Tools/FitGen: Check the input file path before open it

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2117

avoid path traversal attack check.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Yunhua Feng <yunhuax.feng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

1 files changed, 47 insertions, 0 deletions

diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 2ed63609..49ec33a7 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -403,6 +403,34 @@ SetMem (
   return Buffer;

 }

 

+BOOLEAN

+CheckPath (

+  IN CHAR8 * String

+)

+{

+  //

+  //Return FLASE if  input file path include % character or is NULL

+  //

+  CHAR8 *StrPtr;

+

+  StrPtr = String;

+  if (StrPtr == NULL) {

+    return FALSE;

+  }

+

+  if (*StrPtr == 0) {

+    return FALSE;

+  }

+

+  while (*StrPtr != '\0') {

+    if (*StrPtr == '%') {

+      return FALSE;

+    }

+    StrPtr++;

+  }

+  return TRUE;

+}

+

 STATUS

 ReadInputFile (

   IN CHAR8    *FileName,

@@ -435,6 +463,15 @@ Returns:
   UINT32                      TempResult;

 

   //

+  //Check the File Path

+  //

+  if (!CheckPath(FileName)) {

+

+    Error (NULL, 0, 0, "File path is invalid!", NULL);

+    return STATUS_ERROR;

+  }

+

+  //

   // Open the Input FvRecovery.fv file

   //

   if ((FpIn = fopen (FileName, "rb")) == NULL) {

@@ -2761,6 +2798,15 @@ Returns:
   FILE                        *FpOut;

 

   //

+  //Check the File Path

+  //

+  if (!CheckPath(FileName)) {

+

+    Error (NULL, 0, 0, "File path is invalid!", NULL);

+    return STATUS_ERROR;

+  }

+

+  //

   // Open the output FvRecovery.fv file

   //

   if ((FpOut = fopen (FileName, "w+b")) == NULL) {

@@ -2982,6 +3028,7 @@ Returns:
 

   UINT8                       *AcmBuffer;

 

+  FileBufferRaw = NULL;

   //

   // Step 0: Check FV or FD

   //