ShellPkg/UefiShellDebug1CommandsLib: Replace hardcoded SMBIOS strings.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3805

Replace hardcoded SMBIOS Anchor string and size with defines.

Fix buffer overflow as described below.

Smbios64BitPrintEPSInfo () is coded like:
UINT8  Anchor[5];

MemToString (Anchor, SmbiosTable->AnchorString, 5);

But the definition of MemToString()
  Copy Length of Src buffer to Dest buffer,
  add a NULL termination to Dest buffer.

So Anchor needs to be +1 the size of the SMBIOS Anchor string `_SM3_`.

Changes from v1 to v2:
 - Replace doxygen style inline comments

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Andrew Fish <afish@apple.com>
Signed-off-by: Giri Mudusuru <girim@apple.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c
index 1811cf0c442aef16e3555910120690464ca2ec8c..a14b79904d905180b509a14debcc6d929f7e4031 100644 (file)
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/PrintInfo.c
@@ -5,6 +5,7 @@
   Copyright (c) 1985 - 2022, American Megatrends International LLC.<BR>\r
   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>\r
   (C) Copyright 2015-2019 Hewlett Packard Enterprise Development LP<BR>\r
+  Copyright (c) 2023 Apple Inc. All rights reserved.<BR>\r
   SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -135,7 +136,7 @@ SmbiosPrintEPSInfo (
   IN  UINT8                     Option\r
   )\r
 {\r
-  UINT8  Anchor[5];\r
+  UINT8  Anchor[SMBIOS_ANCHOR_STRING_LENGTH + 1]; // Including terminating NULL character\r
   UINT8  InAnchor[6];\r
 \r
   if (SmbiosTable == NULL) {\r
@@ -149,7 +150,7 @@ SmbiosPrintEPSInfo (
 \r
   if (Option >= SHOW_NORMAL) {\r
     ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ENTRY_POINT_SIGN), gShellDebug1HiiHandle);\r
-    MemToString (Anchor, SmbiosTable->AnchorString, 4);\r
+    MemToString (Anchor, SmbiosTable->AnchorString, SMBIOS_ANCHOR_STRING_LENGTH);\r
     ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ANCHOR_STR), gShellDebug1HiiHandle, Anchor);\r
     ShellPrintHiiEx (\r
       -1,\r
@@ -220,7 +221,7 @@ Smbios64BitPrintEPSInfo (
   IN  UINT8                         Option\r
   )\r
 {\r
-  UINT8  Anchor[5];\r
+  UINT8  Anchor[SMBIOS_3_0_ANCHOR_STRING_LENGTH + 1]; // Including terminating NULL character\r
 \r
   if (SmbiosTable == NULL) {\r
     ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_SMBIOSTABLE_NULL), gShellDebug1HiiHandle);\r
@@ -234,7 +235,7 @@ Smbios64BitPrintEPSInfo (
   if (Option >= SHOW_NORMAL) {\r
     ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_64_BIT_ENTRY_POINT_SIGN), gShellDebug1HiiHandle);\r
 \r
-    MemToString (Anchor, SmbiosTable->AnchorString, 5);\r
+    MemToString (Anchor, SmbiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING_LENGTH);\r
     ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_PRINTINFO_ANCHOR_STR), gShellDebug1HiiHandle, Anchor);\r
 \r
     ShellPrintHiiEx (\r

diff --git a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c
index e9360beb233344f6b4c2a6e007363a31186e24b5..7e7eef3fd8ca7719f4d6ed649c43426a92fe8173 100644 (file)
--- a/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c
+++ b/ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/SmbiosView.c
@@ -3,6 +3,7 @@
 \r
   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
   Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2023 Apple Inc. All rights reserved.<BR>\r
   SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -263,7 +264,7 @@ SMBiosView (
     return EFI_BAD_BUFFER_SIZE;\r
   }\r
 \r
-  if (CompareMem (SMBiosTable->AnchorString, "_SM_", 4) == 0) {\r
+  if (CompareMem (SMBiosTable->AnchorString, SMBIOS_ANCHOR_STRING, SMBIOS_ANCHOR_STRING_LENGTH) == 0) {\r
     //\r
     // Have got SMBIOS table\r
     //\r
@@ -441,7 +442,7 @@ SMBios64View (
     return EFI_BAD_BUFFER_SIZE;\r
   }\r
 \r
-  if (CompareMem (SMBiosTable->AnchorString, "_SM3_", 5) == 0) {\r
+  if (CompareMem (SMBiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING, SMBIOS_3_0_ANCHOR_STRING_LENGTH) == 0) {\r
     //\r
     // Have got SMBIOS table\r
     //\r
@@ -612,7 +613,7 @@ InitSmbiosTableStatistics (
     return EFI_NOT_FOUND;\r
   }\r
 \r
-  if (CompareMem (SMBiosTable->AnchorString, "_SM_", 4) != 0) {\r
+  if (CompareMem (SMBiosTable->AnchorString, SMBIOS_ANCHOR_STRING, SMBIOS_ANCHOR_STRING_LENGTH) != 0) {\r
     ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_SMBIOSVIEW_SMBIOS_TABLE), gShellDebug1HiiHandle);\r
     return EFI_INVALID_PARAMETER;\r
   }\r
@@ -753,7 +754,7 @@ InitSmbios64BitTableStatistics (
     return EFI_NOT_FOUND;\r
   }\r
 \r
-  if (CompareMem (SMBiosTable->AnchorString, "_SM3_", 5) != 0) {\r
+  if (CompareMem (SMBiosTable->AnchorString, SMBIOS_3_0_ANCHOR_STRING, SMBIOS_3_0_ANCHOR_STRING_LENGTH) != 0) {\r
     ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_SMBIOSVIEW_SMBIOSVIEW_SMBIOS_TABLE), gShellDebug1HiiHandle);\r
     return EFI_INVALID_PARAMETER;\r
   }\r