Replace unsafe string functions with new added safe string functions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zh...@intel.com> --- .../DxeTcgPhysicalPresenceLib.c | 90 +++++++++++----------- .../DxeTrEEPhysicalPresenceLib.c | 18 ++--- .../UserProfileManagerDxe/UserProfileModify.c | 6 +- .../EsalVariableDxeSal/Variable.c | 4 +- .../VariableAuthenticated/RuntimeDxe/VarCheck.c | 2 +- .../VariableAuthenticated/RuntimeDxe/Variable.c | 8 +- .../SecureBootConfigFileExplorer.c | 21 ++--- .../SecureBootConfigDxe/SecureBootConfigMisc.c | 2 +- 8 files changed, 77 insertions(+), 74 deletions(-)
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c index 7fbeb0a..5660552 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c @@ -542,11 +542,11 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_DISABLE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE)); @@ -554,15 +554,15 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_ACTIVATE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE)); @@ -570,11 +570,11 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_DEACTIVATE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE)); @@ -582,15 +582,15 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_CLEAR: CautionKey = TRUE; @@ -599,16 +599,16 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE)); @@ -616,15 +616,15 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE)); @@ -632,19 +632,19 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP)); @@ -652,11 +652,11 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP)); @@ -664,11 +664,11 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON)); @@ -676,15 +676,15 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF)); @@ -692,19 +692,19 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: CautionKey = TRUE; @@ -713,15 +713,15 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH: // @@ -738,23 +738,23 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION)); @@ -762,15 +762,15 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: CautionKey = TRUE; @@ -779,24 +779,24 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: CautionKey = TRUE; @@ -805,19 +805,19 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: CautionKey = TRUE; @@ -826,16 +826,16 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: CautionKey = TRUE; @@ -844,23 +844,23 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; default: ; @@ -875,11 +875,11 @@ UserConfirm ( BufSize -= StrSize (ConfirmText); UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); DstStr[80] = L'\0'; for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { - StrnCpy(DstStr, ConfirmText + Index, 80); + StrnCpyS(DstStr, 81, ConfirmText + Index, 80); Print (DstStr); } FreePool (TmpStr1); FreePool (TmpStr2); diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c index 9ff9d88..1cc9ed6 100644 --- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.c @@ -259,16 +259,16 @@ TrEEUserConfirm ( TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: CautionKey = TRUE; @@ -277,24 +277,24 @@ TrEEUserConfirm ( TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; default: ; @@ -309,11 +309,11 @@ TrEEUserConfirm ( BufSize -= StrSize (ConfirmText); UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); DstStr[80] = L'\0'; for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { - StrnCpy(DstStr, ConfirmText + Index, 80); + StrnCpyS(DstStr, 81, ConfirmText + Index, 80); Print (DstStr); } FreePool (TmpStr1); FreePool (TmpStr2); diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c index a0eb4af..2fb17e8 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c @@ -343,15 +343,15 @@ AddStr ( TmpStr = AllocateZeroPool (StrLength); ASSERT (TmpStr != NULL); if (*Source1 == NULL) { - StrCpy (TmpStr, Source2);; + StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2); } else { - StrCpy (TmpStr, *Source1); + StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1); FreePool (*Source1); - StrCat (TmpStr, Source2); + StrCatS (TmpStr, (StrLength - StrSize(Source1) + 2)/ sizeof (CHAR16),Source2); } *Source1 = TmpStr; } diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c index 0b2775d..d28e445 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c @@ -734,11 +734,11 @@ UpdateVariableInfo ( ASSERT (gVariableInfo != NULL); CopyGuid (&gVariableInfo->VendorGuid, VendorGuid); gVariableInfo->Name = AllocatePool (StrSize (VariableName)); ASSERT (gVariableInfo->Name != NULL); - StrCpy (gVariableInfo->Name, VariableName); + StrCpyS (gVariableInfo->Name, StrSize (VariableName) / sizeof (CHAR16), VariableName); gVariableInfo->Volatile = Volatile; gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, gVariableInfo); } @@ -776,11 +776,11 @@ UpdateVariableInfo ( ASSERT (Entry->Next != NULL); CopyGuid (&Entry->Next->VendorGuid, VendorGuid); Entry->Next->Name = AllocatePool (StrSize (VariableName)); ASSERT (Entry->Next->Name != NULL); - StrCpy (Entry->Next->Name, VariableName); + StrCpyS (Entry->Next->Name, StrSize (VariableName) / sizeof (CHAR16), VariableName); Entry->Next->Volatile = Volatile; } } } diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c index 740632f..3c5e9c7 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c @@ -1158,11 +1158,11 @@ VarCheckVariablePropertySet ( if (Entry == NULL) { Status = EFI_OUT_OF_RESOURCES; goto Done; } VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - StrnCpy (VariableName, Name, StrLen (Name)); + StrnCpyS (VariableName, StrSize (Name) / sizeof (CHAR16), Name, StrLen (Name)); CopyGuid (&Entry->Guid, Guid); CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty)); InsertTailList (&mVarCheckVariableList, &Entry->Link); } diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index 15d0531..436ce2a 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -126,11 +126,11 @@ UpdateVariableInfo ( ASSERT (gVariableInfo != NULL); CopyGuid (&gVariableInfo->VendorGuid, VendorGuid); gVariableInfo->Name = AllocatePool (StrSize (VariableName)); ASSERT (gVariableInfo->Name != NULL); - StrCpy (gVariableInfo->Name, VariableName); + StrCpyS (gVariableInfo->Name, StrSize (VariableName) / sizeof (CHAR16), VariableName); gVariableInfo->Volatile = Volatile; } for (Entry = gVariableInfo; Entry != NULL; Entry = Entry->Next) { @@ -162,11 +162,11 @@ UpdateVariableInfo ( ASSERT (Entry->Next != NULL); CopyGuid (&Entry->Next->VendorGuid, VendorGuid); Entry->Next->Name = AllocatePool (StrSize (VariableName)); ASSERT (Entry->Next->Name != NULL); - StrCpy (Entry->Next->Name, VariableName); + StrCpyS (Entry->Next->Name, StrSize (VariableName) / sizeof (CHAR16), VariableName); Entry->Next->Volatile = Volatile; } } } @@ -1092,11 +1092,11 @@ Reclaim ( goto Done; } CopyMem (CurrPtr, (UINT8*) PubKeyHeader, sizeof (VARIABLE_HEADER)); Variable = (VARIABLE_HEADER*) CurrPtr; Variable->DataSize = NewPubKeySize; - StrCpy (GetVariableNamePtr (Variable), GetVariableNamePtr (PubKeyHeader)); + StrCpyS (GetVariableNamePtr (Variable), sizeof (VARIABLE_HEADER) / sizeof (CHAR16), GetVariableNamePtr (PubKeyHeader)); CopyMem (GetVariableDataPtr (Variable), NewPubKeyStore, NewPubKeySize); CurrPtr = (UINT8*) GetNextVariablePtr (Variable); CommonVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable; if (IsUserVariable (Variable)) { CommonUserVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable; @@ -2873,11 +2873,11 @@ VariableLockRequestToLock ( goto Done; } } Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - StrnCpy (Name, VariableName, StrLen (VariableName)); + StrnCpyS (Name, StrSize (VariableName) / sizeof (CHAR16), VariableName, StrLen (VariableName)); CopyGuid (&Entry->Guid, VendorGuid); InsertTailList (&mLockedVariableList, &Entry->Link); Done: ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c index 5ca013c..feb4271 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c @@ -137,10 +137,11 @@ AppendFileName ( IN CHAR16 *Str2 ) { UINTN Size1; UINTN Size2; + UINTN SizeTemp; CHAR16 *Str; CHAR16 *TmpStr; CHAR16 *Ptr; CHAR16 *LastSlash; @@ -150,16 +151,18 @@ AppendFileName ( ASSERT (Str != NULL); TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16)); ASSERT (TmpStr != NULL); - StrCat (Str, Str1); + StrCatS (Str, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), Str1); + SizeTemp = Size1 + Size2 + sizeof (CHAR16); if (!((*Str == '\\') && (*(Str + 1) == 0))) { - StrCat (Str, L"\\"); + StrCatS (Str, (Size2 + sizeof (CHAR16)) / sizeof (CHAR16), L"\\"); + SizeTemp = Size2 + sizeof (CHAR16); } - StrCat (Str, Str2); + StrCatS (Str, SizeTemp / sizeof (CHAR16), Str2); Ptr = Str; LastSlash = Str; while (*Ptr != 0) { if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '.' && *(Ptr + 3) == L'\\') { @@ -168,27 +171,27 @@ AppendFileName ( // DO NOT convert the .. if it is at the end of the string. This will // break the .. behavior in changing directories. // // - // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings + // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of two strings // that overlap. // - StrCpy (TmpStr, Ptr + 3); - StrCpy (LastSlash, TmpStr); + StrCpyS (TmpStr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), Ptr + 3); + StrCpyS (LastSlash, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), TmpStr); Ptr = LastSlash; } else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') { // // Convert a "\.\" to a "\" // // - // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings + // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle copy of two strings // that overlap. // - StrCpy (TmpStr, Ptr + 2); - StrCpy (Ptr, TmpStr); + StrCpyS (TmpStr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), Ptr + 2); + StrCpyS (Ptr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), TmpStr); Ptr = LastSlash; } else if (*Ptr == '\\') { LastSlash = Ptr; } diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c index 13c7c27..735d0ab 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c @@ -182,11 +182,11 @@ StringToGuid ( Buffer = (CHAR16 *) AllocateZeroPool (sizeof (CHAR16) * (StrLen + 1)); if (Buffer == NULL) { return EFI_OUT_OF_RESOURCES; } - StrCpy (Buffer, Str); + StrCpyS (Buffer, (StrLen + 1), Str); // // Data1 // PtrBuffer = Buffer; -- 1.9.5.msysgit.1 ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel