1. Patchew
  2. EDK2
  3. [edk2] [PATCH 00/17] BaseTools/C: Code refinements
  4. View patch

[edk2] [PATCH 09/17] BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls

Hao Wu posted 17 patches 7 years ago
[edk2] [PATCH 09/17] BaseTools/EfiRom: Add/refine boundary checks for strcpy/strcat calls
Posted by Hao Wu 7 years ago 
Add checks to ensure when the destination string buffer is of fixed
size, the strcpy/strcat functions calls will not access beyond the
boundary.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 BaseTools/Source/C/EfiRom/EfiRom.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
index 6648f4c738..fc3b5ad277 100644
--- a/BaseTools/Source/C/EfiRom/EfiRom.c
+++ b/BaseTools/Source/C/EfiRom/EfiRom.c
@@ -96,7 +96,13 @@ Returns:
   //
   if (!mOptions.OutFileName[0]) {
     if (mOptions.FileList != NULL) {
-      strcpy (mOptions.OutFileName, mOptions.FileList->FileName);
+      if (strlen (mOptions.FileList->FileName) >= MAX_PATH) {
+        Status = STATUS_ERROR;
+        Error (NULL, 0, 2000, "Invalid parameter", "Input file name is too long - %s.", mOptions.FileList->FileName);
+        goto BailOut;
+      }
+      strncpy (mOptions.OutFileName, mOptions.FileList->FileName, MAX_PATH - 1);
+      mOptions.OutFileName[MAX_PATH - 1] = 0;
       //
       // Find the last . on the line and replace the filename extension with
       // the default
-- 
2.12.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-8c64711

© 2016 - 2025 Red Hat, Inc.