diff options
| author | Tormod Volden <debian.tormod@gmail.com> | 2024-07-23 23:23:20 +0200 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-12-16 18:34:43 +0000 |
| commit | ef3a1ef397a2677cccd0e3e7f1287f29f0094e17 (patch) | |
| tree | fb027a6ea541b26884e157b36a46e72d079ce9f0 | |
| parent | 7936ffa1e60e73ae4366777e08cf57fda5f47e5b (diff) | |
| download | edk2-ef3a1ef397a2677cccd0e3e7f1287f29f0094e17.tar.gz | |
ShellPkg/UefiShellLib: Prevent out-of-bounds access
If InternalShellStrHexToUint64() is passed a string that starts with 'X'
or 'x' it would try to read the byte before the start of the string
buffer.
Instead check if leading zeroes have been consumed.
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
| -rw-r--r-- | ShellPkg/Library/UefiShellLib/UefiShellLib.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ShellPkg/Library/UefiShellLib/UefiShellLib.c b/ShellPkg/Library/UefiShellLib/UefiShellLib.c index f023505300..488129801e 100644 --- a/ShellPkg/Library/UefiShellLib/UefiShellLib.c +++ b/ShellPkg/Library/UefiShellLib/UefiShellLib.c @@ -4009,7 +4009,8 @@ InternalShellStrHexToUint64 ( IN CONST BOOLEAN StopAtSpace
)
{
- UINT64 Result;
+ UINT64 Result;
+ BOOLEAN LeadingZero;
if ((String == NULL) || (StrSize (String) == 0) || (Value == NULL)) {
return (EFI_INVALID_PARAMETER);
@@ -4025,12 +4026,14 @@ InternalShellStrHexToUint64 ( //
// Ignore leading Zeros after the spaces
//
+ LeadingZero = FALSE;
while (*String == L'0') {
String++;
+ LeadingZero = TRUE;
}
if (CharToUpper (*String) == L'X') {
- if (*(String - 1) != L'0') {
+ if (!LeadingZero) {
return 0;
}
|