From: Qiu Shumin Date: Mon, 25 Aug 2014 08:04:52 +0000 (+0000) Subject: Append the terminating null character at the end of the string to avoid buffer overflow. X-Git-Tag: edk2-stable201903~11107 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=a361d391601b82b4e9c1877f53c0dfe753febd43 Append the terminating null character at the end of the string to avoid buffer overflow. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qiu Shumin Reviewed-by: Fu Siyuan git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15888 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c index 54de16ca5f..aa73132cb5 100644 --- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c +++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.c @@ -60,7 +60,8 @@ PxeBcCheckPacket ( if (Packet->OpCode == EFI_MTFTP4_OPCODE_ERROR) { Private->Mode.TftpErrorReceived = TRUE; Private->Mode.TftpError.ErrorCode = (UINT8) Packet->Error.ErrorCode; - AsciiStrnCpy (Private->Mode.TftpError.ErrorString, (CHAR8 *) Packet->Error.ErrorMessage, 127); + AsciiStrnCpy (Private->Mode.TftpError.ErrorString, (CHAR8 *) Packet->Error.ErrorMessage, PXE_MTFTP_ERROR_STRING_LENGTH); + Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0'; } if (Callback != NULL) { @@ -162,8 +163,9 @@ PxeBcTftpGetFileSize ( AsciiStrnCpy ( Private->Mode.TftpError.ErrorString, (CHAR8 *) Packet->Error.ErrorMessage, - 127 + PXE_MTFTP_ERROR_STRING_LENGTH ); + Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0'; } goto ON_ERROR; } diff --git a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h index 534daa9e1b..9920aff8b0 100644 --- a/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h +++ b/MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcMtftp.h @@ -1,7 +1,7 @@ /** @file Mtftp routines for PxeBc. -Copyright (c) 2007 - 2009, Intel Corporation. All rights reserved.
+Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -21,6 +21,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define PXE_MTFTP_OPTION_MULTICAST_INDEX 3 #define PXE_MTFTP_OPTION_MAXIMUM_INDEX 4 +#define PXE_MTFTP_ERROR_STRING_LENGTH 127 + /** This function is to get size of a file by Tftp. diff --git a/NetworkPkg/Application/IpsecConfig/Indexer.c b/NetworkPkg/Application/IpsecConfig/Indexer.c index 1762bbeb58..9e066b1cb5 100644 --- a/NetworkPkg/Application/IpsecConfig/Indexer.c +++ b/NetworkPkg/Application/IpsecConfig/Indexer.c @@ -1,7 +1,7 @@ /** @file The implementation of construct ENTRY_INDEXER in IpSecConfig application. - Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+ Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -234,6 +234,7 @@ ConstructPadIndexer ( } Indexer->PadId.PeerIdValid = TRUE; + ZeroMem (Indexer->PadId.Id.PeerId, MAX_PEERID_LEN); StrnCpy ((CHAR16 *) Indexer->PadId.Id.PeerId, ValueStr, ARRAY_SIZE (Indexer->PadId.Id.PeerId) - 1); } } diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c b/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c index 9a80dc5e38..09196c7ac6 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcMtftp.c @@ -69,6 +69,7 @@ PxeBcMtftp6CheckPacket ( (CHAR8 *) Packet->Error.ErrorMessage, PXE_MTFTP_ERROR_STRING_LENGTH ); + Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0'; } if (Callback != NULL) { @@ -182,6 +183,7 @@ PxeBcMtftp6GetFileSize ( (CHAR8 *) Packet->Error.ErrorMessage, PXE_MTFTP_ERROR_STRING_LENGTH ); + Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0'; } goto ON_ERROR; } @@ -511,6 +513,7 @@ PxeBcMtftp4CheckPacket ( (CHAR8 *) Packet->Error.ErrorMessage, PXE_MTFTP_ERROR_STRING_LENGTH ); + Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0'; } if (Callback != NULL) { @@ -624,6 +627,7 @@ PxeBcMtftp4GetFileSize ( (CHAR8 *) Packet->Error.ErrorMessage, PXE_MTFTP_ERROR_STRING_LENGTH ); + Private->Mode.TftpError.ErrorString[PXE_MTFTP_ERROR_STRING_LENGTH - 1] = '\0'; } goto ON_ERROR; }