From ed9cf192de86c58e9c5397afa48de7b6d7bab7a7 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 30 May 2013 14:05:59 +0800
Subject: [PATCH 1/2] simple_file: Allocate buffers for file entries

The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
---
 lib/simple_file.c | 42 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 34 insertions(+), 8 deletions(-)

diff --git a/lib/simple_file.c b/lib/simple_file.c
index 0e5ecd2..e288272 100644
--- a/lib/simple_file.c
+++ b/lib/simple_file.c
@@ -344,9 +344,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 			goto next;
 
 		if (next->Attribute & EFI_FILE_DIRECTORY) {
-				(*result)[(*count)] = next->FileName;
-				(*result)[(*count)][len] = '/';
-				(*result)[(*count)++][len + 1] = '\0';
+				(*result)[(*count)] = PoolPrint(L"%s/", next->FileName);
+				if (!(*result)[(*count)]) {
+					Print(L"Failed to allocate buffer");
+					return EFI_OUT_OF_RESOURCES;
+				}
+				(*count)++;
 				goto next;
 		}
 
@@ -354,7 +357,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 			offs = StrLen(filterarr[c]);
 
 			if (StrCmp(&next->FileName[len - offs], filterarr[c]) == 0) {
-				(*result)[(*count)++] = next->FileName;
+				(*result)[(*count)] = StrDuplicate(next->FileName);
+				if (!(*result)[(*count)]) {
+					Print(L"Failed to allocate buffer");
+					return EFI_OUT_OF_RESOURCES;
+				}
+				(*count)++;
 			} else {
 				continue;
 			}
@@ -362,7 +370,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 		}
 
 	next:		
-		if (StrCmp(next->FileName, L"../") == 0) {
+		if (StrCmp(next->FileName, L"..") == 0) {
 			/* place .. directory first */
 			CHAR16 *tmp = (*result)[(*count) - 1];
 
@@ -392,6 +400,15 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
 	return status;
 }
 
+static void
+free_entries(CHAR16 **entries, int count)
+{
+	int i;
+
+	for (i = 0; i<count; i++)
+		FreePool(entries[i]);
+}
+
 void
 simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 		     CHAR16 *filter, CHAR16 **result)
@@ -436,8 +453,6 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 		/* ESC key */
 		goto out_free;
 	selected = entries[select];
-	FreePool(entries);
-	entries = NULL;
 	/* note that memory used by selected is valid until dmp is freed */
 	len = StrLen(selected);
 	if (selected[len - 1] == '/') {
@@ -445,6 +460,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 
 		/* stay where we are */
 		if (StrCmp(selected, L"./") == 0) {
+			free_entries(entries, count);
+			FreePool(entries);
+			entries = NULL;
 			FreePool(dmp);
 			goto redo;
 		} else if (StrCmp(selected, L"../") == 0) {
@@ -463,6 +481,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 			if (StrCmp(name, L"\\") != 0
 			    && StrCmp(&name[i], L"..") != 0) {
 				name[i] = '\0';
+				free_entries(entries, count);
+				FreePool(entries);
+				entries = NULL;
 				FreePool(dmp);
 				goto redo;
 			}
@@ -478,6 +499,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 		/* remove trailing / */
 		newname[StrLen(newname) - 1] = '\0';
 
+		free_entries(entries, count);
+		FreePool(entries);
+		entries = NULL;
 		FreePool(dmp);
 		FreePool(name);
 		name = newname;
@@ -494,8 +518,10 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
 
  out_free:
 	FreePool(dmp);
-	if (entries)
+	if (entries) {
+		free_entries(entries, count);
 		FreePool(entries);
+	}
  out_free_name:
 	FreePool(name);
 }
-- 
1.8.1.4


From 33080500e6bf33324a7c1463f4608f3f21d923b3 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 30 May 2013 14:10:56 +0800
Subject: [PATCH 2/2] Clean lib/, too

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index f64f409..ed47360 100644
--- a/Makefile
+++ b/Makefile
@@ -109,6 +109,7 @@ lib/lib.a:
 clean:
 	$(MAKE) -C Cryptlib clean
 	$(MAKE) -C Cryptlib/OpenSSL clean
+	$(MAKE) -C lib clean
 	rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
 	rm -f *.debug *.so *.efi
 
-- 
1.8.1.4