[edk2-devel] [edk2-platforms][PATCH V1 1/1] UserInterfacePkg/UserAuthentication: Fix NULL pointer dereferences

Dandan Bi dandan.bi at intel.com
Wed Aug 28 00:28:56 UTC 2019 

Reviewed-by: Dandan Bi <dandan.bi at intel.com>


Thanks,
Dandan

> -----Original Message-----
> From: Kubacki, Michael A
> Sent: Tuesday, August 27, 2019 9:36 AM
> To: devel at edk2.groups.io
> Cc: Bi, Dandan <dandan.bi at intel.com>; Gao, Liming <liming.gao at intel.com>
> Subject: [edk2-platforms][PATCH V1 1/1]
> UserInterfacePkg/UserAuthentication: Fix NULL pointer dereferences
> 
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2115
> 
> Cc: Dandan Bi <dandan.bi at intel.com>
> Cc: Liming Gao <liming.gao at intel.com>
> Signed-off-by: Michael Kubacki <michael.a.kubacki at intel.com>
> ---
> 
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
> ation2Dxe.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git
> a/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> b/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> index 55b264f4ff..b4326d380f 100644
> ---
> a/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> +++
> b/Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthen
> tication2Dxe.c
> @@ -300,13 +300,16 @@ UserAuthenticationCallback (
>          switch (mUserAuthenticationData->PasswordState) {
>          case BROWSER_STATE_VALIDATE_PASSWORD:
>            UserInputPassword = HiiGetString (mUserAuthenticationData-
> >HiiHandle, Value->string, NULL);
> +          if (UserInputPassword == NULL) {
> +            return EFI_UNSUPPORTED;
> +          }
>            if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) {
>              Status = EFI_NOT_READY;
>              break;
>            }
>            if (UserInputPassword[0] == 0) {
>              //
> -            // Setup will use a NULL password to check whether the old password
> is set,
> +            // Setup will use an empty password to check whether the old
> password is set,
>              // If the validation is successful, means there is no old password,
> return
>              // success to set the new password. Or need to return
> EFI_NOT_READY to
>              // let user input the old password.
> @@ -343,6 +346,9 @@ UserAuthenticationCallback (
> 
>          case BROWSER_STATE_SET_PASSWORD:
>            UserInputPassword = HiiGetString (mUserAuthenticationData-
> >HiiHandle, Value->string, NULL);
> +          if (UserInputPassword == NULL) {
> +            return EFI_UNSUPPORTED;
> +          }
>            if ((StrLen (UserInputPassword) >= PASSWORD_MAX_SIZE)) {
>              Status = EFI_NOT_READY;
>              break;
> --
> 2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46501): https://edk2.groups.io/g/devel/message/46501
Mute This Topic: https://groups.io/mt/33041774/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list