BaseTools/EfiRom: Add checks for user/file inputs

author Hao Wu <hao.a.wu@intel.com>

Tue, 11 Oct 2016 03:08:41 +0000 (11:08 +0800)

committer Hao Wu <hao.a.wu@intel.com>

Tue, 8 Nov 2016 08:37:09 +0000 (16:37 +0800)
author Hao Wu <hao.a.wu@intel.com>
Tue, 11 Oct 2016 03:08:41 +0000 (11:08 +0800)
committer Hao Wu <hao.a.wu@intel.com>
Tue, 8 Nov 2016 08:37:09 +0000 (16:37 +0800)
diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c

index 622a12f04d89bda05630f2be433d59450cb99d2e..d95864abc919f4538e968368f75e959a53d775bb 100644 (file)
--- a/BaseTools/Source/C/EfiRom/EfiRom.c
+++ b/BaseTools/Source/C/EfiRom/EfiRom.c
@@ -979,7 +979,12 @@ Returns:
            Error (NULL, 0, 2000, "Invalid parameter", "Missing output file name with %s option!", Argv[0]);\r
            return STATUS_ERROR;\r
          }\r
-        strcpy (Options->OutFileName, Argv[1]);\r
+        if (strlen (Argv[1]) > MAX_PATH - 1) {\r
+          Error (NULL, 0, 2000, "Invalid parameter", "Output file name %s is too long!", Argv[1]);\r
+          return STATUS_ERROR;\r
+        }\r
+        strncpy (Options->OutFileName, Argv[1], MAX_PATH - 1);\r
+        Options->OutFileName[MAX_PATH - 1] = 0;\r
  \r
          Argv++;\r
          Argc--;\r
author	Hao Wu <hao.a.wu@intel.com>
	Tue, 11 Oct 2016 03:08:41 +0000 (11:08 +0800)
committer	Hao Wu <hao.a.wu@intel.com>
	Tue, 8 Nov 2016 08:37:09 +0000 (16:37 +0800)