MdeModulePkg/UdfDxe: Content check for 'File' in ResolveSymlink()

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1279

The content within 'File' is the output data for ResolveSymlink(). This
commit will add checks to ensure the content in 'File' is valid.
Otherwise, possible null pointer dereference issue will occur during the
subsequent usage of the data returned by ResolveSymlink().

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
index fed3da1fa18a93adc57813189cc63b137bb00202..14b1deac92af63a3a558b7686ea76f75aba7ce1c 100644 (file)
--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
+++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c
@@ -2145,6 +2145,8 @@ ResolveSymlink (
   UINT8               CompressionId;\r
   UDF_FILE_INFO       PreviousFile;\r
 \r
+  ZeroMem ((VOID *)File, sizeof (UDF_FILE_INFO));\r
+\r
   //\r
   // Symlink files on UDF volumes do not contain so much data other than\r
   // Path Components which resolves to real filenames, so it's OK to read in\r
@@ -2288,6 +2290,14 @@ ResolveSymlink (
       break;\r
     }\r
 \r
+    //\r
+    // Check the content in the file info pointed by File.\r
+    //\r
+    if ((File->FileEntry == NULL) || (File->FileIdentifierDesc == NULL)) {\r
+      Status = EFI_VOLUME_CORRUPTED;\r
+      goto Error_Find_File;\r
+    }\r
+\r
     if (CompareMem ((VOID *)&PreviousFile, (VOID *)Parent,\r
                     sizeof (UDF_FILE_INFO)) != 0) {\r
       CleanupFileInformation (&PreviousFile);\r
@@ -2301,6 +2311,13 @@ ResolveSymlink (
   //\r
   FreePool (ReadFileInfo.FileData);\r
 \r
+  //\r
+  // Check the content in the resolved file info.\r
+  //\r
+  if ((File->FileEntry == NULL) || (File->FileIdentifierDesc == NULL)) {\r
+    return EFI_VOLUME_CORRUPTED;\r
+  }\r
+\r
   return EFI_SUCCESS;\r
 \r
 Error_Find_File:\r