From nobody Tue Jan 14 10:36:06 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1513152450855227.5604151524235; Wed, 13 Dec 2017 00:07:30 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C3F76220EE136; Wed, 13 Dec 2017 00:02:48 -0800 (PST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E4E2F220EE108 for ; Wed, 13 Dec 2017 00:02:47 -0800 (PST) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Dec 2017 00:07:26 -0800 Received: from sfu5-mobl.ccr.corp.intel.com ([10.239.192.226]) by orsmga005.jf.intel.com with ESMTP; 13 Dec 2017 00:07:25 -0800 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Permerror (SPF Permanent Error: More than 10 MX records returned) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=siyuan.fu@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,397,1508828400"; d="scan'208";a="183773921" From: Fu Siyuan To: edk2-devel@lists.01.org Date: Wed, 13 Dec 2017 16:07:12 +0800 Message-Id: <20171213080712.1404-1-siyuan.fu@intel.com> X-Mailer: git-send-email 2.13.0.windows.1 Subject: [edk2] [Patch] MdeModulePkg/IpIoLib: Check the input parameters before use them. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ye Ting , Wang Fan , Wu Jiaxin MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This patch updates the DxeIpIoLib to check the input parameters before usin= g. Cc: Ye Ting Cc: Wu Jiaxin Cc: Wang Fan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan Reviewed-by: Jiaxin Wu --- MdeModulePkg/Include/Library/IpIoLib.h | 20 ++++---- MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c | 73 ++++++++++++++++++++++--= ---- 2 files changed, 68 insertions(+), 25 deletions(-) diff --git a/MdeModulePkg/Include/Library/IpIoLib.h b/MdeModulePkg/Include/= Library/IpIoLib.h index aab0c68059..a57bc582d6 100644 --- a/MdeModulePkg/Include/Library/IpIoLib.h +++ b/MdeModulePkg/Include/Library/IpIoLib.h @@ -2,7 +2,7 @@ This library is only intended to be used by UEFI network stack modules. It provides the combined IpIo layer on the EFI IP4 Protocol and EFI IP6 = protocol. =20 -Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availabl= e under=20 the terms and conditions of the BSD License that accompanies this distribu= tion. =20 The full text of the license may be found at @@ -359,8 +359,9 @@ IpIoDestroy ( =20 @param[in, out] IpIo The pointer to the IP_IO instance that = needs to stop. =20 - @retval EFI_SUCCESS The IP_IO instance stopped successfully. - @retval Others Anrror condition occurred. + @retval EFI_SUCCESS The IP_IO instance stopped succe= ssfully. + @retval EFI_INVALID_PARAMETER Invalid input parameter. + @retval Others Error condition occurred. =20 **/ EFI_STATUS @@ -381,11 +382,12 @@ IpIoStop ( @param[in] OpenData The configuration data and callbacks= for the IP_IO instance. =20 - @retval EFI_SUCCESS The IP_IO instance opened with OpenD= ata - successfully. - @retval EFI_ACCESS_DENIED The IP_IO instance is configured; av= oid =20 - reopening it. - @retval Others An error condition occurred. + @retval EFI_SUCCESS The IP_IO instance opened with O= penData + successfully. + @retval EFI_ACCESS_DENIED The IP_IO instance is configured= , avoid to=20 + reopen it. + @retval EFI_INVALID_PARAMETER Invalid input parameter. + @retval Others Error condition occurred. =20 **/ EFI_STATUS @@ -518,7 +520,7 @@ IpIoRemoveIp ( @param[in] Src The local IP address. =20 @return The pointer to the IP protocol can be used for sending purpose a= nd its local - address is the same with Src. + address is the same with Src. NULL if failed. =20 **/ IP_IO_IP_INFO * diff --git a/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c b/MdeModulePkg/Li= brary/DxeIpIoLib/DxeIpIoLib.c index abc07fb0ff..33e2863419 100644 --- a/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c +++ b/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c @@ -2,7 +2,7 @@ IpIo Library. =20 (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
-Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at @@ -280,15 +280,22 @@ IpIoIcmpv4Handler ( UINT8 Type; UINT8 Code; UINT32 TrimBytes; - + =20 + ASSERT (IpIo !=3D NULL); + ASSERT (Pkt !=3D NULL); + ASSERT (Session !=3D NULL); ASSERT (IpIo->IpVersion =3D=3D IP_VERSION_4); - - IcmpHdr =3D NET_PROTO_HDR (Pkt, IP4_ICMP_ERROR_HEAD); - IpHdr =3D (EFI_IP4_HEADER *) (&IcmpHdr->IpHead); - + =20 // // Check the ICMP packet length. // + if (Pkt->TotalSize < sizeof (IP4_ICMP_ERROR_HEAD)) { + return EFI_ABORTED; + } + =20 + IcmpHdr =3D NET_PROTO_HDR (Pkt, IP4_ICMP_ERROR_HEAD); + IpHdr =3D (EFI_IP4_HEADER *) (&IcmpHdr->IpHead); + if (Pkt->TotalSize < ICMP_ERRLEN (IpHdr)) { =20 return EFI_ABORTED; @@ -412,6 +419,9 @@ IpIoIcmpv6Handler ( UINT32 TrimBytes; BOOLEAN Flag; =20 + ASSERT (IpIo !=3D NULL); + ASSERT (Pkt !=3D NULL); + ASSERT (Session !=3D NULL); ASSERT (IpIo->IpVersion =3D=3D IP_VERSION_6); =20 // @@ -1028,6 +1038,7 @@ IpIoListenHandlerDpc ( } =20 if (IpIo->IpVersion =3D=3D IP_VERSION_4) { + ASSERT (RxData->Ip4RxData.Header !=3D NULL); if (IP4_IS_LOCAL_BROADCAST (EFI_IP4 (RxData->Ip4RxData.Header->SourceA= ddress))) { // // The source address is a broadcast address, discard it. @@ -1052,6 +1063,11 @@ IpIoListenHandlerDpc ( } =20 // + // The fragment should always be valid for non-zero length packet. + // + ASSERT (RxData->Ip4RxData.FragmentCount !=3D 0); + + // // Create a netbuffer representing IPv4 packet // Pkt =3D NetbufFromExt ( @@ -1075,7 +1091,7 @@ IpIoListenHandlerDpc ( Session.IpHdrLen =3D RxData->Ip4RxData.HeaderLength; Session.IpVersion =3D IP_VERSION_4; } else { - + ASSERT (RxData->Ip6RxData.Header !=3D NULL); if (!NetIp6IsValidUnicast(&RxData->Ip6RxData.Header->SourceAddress)) { goto CleanUp; } @@ -1088,6 +1104,11 @@ IpIoListenHandlerDpc ( } =20 // + // The fragment should always be valid for non-zero length packet. + // + ASSERT (RxData->Ip6RxData.FragmentCount !=3D 0); + =20 + // // Create a netbuffer representing IPv6 packet // Pkt =3D NetbufFromExt ( @@ -1272,11 +1293,12 @@ ReleaseIpIo: @param[in] OpenData The configuration data and callbacks= for the IP_IO instance. =20 - @retval EFI_SUCCESS The IP_IO instance opened with OpenD= ata - successfully. - @retval EFI_ACCESS_DENIED The IP_IO instance is configured, av= oid to=20 - reopen it. - @retval Others Error condition occurred. + @retval EFI_SUCCESS The IP_IO instance opened with O= penData + successfully. + @retval EFI_ACCESS_DENIED The IP_IO instance is configured= , avoid to=20 + reopen it. + @retval EFI_INVALID_PARAMETER Invalid input parameter. + @retval Others Error condition occurred. =20 **/ EFI_STATUS @@ -1289,6 +1311,10 @@ IpIoOpen ( EFI_STATUS Status; UINT8 IpVersion; =20 + if (IpIo =3D=3D NULL || OpenData =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + if (IpIo->IsConfigured) { return EFI_ACCESS_DENIED; } @@ -1400,8 +1426,9 @@ ErrorExit: =20 @param[in, out] IpIo Pointer to the IP_IO instance that need= s to stop. =20 - @retval EFI_SUCCESS The IP_IO instance stopped successfully. - @retval Others Error condition occurred. + @retval EFI_SUCCESS The IP_IO instance stopped succe= ssfully. + @retval EFI_INVALID_PARAMETER Invalid input parameter. + @retval Others Error condition occurred. =20 **/ EFI_STATUS @@ -1414,6 +1441,10 @@ IpIoStop ( IP_IO_IP_INFO *IpInfo; UINT8 IpVersion; =20 + if (IpIo =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + if (!IpIo->IsConfigured) { return EFI_SUCCESS; } @@ -1916,6 +1947,10 @@ IpIoRemoveIp ( { =20 UINT8 IpVersion; + =20 + if (IpIo =3D=3D NULL || IpInfo =3D=3D NULL) { + return; + } =20 ASSERT (IpInfo->RefCnt > 0); =20 @@ -1980,7 +2015,7 @@ IpIoRemoveIp ( @param[in] Src The local IP address. =20 @return Pointer to the IP protocol can be used for sending purpose and i= ts local - address is the same with Src. + address is the same with Src. NULL if failed. =20 **/ IP_IO_IP_INFO * @@ -1996,7 +2031,13 @@ IpIoFindSender ( LIST_ENTRY *IpInfoEntry; IP_IO_IP_INFO *IpInfo; =20 - ASSERT ((IpVersion =3D=3D IP_VERSION_4) || (IpVersion =3D=3D IP_VERSION_= 6)); =20 + if (IpIo =3D=3D NULL || Src =3D=3D NULL) { + return NULL; + } + + if ((IpVersion !=3D IP_VERSION_4) && (IpVersion !=3D IP_VERSION_6)) { + return NULL; + } =20 NET_LIST_FOR_EACH (IpIoEntry, &mActiveIpIoList) { IpIoPtr =3D NET_LIST_USER_STRUCT (IpIoEntry, IP_IO, Entry); --=20 2.13.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel