[edk2] [PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read

Jian J Wang posted 1 patch 6 years, 11 months ago
Failed in applying to current master (apply log)
ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[edk2] [PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read
Posted by Jian J Wang 6 years, 11 months ago
> v2:
>    Keep condition "CurrentCommand != NULL" as the first one.

In the for-loop condition of original code, the expression

  *CurrentCommand != CHAR_NULL 

is put before expression

  CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16)

When CurrentCommand walks to the end of string buffer, one more character
over the end of string buffer will be read and then stop.

To fix this issue, just move the last expression to the first one. Because
of short-circuit evaludation of and-expression, the following one

  *CurrentCommand != CHAR_NULL

will not be evaluated if the expression before it is evaludated as FALSE.

Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
index a71ade3a20..f6159c1335 100644
--- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
+++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
@@ -397,7 +397,7 @@ ShellCommandRunHelp (
         CopyListOfCommandNamesWithDynamic(&SortedCommandList, &SortedCommandListSize);
 
         for (CurrentCommand = SortedCommandList 
-          ; CurrentCommand != NULL && *CurrentCommand != CHAR_NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16)
+          ; CurrentCommand != NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) && *CurrentCommand != CHAR_NULL
           ; CurrentCommand += StrLen(CurrentCommand) + 1
           ) {
           //
-- 
2.15.1.windows.2

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] ShellPkg/UefiShellLevel3CommandsLib: fix string over-read
Posted by Ni, Ruiyu 6 years, 11 months ago
On 1/24/2018 12:50 PM, Jian J Wang wrote:
>> v2:
>>     Keep condition "CurrentCommand != NULL" as the first one.
> 
> In the for-loop condition of original code, the expression
> 
>    *CurrentCommand != CHAR_NULL
> 
> is put before expression
> 
>    CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16)
> 
> When CurrentCommand walks to the end of string buffer, one more character
> over the end of string buffer will be read and then stop.
> 
> To fix this issue, just move the last expression to the first one. Because
> of short-circuit evaludation of and-expression, the following one
> 
>    *CurrentCommand != CHAR_NULL
> 
> will not be evaluated if the expression before it is evaludated as FALSE.
> 
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>   ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
> index a71ade3a20..f6159c1335 100644
> --- a/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
> +++ b/ShellPkg/Library/UefiShellLevel3CommandsLib/Help.c
> @@ -397,7 +397,7 @@ ShellCommandRunHelp (
>           CopyListOfCommandNamesWithDynamic(&SortedCommandList, &SortedCommandListSize);
>   
>           for (CurrentCommand = SortedCommandList
> -          ; CurrentCommand != NULL && *CurrentCommand != CHAR_NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16)
> +          ; CurrentCommand != NULL && CurrentCommand < SortedCommandList + SortedCommandListSize/sizeof(CHAR16) && *CurrentCommand != CHAR_NULL
>             ; CurrentCommand += StrLen(CurrentCommand) + 1
>             ) {
>             //
> 
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

-- 
Thanks,
Ray
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel