[edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference

Paulo Alcantara posted 1 patch 7 years, 3 months ago
Failed in applying to current master (apply log)
MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
[edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference
Posted by Paulo Alcantara 7 years, 3 months ago
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704

For root directory, the FID (File Identifier Descriptor) pointer is
accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root
directory and regular files, their FIDs are accessible through
PRIVATE_UDF_FILE_DATA.File.

In UdfSetPosition(), the FID was retrieved through
PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory,
PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and
then dereferenced.

This patch fixes the NULL pointer dereference by calling _FILE() to
transparently return the correct UDF_FILE_INFO * which points to a valid
FID descriptor of a specific file.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Steven Shi <steven.shi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Steven Shi <steven.shi@intel.com>
Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
---
 MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
index 8b9339567f..a1eb2196df 100644
--- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c
+++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
@@ -690,7 +690,8 @@ UdfSetPosition (
 
   PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This);
 
-  FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc;
+  FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc;
+  ASSERT (FileIdentifierDesc != NULL);
   if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) {
     //
     // If the file handle is a directory, the _only_ position that may be set is
-- 
2.11.0

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference
Posted by Laszlo Ersek 7 years, 3 months ago
On 09/12/17 03:30, Paulo Alcantara wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704
> 
> For root directory, the FID (File Identifier Descriptor) pointer is
> accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root
> directory and regular files, their FIDs are accessible through
> PRIVATE_UDF_FILE_DATA.File.
> 
> In UdfSetPosition(), the FID was retrieved through
> PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory,
> PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and
> then dereferenced.
> 
> This patch fixes the NULL pointer dereference by calling _FILE() to
> transparently return the correct UDF_FILE_INFO * which points to a valid
> FID descriptor of a specific file.
> 
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Steven Shi <steven.shi@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Reported-by: Steven Shi <steven.shi@intel.com>
> Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
> ---
>  MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
> index 8b9339567f..a1eb2196df 100644
> --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c
> +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
> @@ -690,7 +690,8 @@ UdfSetPosition (
>  
>    PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This);
>  
> -  FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc;
> +  FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc;
> +  ASSERT (FileIdentifierDesc != NULL);
>    if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) {
>      //
>      // If the file handle is a directory, the _only_ position that may be set is
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Thanks!
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference
Posted by Paulo Alcantara 7 years, 3 months ago

On 9/12/2017 8:27 AM, Laszlo Ersek wrote:
> On 09/12/17 03:30, Paulo Alcantara wrote:
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704
>>
>> For root directory, the FID (File Identifier Descriptor) pointer is
>> accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root
>> directory and regular files, their FIDs are accessible through
>> PRIVATE_UDF_FILE_DATA.File.
>>
>> In UdfSetPosition(), the FID was retrieved through
>> PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root directory,
>> PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would be NULL and
>> then dereferenced.
>>
>> This patch fixes the NULL pointer dereference by calling _FILE() to
>> transparently return the correct UDF_FILE_INFO * which points to a valid
>> FID descriptor of a specific file.
>>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Steven Shi <steven.shi@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Reported-by: Steven Shi <steven.shi@intel.com>
>> Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
>> ---
>>   MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
>> index 8b9339567f..a1eb2196df 100644
>> --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c
>> +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
>> @@ -690,7 +690,8 @@ UdfSetPosition (
>>   
>>     PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This);
>>   
>> -  FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc;
>> +  FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc;
>> +  ASSERT (FileIdentifierDesc != NULL);
>>     if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) {
>>       //
>>       // If the file handle is a directory, the _only_ position that may be set is
>>
> 
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Ping? :-)

Thanks!
Paulo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference
Posted by Zeng, Star 7 years, 3 months ago
Reviewed-by: Star Zeng <star.zeng@intel.com> and pushed at 11b4463e096523fe03ac840472d483652ae93904.


Thanks,
Star
-----Original Message-----
From: Paulo Alcantara [mailto:pcacjr@zytor.com] 
Sent: Thursday, September 14, 2017 9:59 PM
To: Laszlo Ersek <lersek@redhat.com>; edk2-devel@lists.01.org
Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [edk2] [PATCH] MdeModulePkg/UdfDxe: Fix NULL pointer dereference



On 9/12/2017 8:27 AM, Laszlo Ersek wrote:
> On 09/12/17 03:30, Paulo Alcantara wrote:
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=704
>>
>> For root directory, the FID (File Identifier Descriptor) pointer is 
>> accessible through PRIVATE_UDF_FILE_DATA.Root, whereas non-root 
>> directory and regular files, their FIDs are accessible through 
>> PRIVATE_UDF_FILE_DATA.File.
>>
>> In UdfSetPosition(), the FID was retrieved through 
>> PRIVATE_UDF_FILE_DATA.File, hence when calling it with a root 
>> directory, PRIVATE_UDF_FILE_DATA.File.FileIdentifierDescriptor would 
>> be NULL and then dereferenced.
>>
>> This patch fixes the NULL pointer dereference by calling _FILE() to 
>> transparently return the correct UDF_FILE_INFO * which points to a 
>> valid FID descriptor of a specific file.
>>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Steven Shi <steven.shi@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Reported-by: Steven Shi <steven.shi@intel.com>
>> Signed-off-by: Paulo Alcantara <pcacjr@zytor.com>
>> ---
>>   MdeModulePkg/Universal/Disk/UdfDxe/File.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c 
>> b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
>> index 8b9339567f..a1eb2196df 100644
>> --- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c
>> +++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c
>> @@ -690,7 +690,8 @@ UdfSetPosition (
>>   
>>     PrivFileData = PRIVATE_UDF_FILE_DATA_FROM_THIS (This);
>>   
>> -  FileIdentifierDesc = PrivFileData->File.FileIdentifierDesc;
>> +  FileIdentifierDesc = _FILE (PrivFileData)->FileIdentifierDesc;
>> +  ASSERT (FileIdentifierDesc != NULL);
>>     if (IS_FID_DIRECTORY_FILE (FileIdentifierDesc)) {
>>       //
>>       // If the file handle is a directory, the _only_ position that 
>> may be set is
>>
> 
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Ping? :-)

Thanks!
Paulo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel