrCpyS (StringPtr, MaxLen, ConfigHdr); StringPtr += StrLen (StringPtr); *StringPtr = L'&'; StringPtr++; - StrCpy (StringPtr, RequestElement); + StrCpyS (StringPtr, MaxLen, RequestElement); StringPtr += StrLen (StringPtr); *StringPtr = L'\0'; @@ -2095,7 +2101,7 @@ ExtractConfigResp ( UINT16 Width; CHAR16 *ConfigHdr; CHAR16 *RequestElement; - UINTN Length; + UINTN MaxLen; CHAR16 *StringPtr; ASSERT ((DatabaseRecord != NULL) && (OpCodeData != NULL) && (ConfigResp != NULL) && (ValueElement != NULL)); @@ -2135,9 +2141,10 @@ ExtractConfigResp ( RequestElement = ConstructRequestElement(Name, Offset, Width); ConfigHdr = ConstructConfigHdr(Storage, DatabaseRecord->DriverHandle); + ASSERT (ConfigHdr != NULL); - Length = (StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1 + StrLen (L"VALUE=") + StrLen(ValueElement) + 1) * sizeof (CHAR16); - *ConfigResp = AllocatePool (Length); + MaxLen = StrLen (ConfigHdr) + 1 + StrLen(RequestElement) + 1 + StrLen (L"VALUE=") + StrLen(ValueElement) + 1; + *ConfigResp = AllocatePool (MaxLen * sizeof (CHAR16)); if (*ConfigResp == NULL) { FreePool (ConfigHdr); FreePool (RequestElement); @@ -2145,22 +2152,22 @@ ExtractConfigResp ( } StringPtr = *ConfigResp; - StrCpy (StringPtr, ConfigHdr); + StrCpyS (StringPtr, MaxLen, ConfigHdr); StringPtr += StrLen (StringPtr); *StringPtr = L'&'; StringPtr++; - StrCpy (StringPtr, RequestElement); + StrCpyS (StringPtr, MaxLen, RequestElement); StringPtr += StrLen (StringPtr); *StringPtr = L'&'; StringPtr++; - StrCpy (StringPtr, L"VALUE="); + StrCpyS (StringPtr, MaxLen, L"VALUE="); StringPtr += StrLen (StringPtr); - StrCpy (StringPtr, ValueElement); + StrCpyS (StringPtr, MaxLen, ValueElement); StringPtr += StrLen (StringPtr); *StringPtr = L'\0'; @@ -2429,9 +2436,10 @@ GenerateKeywordResp ( } // - // 2. Allocate the buffer and create the KeywordResp string. + // 2. Allocate the buffer and create the KeywordResp string include '\0'. // - *KeywordResp = AllocatePool ((RespStrLen + 1) * sizeof (CHAR16)); + RespStrLen += 1; + *KeywordResp = AllocatePool (RespStrLen * sizeof (CHAR16)); if (*KeywordResp == NULL) { if (UnicodeNameSpace != NULL) { FreePool (UnicodeNameSpace); @@ -2444,36 +2452,36 @@ GenerateKeywordResp ( // // 2.1 Copy NameSpaceId section. // - StrCpy (RespStr, L"NAMESPACE="); + StrCpyS (RespStr, RespStrLen, L"NAMESPACE="); RespStr += StrLen (RespStr); - StrCpy (RespStr, UnicodeNameSpace); + StrCpyS (RespStr, RespStrLen, UnicodeNameSpace); RespStr += StrLen (RespStr); // // 2.2 Copy PathHdr section. // - StrCpy (RespStr, PathHdr); + StrCpyS (RespStr, RespStrLen, PathHdr); RespStr += StrLen (RespStr); // // 2.3 Copy Keyword section. // - StrCpy (RespStr, L"KEYWORD="); + StrCpyS (RespStr, RespStrLen, L"KEYWORD="); RespStr += StrLen (RespStr); - StrCpy (RespStr, KeywordData); + StrCpyS (RespStr, RespStrLen, KeywordData); RespStr += StrLen (RespStr); // // 2.4 Copy the Value section. // - StrCpy (RespStr, ValueStr); + StrCpyS (RespStr, RespStrLen, ValueStr); RespStr += StrLen (RespStr); // // 2.5 Copy ReadOnly section if exist. // if (ReadOnly) { - StrCpy (RespStr, L"&READONLY"); + StrCpyS (RespStr, RespStrLen, L"&READONLY"); RespStr += StrLen (RespStr); } @@ -2534,7 +2542,7 @@ MergeToMultiKeywordResp ( *StringPtr = L'&'; StringPtr++; - StrCpy (StringPtr, *KeywordResp); + StrCpyS (StringPtr, MultiKeywordRespLen / sizeof (CHAR16), *KeywordResp); return EFI_SUCCESS; } @@ -2565,7 +2573,6 @@ EnumerateAllKeywords ( UINT8 *DevicePathPkg; UINT8 *DevicePath; HII_DATABASE_RECORD *DataBaseRecord; - UINTN DevicePathSize; HII_DATABASE_PACKAGE_LIST_INSTANCE *PackageListNode; HII_STRING_PACKAGE_INSTANCE *StringPackage; CHAR8 *LocalNameSpace; @@ -2580,7 +2587,6 @@ EnumerateAllKeywords ( BOOLEAN ReadOnly; DataBaseRecord = NULL; - DevicePathSize = 0; Status = EFI_SUCCESS; MultiKeywordResp = NULL; DevicePath = NULL; @@ -2600,7 +2606,6 @@ EnumerateAllKeywords ( DataBaseRecord = CR (Link, HII_DATABASE_RECORD, DatabaseEntry, HII_DATABASE_RECORD_SIGNATURE); if ((DevicePathPkg = DataBaseRecord->PackageList->DevicePathPkg) != NULL) { DevicePath = DevicePathPkg + sizeof (EFI_HII_PACKAGE_HEADER); - DevicePathSize = GetDevicePathSize ((EFI_DEVICE_PATH_PROTOCOL *) DevicePath); } PackageListNode = DataBaseRecord->PackageList; @@ -2803,7 +2808,7 @@ EfiConfigKeywordHandlerSetData ( EFI_STATUS Status; CHAR16 *StringPtr; EFI_DEVICE_PATH_PROTOCOL *DevicePath; - CHAR16 *NextStringPtr; + CHAR16 *NextStringPtr; CHAR16 *KeywordData; EFI_STRING_ID KeywordStringId; UINT32 RetVal; @@ -2814,6 +2819,7 @@ EfiConfigKeywordHandlerSetData ( CHAR16 *ValueElement; BOOLEAN ReadOnly; EFI_STRING InternalProgress; + CHAR16 *TempString; if (This == NULL || Progress == NULL || ProgressErr == NULL || KeywordString == NULL) { return EFI_INVALID_PARAMETER; @@ -2822,7 +2828,6 @@ EfiConfigKeywordHandlerSetData ( *Progress = KeywordString; *ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR; Status = EFI_SUCCESS; - StringPtr = KeywordString; MultiConfigResp = NULL; NameSpace = NULL; DevicePath = NULL; @@ -2831,6 +2836,13 @@ EfiConfigKeywordHandlerSetData ( ConfigResp = NULL; KeywordStringId = 0; + // + // Use temp string to avoid changing input string buffer. + // + TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString); + ASSERT (TempString != NULL); + StringPtr = TempString; + while ((StringPtr != NULL) && (*StringPtr != L'\0')) { // // 1. Get NameSpace from NameSpaceId keyword. @@ -2838,8 +2850,18 @@ EfiConfigKeywordHandlerSetData ( Status = ExtractNameSpace (StringPtr, &NameSpace, &NextStringPtr); if (EFI_ERROR (Status)) { *ProgressErr = KEYWORD_HANDLER_MALFORMED_STRING; - return Status; + goto Done; + } + ASSERT (NameSpace != NULL); + // + // 1.1 Check whether the input namespace is valid. + // + if (AsciiStrnCmp(NameSpace, UEFI_CONFIG_LANG, AsciiStrLen (UEFI_CONFIG_LANG)) != 0) { + *ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR; + Status = EFI_INVALID_PARAMETER; + goto Done; } + StringPtr = NextStringPtr; // @@ -2957,6 +2979,8 @@ EfiConfigKeywordHandlerSetData ( *ProgressErr = KEYWORD_HANDLER_NO_ERROR; Done: + ASSERT (TempString != NULL); + FreePool (TempString); if (NameSpace != NULL) { FreePool (NameSpace); } @@ -3073,6 +3097,7 @@ EfiConfigKeywordHandlerGetData ( BOOLEAN ReadOnly; CHAR16 *KeywordResp; CHAR16 *MultiKeywordResp; + CHAR16 *TempString; if (This == NULL || Progress == NULL || ProgressErr == NULL || Results == NULL) { return EFI_INVALID_PARAMETER; @@ -3088,18 +3113,44 @@ EfiConfigKeywordHandlerGetData ( ReadOnly = FALSE; MultiKeywordResp = NULL; KeywordStringId = 0; + TempString = NULL; + // + // Use temp string to avoid changing input string buffer. + // + if (NameSpaceId != NULL) { + TempString = AllocateCopyPool (StrSize (NameSpaceId), NameSpaceId); + ASSERT (TempString != NULL); + } // // 1. Get NameSpace from NameSpaceId keyword. // - Status = ExtractNameSpace (NameSpaceId, &NameSpace, NULL); + Status = ExtractNameSpace (TempString, &NameSpace, NULL); + if (TempString != NULL) { + FreePool (TempString); + TempString = NULL; + } if (EFI_ERROR (Status)) { *ProgressErr = KEYWORD_HANDLER_NAMESPACE_ID_NOT_FOUND; return Status; } - + // + // 1.1 Check whether the input namespace is valid. + // + if (NameSpace != NULL){ + if (AsciiStrnCmp(NameSpace, UEFI_CONFIG_LANG, AsciiStrLen (UEFI_CONFIG_LANG)) != 0) { + *ProgressErr = KEYWORD_HANDLER_UNDEFINED_PROCESSING_ERROR; + return EFI_INVALID_PARAMETER; + } + } + if (KeywordString != NULL) { - StringPtr = KeywordString; + // + // Use temp string to avoid changing input string buffer. + // + TempString = AllocateCopyPool (StrSize (KeywordString), KeywordString); + ASSERT (TempString != NULL); + StringPtr = TempString; while (*StringPtr != L'\0') { // @@ -3220,6 +3271,9 @@ EfiConfigKeywordHandlerGetData ( *ProgressErr = KEYWORD_HANDLER_NO_ERROR; Done: + if (TempString != NULL) { + FreePool (TempString); + } if (NameSpace != NULL) { FreePool (NameSpace); }