From patchwork Tue Feb 25 09:47:38 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ryan Harkin X-Patchwork-Id: 25263 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-oa0-f69.google.com (mail-oa0-f69.google.com [209.85.219.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B161C20543 for ; Tue, 25 Feb 2014 09:48:12 +0000 (UTC) Received: by mail-oa0-f69.google.com with SMTP id i7sf444299oag.4 for ; Tue, 25 Feb 2014 01:48:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:subject:precedence:reply-to:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version :errors-to:x-original-sender:x-original-authentication-results :mailing-list:content-type:content-transfer-encoding; bh=NE6ew4OBRCtMjlfaqqW9D2dseAyP1JN+5FNpzELtVxA=; b=TRP2iNNM0njeIhF6pZrz17EV9b2YZryD72ailbFwOwRGvwXmKQZme8idsFDcnP7vuB rQ5kXsa3TFo4Cc8M3NhBEGbNScEwaBuIBALP0QJW47fbB7IrEMuBbesM+RUZuMCDPKBU +z1jfvR+CrLNGv6PF6Uc9DlMLgye/CIEr0Y2y8B1Y3DRo4hJEHWOf7ETM4ZhoCa0Jzcr AIPlIH8989rPDg3+FbW28pQqygQdtm0h7n8R44Vz5mXf3VKI/UqmJvogV1nMSY0lkXUj MXlLz18Vk7OH8Ckv6RqCivH4RyDJ4+VcqksFAIyZooXJK582DHRHE8nlOFnEChrmi3lB 0AaQ== X-Gm-Message-State: ALoCoQkJ1LjdoP2j6YgEFz1PmTO+6QT9TQgP+pF5RwHPNGo36ci4/Wrwuq+WsKT0fLZzF7YuAqe4 X-Received: by 10.42.107.67 with SMTP id c3mr12062875icp.0.1393321692243; Tue, 25 Feb 2014 01:48:12 -0800 (PST) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.109.137 with SMTP id l9ls2286095qgf.40.gmail; Tue, 25 Feb 2014 01:48:12 -0800 (PST) X-Received: by 10.221.55.133 with SMTP id vy5mr245961vcb.17.1393321692109; Tue, 25 Feb 2014 01:48:12 -0800 (PST) Received: from mail-ve0-f173.google.com (mail-ve0-f173.google.com [209.85.128.173]) by mx.google.com with ESMTPS id b20si6675151veu.68.2014.02.25.01.48.12 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Feb 2014 01:48:12 -0800 (PST) Received-SPF: neutral (google.com: 209.85.128.173 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.173; Received: by mail-ve0-f173.google.com with SMTP id jw12so141603veb.32 for ; Tue, 25 Feb 2014 01:48:12 -0800 (PST) X-Received: by 10.58.37.67 with SMTP id w3mr283455vej.22.1393321692014; Tue, 25 Feb 2014 01:48:12 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.220.174.196 with SMTP id u4csp125205vcz; Tue, 25 Feb 2014 01:48:11 -0800 (PST) X-Received: by 10.220.106.84 with SMTP id w20mr292492vco.18.1393321682210; Tue, 25 Feb 2014 01:48:02 -0800 (PST) Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88]) by mx.google.com with ESMTPS id xn5si6652923vdc.107.2014.02.25.01.48.01 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 25 Feb 2014 01:48:02 -0800 (PST) Received-SPF: pass (google.com: domain of edk2-devel-bounces@lists.sourceforge.net designates 216.34.181.88 as permitted sender) client-ip=216.34.181.88; Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WIEcF-00039K-0e; Tue, 25 Feb 2014 09:47:55 +0000 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WIEcD-00038z-2F for edk2-devel@lists.sourceforge.net; Tue, 25 Feb 2014 09:47:53 +0000 Received: from mail-wi0-f180.google.com ([209.85.212.180]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WIEcC-0004R4-5W for edk2-devel@lists.sourceforge.net; Tue, 25 Feb 2014 09:47:53 +0000 Received: by mail-wi0-f180.google.com with SMTP id hm4so384299wib.13 for ; Tue, 25 Feb 2014 01:47:45 -0800 (PST) X-Received: by 10.181.12.9 with SMTP id em9mr1678578wid.37.1393321665896; Tue, 25 Feb 2014 01:47:45 -0800 (PST) Received: from qpc.lan (82-69-54-187.dsl.in-addr.zen.co.uk. [82.69.54.187]) by mx.google.com with ESMTPSA id ee5sm32391916wib.8.2014.02.25.01.47.44 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Feb 2014 01:47:44 -0800 (PST) From: Ryan Harkin To: ryan.harkin@linaro.org, olivier.martin@arm.com, edk2-devel@lists.sourceforge.net Date: Tue, 25 Feb 2014 09:47:38 +0000 Message-Id: <1393321658-11970-2-git-send-email-ryan.harkin@linaro.org> X-Mailer: git-send-email 1.7.9.5 In-Reply-To: <1393321658-11970-1-git-send-email-ryan.harkin@linaro.org> References: <1393321658-11970-1-git-send-email-ryan.harkin@linaro.org> X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1WIEcC-0004R4-5W Subject: [edk2] [PATCH 1/1] ArmPlatformPkg/Bds: stop inputting more characters when string is full X-BeenThere: edk2-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: edk2-devel@lists.sourceforge.net List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.sourceforge.net X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ryan.harkin@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.173 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 If EditHIInputStr() is called, say with a MaxCmdLine of 2, the user is currently allowed to enter 2 characters. If the second character is a carriage return/line feed, this is substituted with a NULL and the function returns. If the second character is a regular character, the loop terminated and the function returns. However, the buffer has not been NULL terminated. This patch prevents the user from entering a regular character as the final character and ensures that the only way out of the input is by pressing ESC or ENTER (or equivalent). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ryan Harkin --- ArmPlatformPkg/Bds/BdsHelper.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ArmPlatformPkg/Bds/BdsHelper.c b/ArmPlatformPkg/Bds/BdsHelper.c index 3142d85..7f0ef42 100644 --- a/ArmPlatformPkg/Bds/BdsHelper.c +++ b/ArmPlatformPkg/Bds/BdsHelper.c @@ -35,7 +35,7 @@ EditHIInputStr ( Print (CmdLine); // To prevent a buffer overflow, we only allow to enter (MaxCmdLine-1) characters - for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine - 1; ) { + for (CmdLineIndex = StrLen (CmdLine); CmdLineIndex < MaxCmdLine; ) { Status = gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &WaitIndex); ASSERT_EFI_ERROR (Status); @@ -62,7 +62,7 @@ EditHIInputStr ( } } else if ((Key.ScanCode == SCAN_ESC) || (Char == 0x1B) || (Char == 0x0)) { return EFI_INVALID_PARAMETER; - } else { + } else if (CmdLineIndex < (MaxCmdLine-1)) { CmdLine[CmdLineIndex++] = Key.UnicodeChar; Print (L"%c", Key.UnicodeChar); } @@ -187,9 +187,7 @@ GetHIInputBoolean ( while(1) { Print (L"[y/n] "); - // Set MaxCmdLine to 3 to give space for carriage return (when the user - // hits enter) and terminal '\0'. - Status = GetHIInputStr (CmdBoolean, 3); + Status = GetHIInputStr (CmdBoolean, 2); if (EFI_ERROR(Status)) { return Status; } else if ((CmdBoolean[0] == L'y') || (CmdBoolean[0] == L'Y')) {