MdePkg/BaseLib: Avoid reading content beyond string boundary

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=705

As mentioned in the above Bugzilla link by Steven, within the function
PathCleanUpDirectories(), when executing command:
"cd ."

under Shell, the input parameter 'Path' string will have string length
less than 2. Hence, it is possible for the below statement:
"if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {"

to read contents before the string boundary.

This commit adds additional checks to avoid this.

Cc: Steven Shi <steven.shi@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

diff --git a/MdePkg/Library/BaseLib/FilePaths.c b/MdePkg/Library/BaseLib/FilePaths.c
index 203045ccdc8f253f564e26eaea21670acc1c35a3..d6f3758ecb10275ad12d33f39c0859ac74fa2144 100644 (file)
--- a/MdePkg/Library/BaseLib/FilePaths.c
+++ b/MdePkg/Library/BaseLib/FilePaths.c
@@ -1,7 +1,7 @@
 /** @file\r
   Defines file-path manipulation functions.\r
 \r
-  Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
   which accompanies this distribution.  The full text of the license may be found at\r
@@ -91,7 +91,7 @@ PathCleanUpDirectories(
   while ((TempString = StrStr (Path, L"\\.\\")) != NULL) {\r
     CopyMem (TempString, TempString + 2, StrSize (TempString + 2));\r
   }\r
-  if (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0) {\r
+  if ((StrLen (Path) >= 2) && (StrCmp (Path + StrLen (Path) - 2, L"\\.") == 0)) {\r
     Path[StrLen (Path) - 1] = CHAR_NULL;\r
   }\r
 \r