From nobody Mon May  6 11:42:03 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1521093180969758.0042522877295;
 Wed, 14 Mar 2018 22:53:00 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 98DD32202E492;
	Wed, 14 Mar 2018 22:46:35 -0700 (PDT)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 616932202E485
 for <edk2-devel@lists.01.org>; Wed, 14 Mar 2018 22:46:34 -0700 (PDT)
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 14 Mar 2018 22:52:57 -0700
Received: from shwdeopenpsi068.ccr.corp.intel.com ([10.239.158.46])
 by fmsmga005.fm.intel.com with ESMTP; 14 Mar 2018 22:52:56 -0700
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.120; helo=mga04.intel.com;
 envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="211725757"
From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Date: Thu, 15 Mar 2018 13:52:54 +0800
Message-Id: <1521093174-105584-1-git-send-email-star.zeng@intel.com>
X-Mailer: git-send-email 2.7.0.windows.1
Subject: [edk2] [PATCH V2] SecurityPkg OpalPasswordDxe:Fix wrong BufferSize
 input to UnicodeSPrint
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Chao Zhang <chao.b.zhang@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Eric Dong <eric.dong@intel.com>, Star Zeng <star.zeng@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Current code uses string length as BufferSize input to UnicodeSPrint,
it is wrong and makes the pop up string trimmed. The BufferSize input
to UnicodeSPrint should be the size, in bytes, of the output buffer.

This is to use sizeof (mPopUpString) as the BufferSize input to
UnicodeSPrint, it also updates array size of mPopUpString from 256 to
100 that is enough, otherwise the pop up string may be too long.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen.yao@intel.com
---
 SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/T=
cg/Opal/OpalPassword/OpalDriver.c
index 1b55bbe4ecb8..6344deb86750 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -27,7 +27,7 @@ EFI_GUID mOpalDeviceNvmeGuid =3D OPAL_DEVICE_NVME_GUID;
 BOOLEAN                 mOpalEndOfDxe =3D FALSE;
 OPAL_REQUEST_VARIABLE   *mOpalRequestVariable =3D NULL;
 UINTN                   mOpalRequestVariableSize =3D 0;
-CHAR16                  mPopUpString[256];
+CHAR16                  mPopUpString[100];
=20
 typedef struct {
   UINT32                   Address;
@@ -908,9 +908,9 @@ OpalDriverPopUpPasswordInput (
 }
=20
 /**
-  Check if disk is locked, show popup window and ask for password if it is.
+  Get pop up string.
=20
-  @param[in] Dev            The device which need to be unlocked.
+  @param[in] Dev            The OPAL device.
   @param[in] RequestString  Request string.
=20
 **/
@@ -920,15 +920,10 @@ OpalGetPopUpString (
   IN CHAR16             *RequestString
   )
 {
-  UINTN                 StrLength;
-
-  StrLength =3D StrLen (RequestString) + 1 + MAX (StrLen (Dev->Name16), St=
rLen (L"Disk"));
-  ASSERT (StrLength < sizeof (mPopUpString) / sizeof (CHAR16));
-
   if (Dev->Name16 =3D=3D NULL) {
-    UnicodeSPrint (mPopUpString, StrLength + 1, L"%s Disk", RequestString);
+    UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s Disk", Reques=
tString);
   } else {
-    UnicodeSPrint (mPopUpString, StrLength + 1, L"%s %s", RequestString, D=
ev->Name16);
+    UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s %s", RequestS=
tring, Dev->Name16);
   }
=20
   return mPopUpString;
--=20
2.7.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel