proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-27 11:03:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

simple_file: Allocate buffers for file entries

Browse Source 
The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
This commit is contained in:
Gary Ching-Pang Lin 2013-05-30 14:05:59 +08:00 committed by Peter Jones
parent d359712e1b
commit b82d6d7cb1
1 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
lib/simple_file.c
View File

@ -344,9 +344,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
goto next;
if (next->Attribute & EFI_FILE_DIRECTORY) {
(*result)[(*count)] = next->FileName;
(*result)[(*count)][len] = '/';
(*result)[(*count)++][len + 1] = '\0';
(*result)[(*count)] = PoolPrint(L"%s/", next->FileName);
if (!(*result)[(*count)]) {
Print(L"Failed to allocate buffer");
return EFI_OUT_OF_RESOURCES;
}
(*count)++;
goto next;
}
@ -354,7 +357,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
offs = StrLen(filterarr[c]);
if (StrCmp(&next->FileName[len - offs], filterarr[c]) == 0) {
(*result)[(*count)++] = next->FileName;
(*result)[(*count)] = StrDuplicate(next->FileName);
if (!(*result)[(*count)]) {
Print(L"Failed to allocate buffer");
return EFI_OUT_OF_RESOURCES;
}
(*count)++;
} else {
continue;
}
@ -362,7 +370,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
}
next:
if (StrCmp(next->FileName, L"../") == 0) {
if (StrCmp(next->FileName, L"..") == 0) {
/* place .. directory first */
CHAR16 *tmp = (*result)[(*count) - 1];
@ -392,6 +400,15 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
return status;
}
static void
free_entries(CHAR16 **entries, int count)
{
int i;
for (i = 0; i<count; i++)
FreePool(entries[i]);
}
void
simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
CHAR16 *filter, CHAR16 **result)
@ -436,8 +453,6 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
/* ESC key */
goto out_free;
selected = entries[select];
FreePool(entries);
entries = NULL;
/* note that memory used by selected is valid until dmp is freed */
len = StrLen(selected);
if (selected[len - 1] == '/') {
@ -445,6 +460,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
/* stay where we are */
if (StrCmp(selected, L"./") == 0) {
free_entries(entries, count);
FreePool(entries);
entries = NULL;
FreePool(dmp);
goto redo;
} else if (StrCmp(selected, L"../") == 0) {
@ -463,6 +481,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
if (StrCmp(name, L"\\") != 0
&& StrCmp(&name[i], L"..") != 0) {
name[i] = '\0';
free_entries(entries, count);
FreePool(entries);
entries = NULL;
FreePool(dmp);
goto redo;
}
@ -478,6 +499,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
/* remove trailing / */
newname[StrLen(newname) - 1] = '\0';
free_entries(entries, count);
FreePool(entries);
entries = NULL;
FreePool(dmp);
FreePool(name);
name = newname;
@ -494,8 +518,10 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
out_free:
FreePool(dmp);
if (entries)
if (entries) {
free_entries(entries, count);
FreePool(entries);
}
out_free_name:
FreePool(name);
}