]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a6d594c)
SecurityPkg OpalPasswordDxe: Fix buffer overflow issue.
authorDong, Eric <eric.dong@intel.com>
Tue, 2 Aug 2016 11:32:30 +0000 (19:32 +0800)
committerStar Zeng <star.zeng@intel.com>
Wed, 3 Aug 2016 01:21:27 +0000 (09:21 +0800)
In current code, PSID is processed as string and the length is 0x20.
Current code only reserved 0x20 length buffer for it, no extra buffer
for the '\0'. When driver call UnicodeStrToAsciiStrS to convert PSID,
it search the '\0' for the end. So extra dirty data saved in PSID
info which caused PSID revert action failed. This patch reserved
extra 1 byte data for the '\0'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c patch | blob | blame | history
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h patch | blob | blame | history

diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 9a44c5697e8e0d8ebea5fabe9c4d6e06f3708216..ee73697d80a95ccedd155e9859278266b7aaa710 100644 (file)
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -595,12 +595,15 @@ HiiPsidRevert(
   OPAL_DISK                     *OpalDisk;\r
   TCG_RESULT                    Ret;\r
   OPAL_SESSION                  Session;\r
+  UINT8                         TmpBuf[PSID_CHARACTER_STRING_END_LENGTH];\r
 \r
   Ret = TcgResultFailure;\r
 \r
   OpalHiiGetBrowserData();\r
 \r
-  UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)Psid.Psid, PSID_CHARACTER_LENGTH);\r
+  ZeroMem (TmpBuf, sizeof (TmpBuf));\r
+  UnicodeStrToAsciiStrS (gHiiConfiguration.Psid, (CHAR8*)TmpBuf, PSID_CHARACTER_STRING_END_LENGTH);\r
+  CopyMem (Psid.Psid, TmpBuf, PSID_CHARACTER_LENGTH);\r
 \r
   OpalDisk = HiiGetOpalDiskCB (gHiiConfiguration.SelectedDiskIndex);\r
   if (OpalDisk != NULL) {\r
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h
index 138bcb89358653bc6490287a8aba2af4c7750696..88cf9f5b59ddda8a0e0772fcb157f187bd26ae2c 100644 (file)
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormValues.h
@@ -21,6 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 \r
 // PSID Length\r
 #define PSID_CHARACTER_LENGTH                              0x20\r
+#define PSID_CHARACTER_STRING_END_LENGTH                   0x21\r
 \r
 // ID's for various forms that will be used by HII\r
 #define FORMID_VALUE_MAIN_MENU                             0x01\r
@@ -38,7 +39,7 @@ typedef struct {
     UINT8   KeepUserData;\r
     UINT16  AvailableFields;\r
     UINT16  Password[MAX_PASSWORD_CHARACTER_LENGTH];\r
-    UINT16  Psid[PSID_CHARACTER_LENGTH];\r
+    UINT16  Psid[PSID_CHARACTER_STRING_END_LENGTH];\r
     UINT8   EnableBlockSid;\r
 } OPAL_HII_CONFIGURATION;\r
 #pragma pack()\r
EFI Development Kit II mirror for PVE