FatPkg EnhancedFatDxe: Use safe string functions
Unsafe string functions are replaced with safe ones.
Safe string functions will assert if DestMax is not greater than
StrnLenS(Source, DestMax). Therefore, additional assert for checking the
size of source and destination buffers can be removed.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
(based on FatPkg commit 2cb92b4f19b096daf133d6501afa13e5a85062c5)
[jordan.l.justen@intel.com: Use script to relicense to 2-clause BSD]
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Acked-by: Mark Doran <mark.doran@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
diff --git a/FatPkg/EnhancedFatDxe/DirectoryManage.c b/FatPkg/EnhancedFatDxe/DirectoryManage.c
index 116f87a..91e7599 100644
--- a/FatPkg/EnhancedFatDxe/DirectoryManage.c
+++ b/FatPkg/EnhancedFatDxe/DirectoryManage.c
@@ -1,6 +1,6 @@
/*++
-Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at
@@ -116,7 +116,15 @@
// Write LFN directory entry
//
SetMem (LfnBuffer, sizeof (CHAR16) * LFN_CHAR_TOTAL * EntryCount, 0xff);
- StrCpy (LfnBuffer, DirEnt->FileString);
+ Status = StrCpyS (
+ LfnBuffer,
+ sizeof (LfnBuffer) / sizeof (LfnBuffer[0]),
+ DirEnt->FileString
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
LfnBufferPointer = LfnBuffer;
LfnEntry.Attributes = FAT_ATTRIBUTE_LFN;
LfnEntry.Type = 0;
@@ -349,7 +357,11 @@
// Fail to get the long file name from long file name entry,
// get the file name from short name
//
- FatGetFileNameViaCaseFlag (DirEnt, LfnBuffer);
+ FatGetFileNameViaCaseFlag (
+ DirEnt,
+ LfnBuffer,
+ sizeof (LfnBuffer) / sizeof (LfnBuffer[0])
+ );
}
DirEnt->FileString = AllocateCopyPool (StrSize (LfnBuffer), LfnBuffer);
diff --git a/FatPkg/EnhancedFatDxe/Fat.h b/FatPkg/EnhancedFatDxe/Fat.h
index ef1fd35..b73135c 100644
--- a/FatPkg/EnhancedFatDxe/Fat.h
+++ b/FatPkg/EnhancedFatDxe/Fat.h
@@ -1241,8 +1241,9 @@
VOID
FatGetFileNameViaCaseFlag (
- IN FAT_DIRENT *DirEnt,
- OUT CHAR16 *FileString
+ IN FAT_DIRENT *DirEnt,
+ IN OUT CHAR16 *FileString,
+ IN UINTN FileStringMax
);
UINT8
diff --git a/FatPkg/EnhancedFatDxe/FileName.c b/FatPkg/EnhancedFatDxe/FileName.c
index 09690fb..551cda5 100644
--- a/FatPkg/EnhancedFatDxe/FileName.c
+++ b/FatPkg/EnhancedFatDxe/FileName.c
@@ -1,6 +1,6 @@
/*++
-Copyright (c) 2005 - 2007, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at
@@ -302,7 +302,6 @@
CHAR16 Buffer[FAT_MAIN_NAME_LEN + 1 + FAT_EXTEND_NAME_LEN + 1];
UINT8 OutCaseFlag;
- ASSERT (StrSize (Str) <= sizeof (Buffer));
//
// Assume the case of input string is mixed
//
@@ -311,7 +310,7 @@
// Lower case a copy of the string, if it matches the
// original then the string is lower case
//
- StrCpy (Buffer, Str);
+ StrCpyS (Buffer, sizeof (Buffer) / sizeof (Buffer[0]), Str);
FatStrLwr (Buffer);
if (StrCmp (Str, Buffer) == 0) {
OutCaseFlag = InCaseFlag;
@@ -320,7 +319,7 @@
// Upper case a copy of the string, if it matches the
// original then the string is upper case
//
- StrCpy (Buffer, Str);
+ StrCpyS (Buffer, sizeof (Buffer) / sizeof (Buffer[0]), Str);
FatStrUpr (Buffer);
if (StrCmp (Str, Buffer) == 0) {
OutCaseFlag = 0;
@@ -392,8 +391,9 @@
VOID
FatGetFileNameViaCaseFlag (
- IN FAT_DIRENT *DirEnt,
- OUT CHAR16 *FileString
+ IN FAT_DIRENT *DirEnt,
+ IN OUT CHAR16 *FileString,
+ IN UINTN FileStringMax
)
/*++
@@ -425,7 +425,7 @@
FatNameToStr (File8Dot3Name + FAT_MAIN_NAME_LEN, FAT_EXTEND_NAME_LEN, CaseFlag & FAT_CASE_EXT_LOWER, &TempExt[1]);
if (TempExt[1] != 0) {
TempExt[0] = L'.';
- StrCat (FileString, TempExt);
+ StrCatS (FileString, FileStringMax, TempExt);
}
}
diff --git a/FatPkg/EnhancedFatDxe/Hash.c b/FatPkg/EnhancedFatDxe/Hash.c
index dd67bab..3d0ffe6 100644
--- a/FatPkg/EnhancedFatDxe/Hash.c
+++ b/FatPkg/EnhancedFatDxe/Hash.c
@@ -1,6 +1,6 @@
/*++
-Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available
under the terms and conditions of the BSD License which accompanies this
distribution. The full text of the license may be found at
@@ -47,8 +47,12 @@
{
UINT32 HashValue;
CHAR16 UpCasedLongFileName[EFI_PATH_STRING_LENGTH];
- StrnCpy (UpCasedLongFileName, LongNameString, EFI_PATH_STRING_LENGTH - 1);
- UpCasedLongFileName[EFI_PATH_STRING_LENGTH - 1] = L'\0';
+ StrnCpyS (
+ UpCasedLongFileName,
+ sizeof (UpCasedLongFileName) / sizeof (UpCasedLongFileName[0]),
+ LongNameString,
+ sizeof (UpCasedLongFileName) / sizeof (UpCasedLongFileName[0]) - 1
+ );
FatStrUpr (UpCasedLongFileName);
gBS->CalculateCrc32 (UpCasedLongFileName, StrSize (UpCasedLongFileName), &HashValue);
return (HashValue & HASH_TABLE_MASK);
