From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <siyuan.fu@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id BEE921A1E43
 for <edk2-devel@lists.01.org>; Thu, 27 Oct 2016 03:51:45 -0700 (PDT)
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by fmsmga102.fm.intel.com with ESMTP; 27 Oct 2016 03:51:45 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,404,1473145200"; d="scan'208";a="24313902"
Received: from sfu5-mobl3.ccr.corp.intel.com ([10.239.192.133])
 by fmsmga005.fm.intel.com with ESMTP; 27 Oct 2016 03:51:44 -0700
From: Fu Siyuan <siyuan.fu@intel.com>
To: edk2-devel@lists.01.org
Cc: Ye Ting <ting.ye@intel.com>, Zhang Lubo <lubo.zhang@intel.com>,
 Wu Jiaxin <jiaxin.wu@intel.com>
Date: Thu, 27 Oct 2016 18:51:39 +0800
Message-Id: <1477565499-11764-4-git-send-email-siyuan.fu@intel.com>
X-Mailer: git-send-email 2.7.4.windows.1
In-Reply-To: <1477565499-11764-1-git-send-email-siyuan.fu@intel.com>
References: <1477565499-11764-1-git-send-email-siyuan.fu@intel.com>
Subject: [PATCH v2 3/3] NetworkPkg: Update IP4 stack drivers for classless address unicast check.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 10:51:46 -0000

V2 update:
Keep the zero address and broadcast check if network mask is not available.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
---
 NetworkPkg/IScsiDxe/IScsiConfig.c      | 16 ++++++++++----
 NetworkPkg/TcpDxe/TcpMain.c            |  6 ++---
 NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c    | 40 +++++++++++++++++++++++-----------
 NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c |  4 +++-
 4 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/NetworkPkg/IScsiDxe/IScsiConfig.c b/NetworkPkg/IScsiDxe/IScsiConfig.c
index 16a90a6..57571ad 100644
--- a/NetworkPkg/IScsiDxe/IScsiConfig.c
+++ b/NetworkPkg/IScsiDxe/IScsiConfig.c
@@ -164,7 +164,10 @@ IpIsUnicast (
   )
 {
   if (IpMode == IP_MODE_IP4) {
-    return NetIp4IsUnicast (NTOHL (Ip->Addr[0]), 0);
+    if (IP4_IS_UNSPECIFIED (NTOHL (Ip->Addr[0])) || IP4_IS_LOCAL_BROADCAST (NTOHL (Ip->Addr[0])))   {
+      return FALSE;
+    }
+    return TRUE;
   } else if (IpMode == IP_MODE_IP6) {
     return NetIp6IsValidUnicast (&Ip->v6);
   } else {
@@ -2349,7 +2352,9 @@ IScsiFormCallback (
 
     case KEY_LOCAL_IP:
       Status = NetLibStrToIp4 (IfrNvData->LocalIp, &HostIp.v4);
-      if (EFI_ERROR (Status) || !NetIp4IsUnicast (NTOHL (HostIp.Addr[0]), 0)) {
+      if (EFI_ERROR (Status) || 
+          ((Private->Current->SessionConfigData.SubnetMask.Addr[0] != 0) && 
+           !NetIp4IsUnicast (NTOHL (HostIp.Addr[0]), NTOHL(*(UINT32*)Private->Current->SessionConfigData.SubnetMask.Addr)))) {
         CreatePopUp (
           EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
           &Key,
@@ -2383,7 +2388,10 @@ IScsiFormCallback (
 
     case KEY_GATE_WAY:
       Status = NetLibStrToIp4 (IfrNvData->Gateway, &Gateway.v4);
-      if (EFI_ERROR (Status) || ((Gateway.Addr[0] != 0) && !NetIp4IsUnicast (NTOHL (Gateway.Addr[0]), 0))) {
+      if (EFI_ERROR (Status) || 
+          ((Gateway.Addr[0] != 0) && 
+           (Private->Current->SessionConfigData.SubnetMask.Addr[0] != 0) && 
+           !NetIp4IsUnicast (NTOHL (Gateway.Addr[0]), NTOHL(*(UINT32*)Private->Current->SessionConfigData.SubnetMask.Addr)))) {
         CreatePopUp (
           EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
           &Key,
@@ -2400,7 +2408,7 @@ IScsiFormCallback (
     case KEY_TARGET_IP:
       UnicodeStrToAsciiStrS (IfrNvData->TargetIp, IpString, sizeof (IpString));
       Status = IScsiAsciiStrToIp (IpString, IfrNvData->IpMode, &HostIp);
-      if (EFI_ERROR (Status) || !IpIsUnicast (&HostIp, IfrNvData->IpMode)) {
+      if (EFI_ERROR (Status) || IP4_IS_LOCAL_BROADCAST (EFI_NTOHL(HostIp.v4)) || IP4_IS_UNSPECIFIED (EFI_NTOHL(HostIp.v4))) {
         CreatePopUp (
           EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
           &Key,
diff --git a/NetworkPkg/TcpDxe/TcpMain.c b/NetworkPkg/TcpDxe/TcpMain.c
index 96a295a..03942ee 100644
--- a/NetworkPkg/TcpDxe/TcpMain.c
+++ b/NetworkPkg/TcpDxe/TcpMain.c
@@ -147,10 +147,10 @@ Tcp4Configure (
   if (NULL != TcpConfigData) {
 
     CopyMem (&Ip, &TcpConfigData->AccessPoint.RemoteAddress, sizeof (IP4_ADDR));
-    if ((Ip != 0) && !NetIp4IsUnicast (NTOHL (Ip), 0)) {
+    if (IP4_IS_LOCAL_BROADCAST (NTOHL (Ip))) {
       return EFI_INVALID_PARAMETER;
     }
-
+    
     if (TcpConfigData->AccessPoint.ActiveFlag && (0 == TcpConfigData->AccessPoint.RemotePort || (Ip == 0))) {
       return EFI_INVALID_PARAMETER;
     }
@@ -159,7 +159,7 @@ Tcp4Configure (
 
       CopyMem (&Ip, &TcpConfigData->AccessPoint.StationAddress, sizeof (IP4_ADDR));
       CopyMem (&SubnetMask, &TcpConfigData->AccessPoint.SubnetMask, sizeof (IP4_ADDR));
-      if (!NetIp4IsUnicast (NTOHL (Ip), 0) || !IP4_IS_VALID_NETMASK (NTOHL (SubnetMask))) {
+      if (!IP4_IS_VALID_NETMASK (NTOHL (SubnetMask)) || !NetIp4IsUnicast (NTOHL (Ip), NTOHL (SubnetMask))) {
         return EFI_INVALID_PARAMETER;
       }
     }
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c
index c7c5bd6..52095c5 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c
@@ -856,8 +856,7 @@ EfiPxeBcMtftp (
       (BufferSize == NULL) ||
       (ServerIp == NULL) ||
       ((BufferPtr == NULL) && DontUseBuffer) ||
-      ((BlockSize != NULL) && (*BlockSize < PXE_MTFTP_DEFAULT_BLOCK_SIZE)) ||
-      (!NetIp4IsUnicast (NTOHL (ServerIp->Addr[0]), 0) && !NetIp6IsValidUnicast (&ServerIp->v6))) {
+      ((BlockSize != NULL) && (*BlockSize < PXE_MTFTP_DEFAULT_BLOCK_SIZE))) {
     return EFI_INVALID_PARAMETER;
   }
 
@@ -867,6 +866,16 @@ EfiPxeBcMtftp (
   Mode      = Private->PxeBc.Mode;
 
   if (Mode->UsingIpv6) {
+    if (!NetIp6IsValidUnicast (&ServerIp->v6)) {
+      return EFI_INVALID_PARAMETER;
+    }
+  } else {
+    if (IP4_IS_UNSPECIFIED (NTOHL (ServerIp->Addr[0])) || IP4_IS_LOCAL_BROADCAST (NTOHL (ServerIp->Addr[0])))   {
+      return EFI_INVALID_PARAMETER;
+    }
+  }
+
+  if (Mode->UsingIpv6) {
     //
     // Set configuration data for Mtftp6 instance.
     //
@@ -1076,7 +1085,7 @@ EfiPxeBcUdpWrite (
     DoNotFragment = TRUE;
   }
 
-  if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL (GatewayIp->Addr[0]), 0)) {
+  if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL (GatewayIp->Addr[0]), EFI_NTOHL(Mode->SubnetMask))) {
     //
     // Gateway is provided but it's not a unicast IPv4 address, while it will be ignored for IPv6.
     //
@@ -1587,13 +1596,16 @@ EfiPxeBcSetIpFilter (
       //
       return EFI_INVALID_PARAMETER;
     }
-    if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0 &&
-        (NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4), 0) ||
-         NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6))) {
-      //
-      // If EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP is set and IPv4/IPv6 address
-      // is in IpList, promiscuous mode is needed.
-      //
+    if (Mode->UsingIpv6) {
+      if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0 &&
+          NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6)) {
+        NeedPromiscuous = TRUE;
+      }
+    } else if ((EFI_NTOHL(Mode->StationIp) != 0) &&
+               (EFI_NTOHL(Mode->SubnetMask) != 0) &&
+               IP4_NET_EQUAL(EFI_NTOHL(Mode->StationIp), EFI_NTOHL(NewFilter->IpList[Index].v4), EFI_NTOHL(Mode->SubnetMask.v4)) &&
+               NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4), EFI_NTOHL(Mode->SubnetMask)) &&
+               ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0)) {
       NeedPromiscuous = TRUE;
     }
   }
@@ -1987,9 +1999,7 @@ EfiPxeBcSetStationIP (
     return EFI_INVALID_PARAMETER;
   }
 
-  if (NewStationIp != NULL &&
-      (!NetIp4IsUnicast (NTOHL (NewStationIp->Addr[0]), 0) &&
-       !NetIp6IsValidUnicast (&NewStationIp->v6))) {
+  if (NewStationIp != NULL && !NetIp6IsValidUnicast (&NewStationIp->v6)) {
     return EFI_INVALID_PARAMETER;
   }
 
@@ -2003,6 +2013,10 @@ EfiPxeBcSetStationIP (
     return EFI_INVALID_PARAMETER;
   }
 
+  if (!Mode->UsingIpv6 && NewStationIp != NULL && !NetIp4IsUnicast (NTOHL (NewStationIp->Addr[0]), NTOHL (NewSubnetMask->Addr[0]))) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   if (!Mode->Started) {
     return EFI_NOT_STARTED;
   }
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c
index 3ea9518..00c652d 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c
@@ -258,7 +258,9 @@ PxeBcIcmpErrorDpcHandle (
   }
 
   if (EFI_IP4 (RxData->Header->SourceAddress) != 0 &&
-      !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress), 0)) {
+      (NTOHL (Mode->SubnetMask.Addr[0]) != 0) &&
+      IP4_NET_EQUAL (NTOHL(Mode->StationIp.Addr[0]), EFI_NTOHL (RxData->Header->SourceAddress), NTOHL (Mode->SubnetMask.Addr[0])) &&
+      !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress), NTOHL (Mode->SubnetMask.Addr[0]))) {
     //
     // The source address of the received packet should be a valid unicast address.
     //
-- 
2.7.4.windows.1