From nobody Mon Dec 23 13:48:14 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1516673689192491.05543326760926; Mon, 22 Jan 2018 18:14:49 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 2DFFF22333788; Mon, 22 Jan 2018 18:09:21 -0800 (PST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1729F22333785 for ; Mon, 22 Jan 2018 18:09:18 -0800 (PST) Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Jan 2018 18:14:44 -0800 Received: from jwang36-mobl2.ccr.corp.intel.com ([10.239.192.151]) by fmsmga006.fm.intel.com with ESMTP; 22 Jan 2018 18:14:43 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,398,1511856000"; d="scan'208";a="197940930" From: Jian J Wang To: edk2-devel@lists.01.org Date: Tue, 23 Jan 2018 10:14:41 +0800 Message-Id: <20180123021441.4784-1-jian.j.wang@intel.com> X-Mailer: git-send-email 2.15.1.windows.2 Subject: [edk2] [PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In the for-loop condition of original code, the expression *CurrentCommand !=3D CHAR_NULL=20 is put before expression CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) When CurrentCommand walks to the end of string buffer, one more character over the end of string buffer will be read and then stop. To fix this issue, just move the last expression to the first one. Because of short-circuit evaludation of and-expression, the following one *CurrentCommand !=3D CHAR_NULL will not be evaluated if the expression before it is evaludated as FALSE. Cc: Ruiyu Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/= Library/UefiShellLevel3CommandsLib/Help.c index a71ade3a20..75e3d74200 100644 --- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c +++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c @@ -397,7 +397,7 @@ ShellCommandRunHelp ( CopyListOfCommandNamesWithDynamic(&SortedCommandList, &SortedComma= ndListSize); =20 for (CurrentCommand =3D SortedCommandList=20 - ; CurrentCommand !=3D NULL && *CurrentCommand !=3D CHAR_NULL && = CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) + ; CurrentCommand < SortedCommandList + SortedCommandListSize/siz= eof(CHAR16) && CurrentCommand !=3D NULL && *CurrentCommand !=3D CHAR_NULL ; CurrentCommand +=3D StrLen(CurrentCommand) + 1 ) { // --=20 2.15.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel