From nobody Fri May 3 00:28:01 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=intel.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1530085653694863.027118201206; Wed, 27 Jun 2018 00:47:33 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id B5646202E53FC; Wed, 27 Jun 2018 00:47:32 -0700 (PDT) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B784221B02845 for ; Wed, 27 Jun 2018 00:47:31 -0700 (PDT) Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jun 2018 00:47:30 -0700 Received: from jiaxinwu-mobl.ccr.corp.intel.com ([10.239.192.112]) by fmsmga006.fm.intel.com with ESMTP; 27 Jun 2018 00:47:29 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,278,1526367600"; d="scan'208";a="241014120" From: Jiaxin Wu To: edk2-devel@lists.01.org Date: Wed, 27 Jun 2018 15:47:21 +0800 Message-Id: <20180627074721.972-1-Jiaxin.wu@intel.com> X-Mailer: git-send-email 2.17.1.windows.2 Subject: [edk2] [Patch] NetworkPkg/HttpDxe: Fix the bug when parsing HTTP(S) message body. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ye Ting , Fu Siyuan , Wu Jiaxin MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" HttpBodyParserCallback function is to parse the HTTP(S) message body so as = to confirm whether there is the next message header. But it doesn't record the parsing message data/length correctly. This patch is refine the parsing logic so as to fix the potential failure. Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin Reviewed-by: Fu Siyuan --- NetworkPkg/HttpDxe/HttpImpl.c | 114 +++++++++++++++++---------------- NetworkPkg/HttpDxe/HttpProto.c | 10 +++ NetworkPkg/HttpDxe/HttpProto.h | 12 +++- 3 files changed, 79 insertions(+), 57 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index a2af59674a..7f601db5c6 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -914,10 +914,11 @@ HttpBodyParserCallback ( IN CHAR8 *Data, IN UINTN Length, IN VOID *Context ) { + HTTP_CALLBACK_DATA *CallbackData; HTTP_TOKEN_WRAP *Wrap; UINTN BodyLength; CHAR8 *Body; =20 if (EventType !=3D BodyParseEventOnComplete) { @@ -926,24 +927,21 @@ HttpBodyParserCallback ( =20 if (Data =3D=3D NULL || Length !=3D 0 || Context =3D=3D NULL) { return EFI_SUCCESS; } =20 - Wrap =3D (HTTP_TOKEN_WRAP *) Context; - Body =3D Wrap->HttpToken->Message->Body; - BodyLength =3D Wrap->HttpToken->Message->BodyLength; + CallbackData =3D (HTTP_CALLBACK_DATA *) Context; + =20 + Wrap =3D (HTTP_TOKEN_WRAP *) (CallbackData->Wrap); + Body =3D CallbackData->ParseData; + BodyLength =3D CallbackData->ParseDataLength; + =20 if (Data < Body + BodyLength) { Wrap->HttpInstance->NextMsg =3D Data; } else { Wrap->HttpInstance->NextMsg =3D NULL; } - =20 - - // - // Free Tx4Token or Tx6Token since already received corrsponding HTTP re= sponse. - // - FreePool (Wrap); =20 return EFI_SUCCESS; } =20 /** @@ -1189,33 +1187,43 @@ HttpResponseWorker ( HttpInstance->Method, HttpMsg->Data.Response->StatusCode, HttpMsg->HeaderCount, HttpMsg->Headers, HttpBodyParserCallback, - (VOID *) ValueInItem, + (VOID *) (&HttpInstance->CallbackData), &HttpInstance->MsgParser ); if (EFI_ERROR (Status)) { goto Error2; } =20 // // Check whether we received a complete HTTP message. // if (HttpInstance->CacheBody !=3D NULL) { + // + // Record the CallbackData data. + // + HttpInstance->CallbackData.Wrap =3D (VOID *) Wrap; + HttpInstance->CallbackData.ParseData =3D (VOID *) HttpInstance->Ca= cheBody; + HttpInstance->CallbackData.ParseDataLength =3D HttpInstance->Cache= Len; + =20 + // + // Parse message with CallbackData data. + // Status =3D HttpParseMessageBody (HttpInstance->MsgParser, HttpInst= ance->CacheLen, HttpInstance->CacheBody); if (EFI_ERROR (Status)) { goto Error2; } + } =20 - if (HttpIsMessageComplete (HttpInstance->MsgParser)) { - // - // Free the MsgParse since we already have a full HTTP message. - // - HttpFreeMsgParser (HttpInstance->MsgParser); - HttpInstance->MsgParser =3D NULL; - } + if (HttpIsMessageComplete (HttpInstance->MsgParser)) { + // + // Free the MsgParse since we already have a full HTTP message. + // + HttpFreeMsgParser (HttpInstance->MsgParser); + HttpInstance->MsgParser =3D NULL; } } =20 if ((HttpMsg->Body =3D=3D NULL) || (HttpMsg->BodyLength =3D=3D 0)) { Status =3D EFI_SUCCESS; @@ -1330,16 +1338,30 @@ HttpResponseWorker ( if (EFI_ERROR (Status)) { goto Error2; } =20 // - // Check whether we receive a complete HTTP message. + // Process the received the body packet. + // + HttpMsg->BodyLength =3D MIN (Fragment.Len, (UINT32) HttpMsg->BodyLengt= h); + =20 + CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); + =20 + // + // Record the CallbackData data. + // + HttpInstance->CallbackData.Wrap =3D (VOID *) Wrap; + HttpInstance->CallbackData.ParseData =3D HttpMsg->Body; + HttpInstance->CallbackData.ParseDataLength =3D HttpMsg->BodyLength; + + // + // Parse Body with CallbackData data. // Status =3D HttpParseMessageBody ( HttpInstance->MsgParser, - (UINTN) Fragment.Len, - (CHAR8 *) Fragment.Bulk + HttpMsg->BodyLength, + HttpMsg->Body ); if (EFI_ERROR (Status)) { goto Error2; } =20 @@ -1350,51 +1372,31 @@ HttpResponseWorker ( HttpFreeMsgParser (HttpInstance->MsgParser); HttpInstance->MsgParser =3D NULL; } =20 // - // We receive part of header of next HTTP msg. + // Check whether there is the next message header in the HttpMsg->Body. // if (HttpInstance->NextMsg !=3D NULL) { - HttpMsg->BodyLength =3D MIN ((UINTN) HttpInstance->NextMsg - (UINTN)= Fragment.Bulk, HttpMsg->BodyLength); - CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); - =20 - HttpInstance->CacheLen =3D Fragment.Len - HttpMsg->BodyLength; - if (HttpInstance->CacheLen !=3D 0) { - if (HttpInstance->CacheBody !=3D NULL) { - FreePool (HttpInstance->CacheBody); - } - =20 - HttpInstance->CacheBody =3D AllocateZeroPool (HttpInstance->CacheL= en); - if (HttpInstance->CacheBody =3D=3D NULL) { - Status =3D EFI_OUT_OF_RESOURCES; - goto Error2; - } - =20 - CopyMem (HttpInstance->CacheBody, Fragment.Bulk + HttpMsg->BodyLen= gth, HttpInstance->CacheLen); - HttpInstance->CacheOffset =3D 0; + HttpMsg->BodyLength =3D HttpInstance->NextMsg - (CHAR8 *) HttpMsg->B= ody; + } =20 - HttpInstance->NextMsg =3D HttpInstance->CacheBody + ((UINTN) HttpI= nstance->NextMsg - (UINTN) (Fragment.Bulk + HttpMsg->BodyLength)); + HttpInstance->CacheLen =3D Fragment.Len - HttpMsg->BodyLength; + if (HttpInstance->CacheLen !=3D 0) { + if (HttpInstance->CacheBody !=3D NULL) { + FreePool (HttpInstance->CacheBody); } - } else { - HttpMsg->BodyLength =3D MIN (Fragment.Len, (UINT32) HttpMsg->BodyLen= gth); - CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); - HttpInstance->CacheLen =3D Fragment.Len - HttpMsg->BodyLength; - if (HttpInstance->CacheLen !=3D 0) { - if (HttpInstance->CacheBody !=3D NULL) { - FreePool (HttpInstance->CacheBody); - } - =20 - HttpInstance->CacheBody =3D AllocateZeroPool (HttpInstance->CacheL= en); - if (HttpInstance->CacheBody =3D=3D NULL) { - Status =3D EFI_OUT_OF_RESOURCES; - goto Error2; - } - - CopyMem (HttpInstance->CacheBody, Fragment.Bulk + HttpMsg->BodyLen= gth, HttpInstance->CacheLen); - HttpInstance->CacheOffset =3D 0; + =20 + HttpInstance->CacheBody =3D AllocateZeroPool (HttpInstance->CacheLen= ); + if (HttpInstance->CacheBody =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Error2; } + + CopyMem (HttpInstance->CacheBody, Fragment.Bulk + HttpMsg->BodyLengt= h, HttpInstance->CacheLen); + HttpInstance->CacheOffset =3D 0; + HttpInstance->NextMsg =3D HttpInstance->CacheBody; } =20 if (Fragment.Bulk !=3D NULL) { FreePool (Fragment.Bulk); Fragment.Bulk =3D NULL; diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index 35c4a166c4..6dc292d5cc 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -194,11 +194,21 @@ HttpTcpReceiveNotifyDpc ( if (UsingIpv6) { Length =3D (UINTN) Wrap->TcpWrap.Rx6Data.FragmentTable[0].FragmentLeng= th; } else { Length =3D (UINTN) Wrap->TcpWrap.Rx4Data.FragmentTable[0].FragmentLeng= th; } + =20 + // + // Record the CallbackData data. + // + HttpInstance->CallbackData.Wrap =3D (VOID *) Wrap; + HttpInstance->CallbackData.ParseData =3D Wrap->HttpToken->Message->Body; + HttpInstance->CallbackData.ParseDataLength =3D Length; =20 + // + // Parse Body with CallbackData data. + // Status =3D HttpParseMessageBody ( HttpInstance->MsgParser, Length, Wrap->HttpToken->Message->Body ); diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h index 04d36aaca0..4d96792ba7 100644 --- a/NetworkPkg/HttpDxe/HttpProto.h +++ b/NetworkPkg/HttpDxe/HttpProto.h @@ -1,9 +1,9 @@ /** @file The header files of miscellaneous routines for HttpDxe driver. =20 -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD = License which accompanies this distribution. The full text of the license may be = found at http://opensource.org/licenses/bsd-license.php @@ -89,10 +89,19 @@ typedef struct { EFI_TLS_CONNECTION_END ConnectionEnd; EFI_TLS_VERIFY VerifyMethod; EFI_TLS_SESSION_STATE SessionState; } TLS_CONFIG_DATA; =20 +// +// Callback data for HTTP_PARSER_CALLBACK() +// +typedef struct { + UINTN ParseDataLength; + VOID *ParseData; + VOID *Wrap; +} HTTP_CALLBACK_DATA; + typedef struct _HTTP_PROTOCOL { UINT32 Signature; EFI_HTTP_PROTOCOL Http; EFI_HANDLE Handle; HTTP_SERVICE *Service; @@ -147,10 +156,11 @@ typedef struct _HTTP_PROTOCOL { =20 // // HTTP message-body parser. // VOID *MsgParser; + HTTP_CALLBACK_DATA CallbackData; =20 EFI_HTTP_VERSION HttpVersion; UINT32 TimeOutMillisec; BOOLEAN LocalAddressIsIPv6; =20 --=20 2.17.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel