BaseTools/EfiRom: Add checks for user/file inputs Cc: Liming Gao <liming.gao@intel.com> Cc: Yonghong Zhu <yonghong.zhu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>

commit: 47affb48e9baf3966842919acc0c419129c65392 [log] [tgz]
author: Hao Wu <hao.a.wu@intel.com> Tue Oct 11 11:08:41 2016 +0800
committer: Hao Wu <hao.a.wu@intel.com> Tue Nov 08 16:37:09 2016 +0800
tree: 2c69e7359a4c7a15f2ef66d111d78bcd13a8d051
parent: bab5ad2fd14bf8d1e9e688327a11136c8bfb523e [diff]
diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
index 622a12f..d95864a 100644
--- a/BaseTools/Source/C/EfiRom/EfiRom.c
+++ b/BaseTools/Source/C/EfiRom/EfiRom.c

@@ -979,7 +979,12 @@
           Error (NULL, 0, 2000, "Invalid parameter", "Missing output file name with %s option!", Argv[0]);

           return STATUS_ERROR;

         }

-        strcpy (Options->OutFileName, Argv[1]);

+        if (strlen (Argv[1]) > MAX_PATH - 1) {

+          Error (NULL, 0, 2000, "Invalid parameter", "Output file name %s is too long!", Argv[1]);

+          return STATUS_ERROR;

+        }

+        strncpy (Options->OutFileName, Argv[1], MAX_PATH - 1);

+        Options->OutFileName[MAX_PATH - 1] = 0;

 

         Argv++;

         Argc--;
commit	47affb48e9baf3966842919acc0c419129c65392	[log] [tgz]
author	Hao Wu <hao.a.wu@intel.com>	Tue Oct 11 11:08:41 2016 +0800
committer	Hao Wu <hao.a.wu@intel.com>	Tue Nov 08 16:37:09 2016 +0800
tree	2c69e7359a4c7a15f2ef66d111d78bcd13a8d051
parent	bab5ad2fd14bf8d1e9e688327a11136c8bfb523e [diff]