[edk2] MdePkg: ensure SafeString length functions don't access beyond MaxSize

Message ID 1436534460-28856-1-git-send-email-leif.lindholm@linaro.org
State New
Headers show

Commit Message

Leif Lindholm July 10, 2015, 1:21 p.m.
The StrnLenS and AsciiStrnLenS functions, when presented with a string
with no terminating NULL in the first MaxSize characters will check
the character at String[MaxSize] before checking if Length < MaxSize.
(They return the correct value, but have accessed beyond the stated
limit in the process.)

Flip the order of the tests to prevent this behaviour.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
 MdePkg/Library/BaseLib/SafeString.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7c1b075..b0e1ce7 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -141,7 +141,7 @@  StrnLenS (
   // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
   // be accessed by StrnLenS.
   //
-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
     ;
   }
   return Length;
@@ -551,7 +551,7 @@  AsciiStrnLenS (
   // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
   // be accessed by AsciiStrnLenS.
   //
-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
     ;
   }
   return Length;