ArmPlatformPkg/Bds: Fixed potential overflow in EditHIInputStr()

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Signed-off: Olivier Martin <olivier.martin@arm.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14393 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/ArmPlatformPkg/Bds/BdsHelper.c b/ArmPlatformPkg/Bds/BdsHelper.c
index 459ebc39fcbdd5afc266d1675336d0d885138aa2..fa3026c8ffd8addaaaed99ad77c7b23055df705e 100644 (file)
--- a/ArmPlatformPkg/Bds/BdsHelper.c
+++ b/ArmPlatformPkg/Bds/BdsHelper.c
@@ -1,6 +1,6 @@
 /** @file\r
 *\r
-*  Copyright (c) 2011-2012, ARM Limited. All rights reserved.\r
+*  Copyright (c) 2011-2013, ARM Limited. All rights reserved.\r
 *  \r
 *  This program and the accompanying materials                          \r
 *  are licensed and made available under the terms and conditions of the BSD License         \r
@@ -26,9 +26,16 @@ EditHIInputStr (
   EFI_INPUT_KEY   Key;\r
   EFI_STATUS      Status;\r
 \r
+  // The command line must be at least one character long\r
+  ASSERT (MaxCmdLine > 0);\r
+\r
   Print (CmdLine);\r
 \r
-  for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine; ) {\r
+  // Ensure the last character of the buffer is the NULL character\r
+  CmdLine[MaxCmdLine - 1] = '\0';\r
+\r
+  // To prevent a buffer overflow, we only allow to enter (MaxCmdLine-1) characters\r
+  for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine-1; ) {\r
     Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &WaitIndex);\r
     ASSERT_EFI_ERROR (Status);\r
 \r