.../VariableAuthenticated/RuntimeDxe/VarCheck.c | 2 +- .../VariableAuthenticated/RuntimeDxe/Variable.c | 8 +- They are not needed as the auth variable driver has been merged to variable driver in MdeModulePkg.
Thanks, Star > -----Original Message----- > From: Zhang Lubo [mailto:lubo.zh...@intel.com] > Sent: Thursday, July 2, 2015 4:57 PM > To: edk2-devel@lists.sourceforge.net > Subject: [edk2] [PATCH v2] SecurityPkg:Replace unsafe string functions. > > Replace unsafe string functions with new added safe string functions. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Zhang Lubo <lubo.zh...@intel.com> > --- > .../DxeTcgPhysicalPresenceLib.c | 90 > +++++++++++----------- > .../DxeTrEEPhysicalPresenceLib.c | 18 ++--- > .../UserProfileManagerDxe/UserProfileModify.c | 8 +- > .../EsalVariableDxeSal/Variable.c | 6 +- > .../VariableAuthenticated/RuntimeDxe/VarCheck.c | 2 +- > .../VariableAuthenticated/RuntimeDxe/Variable.c | 8 +- > .../SecureBootConfigFileExplorer.c | 23 +++--- > .../SecureBootConfigDxe/SecureBootConfigMisc.c | 4 +- > 8 files changed, 81 insertions(+), 78 deletions(-) > > diff --git > a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLi > b.c > b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLi > b.c > index 7fbeb0a..913fd1d 100644 > --- > a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLi > b.c > +++ > b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresen > +++ ceLib.c > @@ -542,11 +542,11 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DISABLE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_DISABLE)); @@ -554,15 +554,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ACTIVATE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACTIVATE)); @@ -570,11 +570,11 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEACTIVATE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_DEACTIVATE)); @@ -582,15 +582,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_CLEAR: > CautionKey = TRUE; > @@ -599,16 +599,16 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n"); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ENABLE_ACTIVATE)); @@ -616,15 +616,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_ON)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_DEACTIVATE_DISABLE)); @@ -632,19 +632,19 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_OFF)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ALLOW_TAKE_OWNERSHIP)); @@ -652,11 +652,11 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_DISALLOW_TAKE_OWNERSHIP)); @@ -664,11 +664,11 @@ > UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_TURN_ON)); @@ -676,15 +676,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_ON)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_TURN_OFF)); @@ -692,19 +692,19 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_OFF)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: > CautionKey = TRUE; > @@ -713,15 +713,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_UPGRADE_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_MAINTAIN)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH: > // > @@ -738,23 +738,23 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_ON)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR_CONT)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE: > TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_PROVISION)); @@ -762,15 +762,15 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_ACCEPT_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: > CautionKey = TRUE; > @@ -779,24 +779,24 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n"); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: > CautionKey = TRUE; > @@ -805,19 +805,19 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_MAINTAIN)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: > CautionKey = TRUE; > @@ -826,16 +826,16 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n"); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: > CautionKey = TRUE; > @@ -844,23 +844,23 @@ UserConfirm ( > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_ON)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR_CONT)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > default: > ; > @@ -875,11 +875,11 @@ UserConfirm ( > BufSize -= StrSize (ConfirmText); > UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, > TmpStr2); > > DstStr[80] = L'\0'; > for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { > - StrnCpy(DstStr, ConfirmText + Index, 80); > + StrCpyS(DstStr, 81, ConfirmText + Index); > Print (DstStr); > } > > FreePool (TmpStr1); > FreePool (TmpStr2); > diff --git > a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresence > Lib.c > b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenc > eLib.c > index 9ff9d88..a0e2435 100644 > --- > a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresence > Lib.c > +++ b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPres > +++ enceLib.c > @@ -259,16 +259,16 @@ TrEEUserConfirm ( > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n"); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > case TREE_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: > CautionKey = TRUE; > @@ -277,24 +277,24 @@ TrEEUserConfirm ( > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_PPI_HEAD_STR)); > UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NOTE_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_WARNING_CLEAR)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > - StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n"); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_CAUTION_KEY)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > > TmpStr1 = TrEEPhysicalPresenceGetStringById (STRING_TOKEN > (TPM_NO_PPI_INFO)); > - StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen > (ConfirmText) - 1); > + StrCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1); > FreePool (TmpStr1); > break; > > default: > ; > @@ -309,11 +309,11 @@ TrEEUserConfirm ( > BufSize -= StrSize (ConfirmText); > UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, > TmpStr2); > > DstStr[80] = L'\0'; > for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { > - StrnCpy(DstStr, ConfirmText + Index, 80); > + StrCpyS(DstStr, 81, ConfirmText + Index); > Print (DstStr); > } > > FreePool (TmpStr1); > FreePool (TmpStr2); > diff --git > a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModif > y.c > b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModif > y.c > index 67fc300..124adc0 100644 > --- > a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModif > y.c > +++ > b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileMo > +++ dify.c > @@ -1,9 +1,9 @@ > /** @file > The functions to modify a user profile. > > -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials are licensed and made > available under the terms and conditions of the BSD License which > accompanies this distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > > @@ -343,15 +343,15 @@ AddStr ( > > TmpStr = AllocateZeroPool (StrLength); > ASSERT (TmpStr != NULL); > > if (*Source1 == NULL) { > - StrCpy (TmpStr, Source2);; > + StrCpyS (TmpStr, StrLength / sizeof (CHAR16), Source2); > } else { > - StrCpy (TmpStr, *Source1); > + StrCpyS (TmpStr, StrLength / sizeof (CHAR16), *Source1); > FreePool (*Source1); > - StrCat (TmpStr, Source2); > + StrCatS (TmpStr, (StrLength - StrSize(Source1) + 2)/ sizeof > + (CHAR16),Source2); > } > > *Source1 = TmpStr; > } > > diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c > b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c > index 0b2775d..7730022 100644 > --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c > +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c > @@ -1,9 +1,9 @@ > /** @file > The implementation of Extended SAL variable services. > > -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials are licensed and made > available under the terms and conditions of the BSD License which > accompanies this distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > > @@ -734,11 +734,11 @@ UpdateVariableInfo ( > ASSERT (gVariableInfo != NULL); > > CopyGuid (&gVariableInfo->VendorGuid, VendorGuid); > gVariableInfo->Name = AllocatePool (StrSize (VariableName)); > ASSERT (gVariableInfo->Name != NULL); > - StrCpy (gVariableInfo->Name, VariableName); > + StrCpyS (gVariableInfo->Name, StrSize (VariableName) / sizeof > + (CHAR16), VariableName); > gVariableInfo->Volatile = Volatile; > > gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, > gVariableInfo); > } > > @@ -776,11 +776,11 @@ UpdateVariableInfo ( > ASSERT (Entry->Next != NULL); > > CopyGuid (&Entry->Next->VendorGuid, VendorGuid); > Entry->Next->Name = AllocatePool (StrSize (VariableName)); > ASSERT (Entry->Next->Name != NULL); > - StrCpy (Entry->Next->Name, VariableName); > + StrCpyS (Entry->Next->Name, StrSize (VariableName) / sizeof > + (CHAR16), VariableName); > Entry->Next->Volatile = Volatile; > } > > } > } > diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c > b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c > index 740632f..64708fd 100644 > --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c > +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c > @@ -1158,11 +1158,11 @@ VarCheckVariablePropertySet ( > if (Entry == NULL) { > Status = EFI_OUT_OF_RESOURCES; > goto Done; > } > VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); > - StrnCpy (VariableName, Name, StrLen (Name)); > + StrCpyS (VariableName, StrSize (Name) / sizeof (CHAR16), Name); > CopyGuid (&Entry->Guid, Guid); > CopyMem (&Entry->VariableProperty, VariableProperty, sizeof > (*VariableProperty)); > InsertTailList (&mVarCheckVariableList, &Entry->Link); > } > > diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c > b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c > index 15d0531..b30289e 100644 > --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c > +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c > @@ -126,11 +126,11 @@ UpdateVariableInfo ( > ASSERT (gVariableInfo != NULL); > > CopyGuid (&gVariableInfo->VendorGuid, VendorGuid); > gVariableInfo->Name = AllocatePool (StrSize (VariableName)); > ASSERT (gVariableInfo->Name != NULL); > - StrCpy (gVariableInfo->Name, VariableName); > + StrCpyS (gVariableInfo->Name, StrSize (VariableName) / sizeof > + (CHAR16), VariableName); > gVariableInfo->Volatile = Volatile; > } > > > for (Entry = gVariableInfo; Entry != NULL; Entry = Entry->Next) { @@ - > 162,11 +162,11 @@ UpdateVariableInfo ( > ASSERT (Entry->Next != NULL); > > CopyGuid (&Entry->Next->VendorGuid, VendorGuid); > Entry->Next->Name = AllocatePool (StrSize (VariableName)); > ASSERT (Entry->Next->Name != NULL); > - StrCpy (Entry->Next->Name, VariableName); > + StrCpyS (Entry->Next->Name, StrSize (VariableName) / sizeof > + (CHAR16), VariableName); > Entry->Next->Volatile = Volatile; > } > > } > } > @@ -1092,11 +1092,11 @@ Reclaim ( > goto Done; > } > CopyMem (CurrPtr, (UINT8*) PubKeyHeader, sizeof (VARIABLE_HEADER)); > Variable = (VARIABLE_HEADER*) CurrPtr; > Variable->DataSize = NewPubKeySize; > - StrCpy (GetVariableNamePtr (Variable), GetVariableNamePtr > (PubKeyHeader)); > + StrCpyS (GetVariableNamePtr (Variable), sizeof (VARIABLE_HEADER) / > + sizeof (CHAR16), GetVariableNamePtr (PubKeyHeader)); > CopyMem (GetVariableDataPtr (Variable), NewPubKeyStore, > NewPubKeySize); > CurrPtr = (UINT8*) GetNextVariablePtr (Variable); > CommonVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable; > if (IsUserVariable (Variable)) { > CommonUserVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable; > @@ -2873,11 +2873,11 @@ VariableLockRequestToLock ( > goto Done; > } > } > > Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); > - StrnCpy (Name, VariableName, StrLen (VariableName)); > + StrCpyS (Name, StrSize (VariableName) / sizeof (CHAR16), VariableName); > CopyGuid (&Entry->Guid, VendorGuid); > InsertTailList (&mLockedVariableList, &Entry->Link); > > Done: > ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal- > >VariableGlobal.VariableServicesLock); > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figFileExplorer.c > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figFileExplorer.c > index 5ca013c..163c310 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figFileExplorer.c > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigFileExplorer.c > @@ -1,9 +1,9 @@ > /** @file > Internal file explorer functions for SecureBoot configuration module. > > -Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials are licensed and made > available under the terms and conditions of the BSD License which > accompanies this distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > > @@ -137,10 +137,11 @@ AppendFileName ( > IN CHAR16 *Str2 > ) > { > UINTN Size1; > UINTN Size2; > + UINTN SizeTemp; > CHAR16 *Str; > CHAR16 *TmpStr; > CHAR16 *Ptr; > CHAR16 *LastSlash; > > @@ -150,16 +151,18 @@ AppendFileName ( > ASSERT (Str != NULL); > > TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16)); > ASSERT (TmpStr != NULL); > > - StrCat (Str, Str1); > + StrCatS (Str, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), > + Str1); SizeTemp = Size1 + Size2 + sizeof (CHAR16); > if (!((*Str == '\\') && (*(Str + 1) == 0))) { > - StrCat (Str, L"\\"); > + StrCatS (Str, (Size2 + sizeof (CHAR16)) / sizeof (CHAR16), L"\\"); > + SizeTemp = Size2 + sizeof (CHAR16); > } > > - StrCat (Str, Str2); > + StrCatS (Str, SizeTemp / sizeof (CHAR16), Str2); > > Ptr = Str; > LastSlash = Str; > while (*Ptr != 0) { > if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '.' && *(Ptr + 3) > == L'\\') > { @@ -168,27 +171,27 @@ AppendFileName ( > // DO NOT convert the .. if it is at the end of the string. This will > // break the .. behavior in changing directories. > // > > // > - // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of > two strings > + // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle > + copy of two strings > // that overlap. > // > - StrCpy (TmpStr, Ptr + 3); > - StrCpy (LastSlash, TmpStr); > + StrCpyS (TmpStr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), > Ptr > + 3); > + StrCpyS (LastSlash, (Size1 + Size2 + sizeof (CHAR16)) / sizeof > + (CHAR16), TmpStr); > Ptr = LastSlash; > } else if (*Ptr == '\\' && *(Ptr + 1) == '.' && *(Ptr + 2) == '\\') { > // > // Convert a "\.\" to a "\" > // > > // > - // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of > two strings > + // Use TmpStr as a backup, as StrCpyS in BaseLib does not handle > + copy of two strings > // that overlap. > // > - StrCpy (TmpStr, Ptr + 2); > - StrCpy (Ptr, TmpStr); > + StrCpyS (TmpStr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof (CHAR16), > Ptr > + 2); > + StrCpyS (Ptr, (Size1 + Size2 + sizeof (CHAR16)) / sizeof > + (CHAR16), TmpStr); > Ptr = LastSlash; > } else if (*Ptr == '\\') { > LastSlash = Ptr; > } > > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figMisc.c > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figMisc.c > index 13c7c27..a83504e 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figMisc.c > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigMisc.c > @@ -1,9 +1,9 @@ > /** @file > Helper functions for SecureBoot configuration module. > > -Copyright (c) 2012, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials are licensed and made > available under the terms and conditions of the BSD License which > accompanies this distribution. The full text of the license may be found at > http://opensource.org/licenses/bsd-license.php > > @@ -182,11 +182,11 @@ StringToGuid ( > Buffer = (CHAR16 *) AllocateZeroPool (sizeof (CHAR16) * (StrLen + 1)); > if (Buffer == NULL) { > return EFI_OUT_OF_RESOURCES; > } > > - StrCpy (Buffer, Str); > + StrCpyS (Buffer, (StrLen + 1), Str); > > // > // Data1 > // > PtrBuffer = Buffer; > -- > 1.9.5.msysgit.1 > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
