[edk2-devel] [PATCH 2/3] MdePkg/BaseLib: Base64Decode: Make DestinationSize complied to spec

[Gao, Zhichao]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1891

DestinationSize is decripted as 'Set to bytes stored on return'.
Before return the status, set its converted bytes to be complied
to the decriptions.
DestinationIndex may be overflow if the *DestinationSize is bigger
than (MAX_ADDRESS - 1). Move its incrementation under condition
'DestinationIndex < *DestinationSize' to make sure it wouldn't be
overflow.

Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Liming Gao <liming....@intel.com>
Cc: Marvin Hauser <mhaeu...@outlook.de>
Cc: Laszlo Ersek <ler...@redhat.com>
Signed-off-by: Zhichao Gao <zhichao....@intel.com>
---
 MdePkg/Library/BaseLib/String.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Library/BaseLib/String.c b/MdePkg/Library/BaseLib/String.c
index b86e7e9436..7ebc2ecddd 100644
--- a/MdePkg/Library/BaseLib/String.c
+++ b/MdePkg/Library/BaseLib/String.c
@@ -1964,6 +1964,7 @@ Base64Decode (
   // Check if SourceLength or  DestinationSize is valid
   //
   if ((SourceLength >= (MAX_ADDRESS - (UINTN)Source)) || (*DestinationSize >= 
(MAX_ADDRESS - (UINTN)Destination))){
+    *DestinationSize = 0;
     return RETURN_INVALID_PARAMETER;
   }
 
@@ -1991,6 +1992,7 @@ Base64Decode (
       // Only two '=' characters can be valid.
       //
       if (BufferSize < -2) {
+        *DestinationSize = 0;
         return RETURN_INVALID_PARAMETER;
       }
     } else {
@@ -2002,6 +2004,7 @@ Base64Decode (
         // valid character after an '=', will be flagged as an error.
         //
         if (BufferSize < 0) {
+          *DestinationSize = 0;
           return RETURN_INVALID_PARAMETER;
         }
           ActualSourceLength++;
@@ -2013,6 +2016,7 @@ Base64Decode (
         // ignore ' ', '\t', '\n', and '\r'.
         //
         if ((Chr != ' ') &&(Chr != '\t') &&(Chr != '\n') &&(Chr != '\r')) {
+          *DestinationSize = 0;
           return RETURN_INVALID_PARAMETER;
         }
       }
@@ -2023,11 +2027,13 @@ Base64Decode (
   // The Base64 character string must be a multiple of 4 character quantums.
   //
   if (ActualSourceLength % 4 != 0) {
+    *DestinationSize = 0;
     return RETURN_INVALID_PARAMETER;
   }
 
   BufferSize += ActualSourceLength / 4 * 3;
   if (BufferSize < 0) {
+    *DestinationSize = 0;
     return RETURN_INVALID_PARAMETER;
   }
 
@@ -2075,13 +2081,16 @@ Base64Decode (
     // Due to the '=' special cases for the two bytes at the end,
     // we have to check the length and not store the padding data
     //
-    if (DestinationIndex++ < *DestinationSize) {
+    if (DestinationIndex < *DestinationSize) {
+      DestinationIndex++;
       *Destination++ = (UINT8) (Value >>  8);
     }
-    if (DestinationIndex++ < *DestinationSize) {
+    if (DestinationIndex < *DestinationSize) {
+      DestinationIndex++;
       *Destination++ = (UINT8) Value;
     }
   }
+  *DestinationSize = DestinationIndex;
 
   return RETURN_SUCCESS;
 }
-- 
2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42970): https://edk2.groups.io/g/devel/message/42970
Mute This Topic: https://groups.io/mt/32238989/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-