[edk2] [PATCH v3 0/1] ShellPkg: Use safe string functions to refine code.

Fri, 26 Jun 2015 00:02:09 -0700 

Difference with previous patch:

[ShellPkg/Library/UefiDpLib/DpUtilities.c] 
CHAR16 array mGaugeString[DP_GAUGE_STRING_LENGTH + 1] is pass into function 
GetShortPdbFileName(). However, in this function it treats the size of the 
input buffer as DXE_PERFORMANCE_STRING_SIZE.
Though DXE_PERFORMANCE_STRING_SIZE is smaller than DP_GAUGE_STRING_LENGTH now, 
but this manner might introduce a potential risk of buffer overflow.

Qiu Shumin (1):
  ShellPkg: Use safe string functions to refine code.

 ShellPkg/Application/Shell/FileHandleWrappers.c    | 16 ++++---
 ShellPkg/Application/Shell/Shell.c                 | 50 +++++++++++++++-------
 ShellPkg/Application/Shell/ShellEnvVar.c           |  5 ++-
 ShellPkg/Application/Shell/ShellManParser.c        | 28 +++++++-----
 .../Application/Shell/ShellParametersProtocol.c    |  4 +-
 ShellPkg/Application/Shell/ShellProtocol.c         | 21 ++++++---
 ShellPkg/Library/UefiDpLib/DpUtilities.c           | 14 +++---
 .../Library/UefiShellCommandLib/ConsistMapping.c   |  4 +-
 .../Library/UefiShellDebug1CommandsLib/DmpStore.c  |  4 +-
 .../UefiShellDebug1CommandsLib/Edit/FileBuffer.c   |  4 +-
 .../SmbiosView/QueryTable.c                        |  6 +--
 .../Library/UefiShellDriver1CommandsLib/Drivers.c  |  4 +-
 ShellPkg/Library/UefiShellLevel2CommandsLib/Cp.c   | 32 +++++++-------
 ShellPkg/Library/UefiShellLevel2CommandsLib/Mv.c   | 28 ++++++------
 ShellPkg/Library/UefiShellLevel2CommandsLib/Rm.c   |  6 +--
 ShellPkg/Library/UefiShellLevel2CommandsLib/Vol.c  |  7 ++-
 ShellPkg/Library/UefiShellLib/UefiShellLib.c       | 35 +++++++++------
 .../UefiShellNetwork1CommandsLib/Ifconfig.c        | 47 ++++++++++++++------
 18 files changed, 195 insertions(+), 120 deletions(-)

-- 
1.9.5.msysgit.1



------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to