From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2D12121A04811 for ; Thu, 13 Apr 2017 03:36:47 -0700 (PDT) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Apr 2017 03:36:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.37,194,1488873600"; d="scan'208";a="1155316259" Received: from zcui6-mobl.ccr.corp.intel.com (HELO JIAXINWU-MOBL2.ccr.corp.intel.com) ([10.255.27.187]) by fmsmga002.fm.intel.com with ESMTP; 13 Apr 2017 03:36:45 -0700 From: Jiaxin Wu To: edk2-devel@lists.01.org Cc: Ye Ting , Fu Siyuan , Zhang Lubo , Wu Jiaxin Date: Thu, 13 Apr 2017 18:36:42 +0800 Message-Id: <1492079802-180-1-git-send-email-jiaxin.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.1 Subject: [Patch] NetworkPkg/HttpDxe: Fix HTTP download OS image over 4G size failure X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 10:36:47 -0000 UINT32 integer overflow will happen once the download OS image over 4G size. This patch is to fix this issue. Cc: Ye Ting Cc: Fu Siyuan Cc: Zhang Lubo Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin --- NetworkPkg/HttpDxe/HttpProto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index 3d61ba2..3fda294 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -2029,24 +2029,24 @@ HttpTcpReceiveBody ( ASSERT (Tcp4 != NULL); } if (HttpInstance->LocalAddressIsIPv6) { Rx6Token = &Wrap->TcpWrap.Rx6Token; - Rx6Token ->Packet.RxData->DataLength = (UINT32) HttpMsg->BodyLength; - Rx6Token ->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) HttpMsg->BodyLength; + Rx6Token ->Packet.RxData->DataLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); + Rx6Token ->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); Rx6Token ->Packet.RxData->FragmentTable[0].FragmentBuffer = (VOID *) HttpMsg->Body; Rx6Token->CompletionToken.Status = EFI_NOT_READY; Status = Tcp6->Receive (Tcp6, Rx6Token); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "Tcp6 receive failed: %r\n", Status)); return Status; } } else { Rx4Token = &Wrap->TcpWrap.Rx4Token; - Rx4Token->Packet.RxData->DataLength = (UINT32) HttpMsg->BodyLength; - Rx4Token->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) HttpMsg->BodyLength; + Rx4Token->Packet.RxData->DataLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); + Rx4Token->Packet.RxData->FragmentTable[0].FragmentLength = (UINT32) MIN (MAX_UINT32, HttpMsg->BodyLength); Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer = (VOID *) HttpMsg->Body; Rx4Token->CompletionToken.Status = EFI_NOT_READY; Status = Tcp4->Receive (Tcp4, Rx4Token); if (EFI_ERROR (Status)) { -- 1.9.5.msysgit.1