From 7c0e8053f220ddf463677ec70fe89fda498249ba Mon Sep 17 00:00:00 2001
From: Jian J Wang <jian.j.wang@intel.com>
Date: Thu, 14 Feb 2019 17:57:47 +0800
Subject: [PATCH] MdePkg/UefiDevicePathLibDevicePathProtocol: Add sanity check
 for FilePath device path

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497

Current implementation of IsDevicePathValid() is not enough for type
of MEDIA_FILEPATH_DP, which has NULL-terminated string in the device
path. This patch add a simple NULL character check at Length position.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
 .../UefiDevicePathLib.c                                  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
index 9a0ee42fd1..c8e78d2373 100644
--- a/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
+++ b/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c
@@ -138,6 +138,15 @@ IsDevicePathValid (
         return FALSE;
       }
     }
+
+    //
+    // FilePath must be a NULL-terminated string.
+    //
+    if (DevicePathType (DevicePath) == MEDIA_DEVICE_PATH &&
+        DevicePathSubType (DevicePath) == MEDIA_FILEPATH_DP &&
+        *(CHAR16 *)((UINT8 *)DevicePath + NodeLength - 2) != 0) {
+      return FALSE;
+    }
   }
 
   //
-- 
2.39.2