Handle on-disk format and volume structures in UDF/ECMA-167 file systems.\r
\r
Copyright (C) 2014-2017 Paulo Alcantara <pcacjr@zytor.com>\r
+ Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials are licensed and made available\r
under the terms and conditions of the BSD License which accompanies this\r
break;\r
}\r
} else {\r
- Status = GetFileNameFromFid (FileIdentifierDesc, FoundFileName);\r
+ Status = GetFileNameFromFid (FileIdentifierDesc, ARRAY_SIZE (FoundFileName), FoundFileName);\r
if (EFI_ERROR (Status)) {\r
break;\r
}\r
while (*FilePath != L'\0') {\r
FileNamePointer = FileName;\r
while (*FilePath != L'\0' && *FilePath != L'\\') {\r
+ if ((((UINTN)FileNamePointer - (UINTN)FileName) / sizeof (CHAR16)) >=\r
+ (ARRAY_SIZE (FileName) - 1)) {\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
*FileNamePointer++ = *FilePath++;\r
}\r
\r
Get a filename (encoded in OSTA-compressed format) from a File Identifier\r
Descriptor on an UDF volume.\r
\r
+ @attention This is boundary function that may receive untrusted input.\r
+ @attention The input is from FileSystem.\r
+\r
+ The File Identifier Descriptor is external input, so this routine will do\r
+ basic validation for File Identifier Descriptor and report status.\r
+\r
@param[in] FileIdentifierDesc File Identifier Descriptor pointer.\r
+ @param[in] CharMax The maximum number of FileName Unicode char,\r
+ including terminating null char.\r
@param[out] FileName Decoded filename.\r
\r
@retval EFI_SUCCESS Filename decoded and read.\r
@retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.\r
+ @retval EFI_BUFFER_TOO_SMALL The string buffer FileName cannot hold the\r
+ decoded filename.\r
**/\r
EFI_STATUS\r
GetFileNameFromFid (\r
IN UDF_FILE_IDENTIFIER_DESCRIPTOR *FileIdentifierDesc,\r
+ IN UINTN CharMax,\r
OUT CHAR16 *FileName\r
)\r
{\r
- UINT8 *OstaCompressed;\r
- UINT8 CompressionId;\r
- UINT8 Length;\r
- UINTN Index;\r
+ UINT8 *OstaCompressed;\r
+ UINT8 CompressionId;\r
+ UINT8 Length;\r
+ UINTN Index;\r
+ CHAR16 *FileNameBak;\r
+\r
+ if (CharMax == 0) {\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
\r
OstaCompressed =\r
(UINT8 *)(\r
return EFI_VOLUME_CORRUPTED;\r
}\r
\r
+ FileNameBak = FileName;\r
+\r
//\r
// Decode filename.\r
//\r
Length = FileIdentifierDesc->LengthOfFileIdentifier;\r
+ if (CompressionId == 16) {\r
+ if (((UINTN)Length >> 1) > CharMax) {\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
+ } else {\r
+ if ((Length != 0) && ((UINTN)Length - 1 > CharMax)) {\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
+ }\r
+\r
for (Index = 1; Index < Length; Index++) {\r
if (CompressionId == 16) {\r
*FileName = OstaCompressed[Index++] << 8;\r
FileName++;\r
}\r
\r
- *FileName = L'\0';\r
+ Index = ((UINTN)FileName - (UINTN)FileNameBak) / sizeof (CHAR16);\r
+ if (Index > CharMax - 1) {\r
+ Index = CharMax - 1;\r
+ }\r
+ FileNameBak[Index] = L'\0';\r
\r
return EFI_SUCCESS;\r
}\r
/**\r
Resolve a symlink file on an UDF volume.\r
\r
+ @attention This is boundary function that may receive untrusted input.\r
+ @attention The input is from FileSystem.\r
+\r
+ The Path Component is external input, so this routine will do basic\r
+ validation for Path Component and report status.\r
+\r
@param[in] BlockIo BlockIo interface.\r
@param[in] DiskIo DiskIo interface.\r
@param[in] Volume UDF volume information structure.\r
Index) << 8;\r
Index++;\r
} else {\r
+ if (Index > ARRAY_SIZE (FileName)) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
*Char = 0;\r
}\r
\r
Char++;\r
}\r
\r
- *Char = L'\0';\r
+ Index = ((UINTN)Char - (UINTN)FileName) / sizeof (CHAR16);\r
+ if (Index > ARRAY_SIZE (FileName) - 1) {\r
+ Index = ARRAY_SIZE (FileName) - 1;\r
+ }\r
+ FileName[Index] = L'\0';\r
break;\r
}\r
\r