From patchwork Mon Jul 13 10:29:47 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leif Lindholm <leif.lindholm@linaro.org>
X-Patchwork-Id: 51068
Return-Path: <patchwork-forward+bncBDT5PUNIR4DBBM5GR2WQKGQEY46XW4A@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wg0-f69.google.com (mail-wg0-f69.google.com [74.125.82.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 9593A202B9
 for <linaro@patches.linaro.org>; Mon, 13 Jul 2015 10:30:12 +0000 (UTC)
Received: by wgjx7 with SMTP id x7sf101880353wgj.3
 for <linaro@patches.linaro.org>; Mon, 13 Jul 2015 03:30:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:mime-version:in-reply-to:references
 :date:message-id:from:to:content-type:cc:subject:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :errors-to:x-original-sender:x-original-authentication-results
 :mailing-list;
 bh=dNG+UGkf5jJblfRYebAGkeEbEuZsTesefCYPPx+UBlA=;
 b=lEKNaowq0mhGA2cFriahifoCz079oBbhgMfElp0z9iWE+GfHuwcsDLqzugZxZTCpXS
 NBk49Rq+ssB9vqaWXpq2P9j5qz4/+Jb1kIZeIh9OWwY4GNwBQtMwsNbrGKojybZJfD4M
 h5LTRNUVorr0ytD9ZDOPF7GX5s7/IVS5v685fGbi19iiwDQtTdLwGkV/Iy8ThkZKZbkB
 4yoxppCCmTJNgp4nLleQad5j/Q8JWC4OGYbTtcmptd2zWmKLhb21CeDSaK+rS508RNW9
 /YCxIqQwFPXXV1ZMfHY/nqc6/6oOH3GA90uuTsltAKAoTZBsMd7d3ejvizZ7f6bNQxDX
 QjaQ==
X-Gm-Message-State: ALoCoQkB+L2ZUSOpyGc3EQsIpupYHGY7z5v7FHnZke1n+MkStN3XQhHl8oGxAEgPgXVqrFNgan0H
X-Received: by 10.112.139.137 with SMTP id qy9mr18130666lbb.17.1436783411780; 
 Mon, 13 Jul 2015 03:30:11 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.23.195 with SMTP id o3ls1521014laf.1.gmail; Mon, 13 Jul
 2015 03:30:11 -0700 (PDT)
X-Received: by 10.112.205.1 with SMTP id lc1mr31685225lbc.94.1436783411622; 
 Mon, 13 Jul 2015 03:30:11 -0700 (PDT)
Received: from mail-la0-f42.google.com (mail-la0-f42.google.com.
 [209.85.215.42]) by mx.google.com with ESMTPS id
 z7si14560885laj.139.2015.07.13.03.30.11
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 13 Jul 2015 03:30:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.42 as permitted sender) client-ip=209.85.215.42; 
Received: by lahh5 with SMTP id h5so13708520lah.2
 for <patchwork-forward@linaro.org>;
 Mon, 13 Jul 2015 03:30:11 -0700 (PDT)
X-Received: by 10.112.198.74 with SMTP id ja10mr31689091lbc.19.1436783411465; 
 Mon, 13 Jul 2015 03:30:11 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.108.230 with SMTP id hn6csp1635328lbb;
 Mon, 13 Jul 2015 03:30:10 -0700 (PDT)
X-Received: by 10.107.135.148 with SMTP id r20mr15997604ioi.153.1436783409541; 
 Mon, 13 Jul 2015 03:30:09 -0700 (PDT)
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88])
 by mx.google.com with ESMTPS id b7si5279922igf.27.2015.07.13.03.30.08
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 13 Jul 2015 03:30:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 edk2-devel-bounces@lists.sourceforge.net designates
 216.34.181.88 as permitted sender) client-ip=216.34.181.88; 
Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com)
 by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
 (envelope-from <edk2-devel-bounces@lists.sourceforge.net>)
 id 1ZEazj-0002bC-A2; Mon, 13 Jul 2015 10:29:55 +0000
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
 helo=mx.sourceforge.net)
 by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
 (envelope-from <leif.lindholm@linaro.org>) id 1ZEazh-0002b2-LG
 for edk2-devel@lists.sourceforge.net; Mon, 13 Jul 2015 10:29:53 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of linaro.org
 designates 209.85.213.172 as permitted sender)
 client-ip=209.85.213.172; envelope-from=leif.lindholm@linaro.org;
 helo=mail-ig0-f172.google.com;
Received: from mail-ig0-f172.google.com ([209.85.213.172])
 by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
 (Exim 4.76) id 1ZEazg-00086X-IO
 for edk2-devel@lists.sourceforge.net; Mon, 13 Jul 2015 10:29:53 +0000
Received: by igcqs7 with SMTP id qs7so53788612igc.0
 for <edk2-devel@lists.sourceforge.net>;
 Mon, 13 Jul 2015 03:29:47 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.161.206 with SMTP id
 k197mr16705337ioe.100.1436783387209; 
 Mon, 13 Jul 2015 03:29:47 -0700 (PDT)
Received: by 10.64.88.225 with HTTP; Mon, 13 Jul 2015 03:29:47 -0700 (PDT)
In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A111A953BE@shsmsx102.ccr.corp.intel.com>
References: <1436534460-28856-1-git-send-email-leif.lindholm@linaro.org>
 <74D8A39837DF1E4DA445A8C0B3885C5001349120@shsmsx102.ccr.corp.intel.com>
 <4A89E2EF3DFEDB4C8BFDE51014F606A111A953BE@shsmsx102.ccr.corp.intel.com>
Date: Mon, 13 Jul 2015 11:29:47 +0100
Message-ID: <CAF7UmSzZ9hkGD2N9R0Xd1jCninQ==Xw4szmXQD1jt6oWb8WEdw@mail.gmail.com>
From: Leif Lindholm <leif.lindholm@linaro.org>
To: "Gao, Liming" <liming.gao@intel.com>
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
 sender-domain
 -0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1ZEazg-00086X-IO
Cc: "edk2-devel@lists.sourceforge.net" <edk2-devel@lists.sourceforge.net>,
 "linaro-uefi@lists.linaro.org" <linaro-uefi@lists.linaro.org>
Subject: Re: [edk2] [Linaro-uefi] [PATCH] MdePkg: ensure SafeString length
 functions don't access beyond MaxSize
X-BeenThere: edk2-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: edk2-devel-bounces@lists.sourceforge.net
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: leif.lindholm@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.42 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

Sure - please find attached.

Regards,

Leif

On 13 July 2015 at 07:33, Gao, Liming <liming.gao@intel.com> wrote:
> Reviewed-by: Liming Gao <liming.gao@intel.com>
>
> Besides, if you expect me to commit this patch, please send the patch as attachment to me, I would like to help do it.
>
> Thanks
> Liming
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Monday, July 13, 2015 12:11 PM
> To: Leif Lindholm; edk2-devel@lists.sourceforge.net
> Cc: Kinney, Michael D; Gao, Liming; linaro-uefi@lists.linaro.org
> Subject: RE: [Linaro-uefi] [PATCH] MdePkg: ensure SafeString length functions don't access beyond MaxSize
>
> Thank to catch this.
>
> Reviewed by: Yao, Jiewen <Jiewen.Yao@intel.com>
>
>
> -----Original Message-----
> From: Linaro-uefi [mailto:linaro-uefi-bounces@lists.linaro.org] On Behalf Of Leif Lindholm
> Sent: Friday, July 10, 2015 9:21 PM
> To: edk2-devel@lists.sourceforge.net
> Cc: Kinney, Michael D; Gao, Liming; linaro-uefi@lists.linaro.org
> Subject: [Linaro-uefi] [PATCH] MdePkg: ensure SafeString length functions don't access beyond MaxSize
>
> The StrnLenS and AsciiStrnLenS functions, when presented with a string with no terminating NULL in the first MaxSize characters will check the character at String[MaxSize] before checking if Length < MaxSize.
> (They return the correct value, but have accessed beyond the stated limit in the process.)
>
> Flip the order of the tests to prevent this behaviour.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
> ---
>  MdePkg/Library/BaseLib/SafeString.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
> index 7c1b075..b0e1ce7 100644
> --- a/MdePkg/Library/BaseLib/SafeString.c
> +++ b/MdePkg/Library/BaseLib/SafeString.c
> @@ -141,7 +141,7 @@ StrnLenS (
>    // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
>    // be accessed by StrnLenS.
>    //
> -  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
> +  for (Length = 0; (Length < MaxSize) && (*String != 0); String++,
> + Length++) {
>      ;
>    }
>    return Length;
> @@ -551,7 +551,7 @@ AsciiStrnLenS (
>    // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
>    // be accessed by AsciiStrnLenS.
>    //
> -  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
> +  for (Length = 0; (Length < MaxSize) && (*String != 0); String++,
> + Length++) {
>      ;
>    }
>    return Length;
> --
> 2.1.4
>
> _______________________________________________
> Linaro-uefi mailing list
> Linaro-uefi@lists.linaro.org
> https://lists.linaro.org/mailman/listinfo/linaro-uefi
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

>From 98dc45e7de665deef2e9e2bea3c3ac63ff07380a Mon Sep 17 00:00:00 2001
From: Leif Lindholm <leif.lindholm@linaro.org>
Date: Fri, 10 Jul 2015 13:59:30 +0100
Subject: [PATCH] MdePkg: ensure SafeString length functions don't access
 beyond MaxSize

The StrnLenS and AsciiStrnLenS functions, when presented with a string
with no terminating NULL in the first MaxSize characters will check
the character at String[MaxSize] before checking if Length < MaxSize.
(They return the correct value, but have accessed beyond the stated
limit in the process.)

Flip the order of the tests to prevent this behaviour.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
 MdePkg/Library/BaseLib/SafeString.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 7c1b075..b0e1ce7 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -141,7 +141,7 @@ StrnLenS (
   // String then StrnLenS returns MaxSize. At most the first MaxSize characters of String shall
   // be accessed by StrnLenS.
   //
-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
     ;
   }
   return Length;
@@ -551,7 +551,7 @@ AsciiStrnLenS (
   // String then AsciiStrnLenS returns MaxSize. At most the first MaxSize characters of String shall
   // be accessed by AsciiStrnLenS.
   //
-  for (Length = 0; (*String != 0) && (Length < MaxSize); String++, Length++) {
+  for (Length = 0; (Length < MaxSize) && (*String != 0); String++, Length++) {
     ;
   }
   return Length;
-- 
2.1.4