Re: [edk2-devel] [PATCH v1 3/7] FmpDevicePkg/FmpDependencyLib: Handle version string overflow

Wed, 05 Aug 2020 09:14:19 -0700 

Reviewed-by: Michael D Kinney <michael.d.kin...@intel.com>

> -----Original Message-----
> From: michael.kuba...@outlook.com
> <michael.kuba...@outlook.com>
> Sent: Thursday, July 30, 2020 8:15 PM
> To: devel@edk2.groups.io
> Cc: Gao, Liming <liming....@intel.com>; Kinney, Michael
> D <michael.d.kin...@intel.com>
> Subject: [PATCH v1 3/7] FmpDevicePkg/FmpDependencyLib:
> Handle version string overflow
> 
> From: Michael Kubacki <michael.kuba...@microsoft.com>
> 
> This change recognizes the condition of the DEPEX
> version string
> extending beyond the end of the dependency expression as
> an error.
> 
> Cc: Liming Gao <liming....@intel.com>
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Signed-off-by: Michael Kubacki
> <michael.kuba...@microsoft.com>
> ---
> 
> Notes:
>     This is particularly helpful for the user to isolate
> the issue
>     when stepping through the control flow as this case
> will be the
>     last executed before jumping to the Error label to
> return from
>     the function.
> 
> 
> FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib.c
> | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git
> a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> index ba89eb22d9f0..5ef25d2415cf 100644
> ---
> a/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> +++
> b/FmpDevicePkg/Library/FmpDependencyLib/FmpDependencyLib
> .c
> @@ -286,6 +286,7 @@ EvaluateDependency (
>        Iterator += AsciiStrnLenS ((CHAR8 *) Iterator,
> DependenciesSize - (Iterator - Dependencies-
> >Dependencies));
>        if (Iterator == (UINT8 *) Dependencies-
> >Dependencies + DependenciesSize) {
>          DEBUG ((DEBUG_ERROR, "EvaluateDependency:
> STRING extends beyond end of dependency
> expression!\n"));
> +        goto Error;
>        }
>        break;
>      case EFI_FMP_DEP_AND:
> --
> 2.27.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#63730): https://edk2.groups.io/g/devel/message/63730
Mute This Topic: https://groups.io/mt/75900904/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to