From: Jiaxin Wu <jiaxin.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Ye Ting <ting.ye@intel.com>, Fu Siyuan <siyuan.fu@intel.com>,
Wang Fan <fan.wang@intel.com>, Wu Jiaxin <jiaxin.wu@intel.com>
Subject: [Patch 3/4] NetworkPkg/DnsDxe: Fix the potential memory leak issue.
Date: Tue, 5 Dec 2017 14:59:21 +0800 [thread overview]
Message-ID: <1512457162-9296-4-git-send-email-jiaxin.wu@intel.com> (raw)
In-Reply-To: <1512457162-9296-1-git-send-email-jiaxin.wu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
NetworkPkg/DnsDxe/DnsImpl.c | 131 ++++++++++++++++++++++++++++++++++++++++----
1 file changed, 121 insertions(+), 10 deletions(-)
diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
index 7c236a0..7057bfb 100644
--- a/NetworkPkg/DnsDxe/DnsImpl.c
+++ b/NetworkPkg/DnsDxe/DnsImpl.c
@@ -790,10 +790,14 @@ UpdateDns4Cache (
if (DeleteFlag) {
//
// Delete matching DNS Cache entry
//
RemoveEntryList (&Item->AllCacheLink);
+
+ FreePool (Item->DnsCache.HostName);
+ FreePool (Item->DnsCache.IpAddress);
+ FreePool (Item);
return EFI_SUCCESS;
} else if (Override) {
//
// Update this one
@@ -817,17 +821,20 @@ UpdateDns4Cache (
InitializeListHead (&NewDnsCache->AllCacheLink);
NewDnsCache->DnsCache.HostName = AllocatePool (StrSize (DnsCacheEntry.HostName));
if (NewDnsCache->DnsCache.HostName == NULL) {
+ FreePool (NewDnsCache);
return EFI_OUT_OF_RESOURCES;
}
CopyMem (NewDnsCache->DnsCache.HostName, DnsCacheEntry.HostName, StrSize (DnsCacheEntry.HostName));
NewDnsCache->DnsCache.IpAddress = AllocatePool (sizeof (EFI_IPv4_ADDRESS));
- if (NewDnsCache->DnsCache.IpAddress == NULL) {
+ if (NewDnsCache->DnsCache.IpAddress == NULL) {
+ FreePool (NewDnsCache->DnsCache.HostName);
+ FreePool (NewDnsCache);
return EFI_OUT_OF_RESOURCES;
}
CopyMem (NewDnsCache->DnsCache.IpAddress, DnsCacheEntry.IpAddress, sizeof (EFI_IPv4_ADDRESS));
@@ -882,10 +889,14 @@ UpdateDns6Cache (
//
// Delete matching DNS Cache entry
//
RemoveEntryList (&Item->AllCacheLink);
+ FreePool (Item->DnsCache.HostName);
+ FreePool (Item->DnsCache.IpAddress);
+ FreePool (Item);
+
return EFI_SUCCESS;
} else if (Override) {
//
// Update this one
//
@@ -908,17 +919,20 @@ UpdateDns6Cache (
InitializeListHead (&NewDnsCache->AllCacheLink);
NewDnsCache->DnsCache.HostName = AllocatePool (StrSize (DnsCacheEntry.HostName));
if (NewDnsCache->DnsCache.HostName == NULL) {
+ FreePool (NewDnsCache);
return EFI_OUT_OF_RESOURCES;
}
CopyMem (NewDnsCache->DnsCache.HostName, DnsCacheEntry.HostName, StrSize (DnsCacheEntry.HostName));
NewDnsCache->DnsCache.IpAddress = AllocatePool (sizeof (EFI_IPv6_ADDRESS));
- if (NewDnsCache->DnsCache.IpAddress == NULL) {
+ if (NewDnsCache->DnsCache.IpAddress == NULL) {
+ FreePool (NewDnsCache->DnsCache.HostName);
+ FreePool (NewDnsCache);
return EFI_OUT_OF_RESOURCES;
}
CopyMem (NewDnsCache->DnsCache.IpAddress, DnsCacheEntry.IpAddress, sizeof (EFI_IPv6_ADDRESS));
@@ -1254,31 +1268,31 @@ ParseDnsResponse (
if (Dns4TokenEntry->GeneralLookUp) {
//
// It's the GeneralLookUp querying.
//
- Dns4TokenEntry->Token->RspData.GLookupData = AllocatePool (sizeof (DNS_RESOURCE_RECORD));
+ Dns4TokenEntry->Token->RspData.GLookupData = AllocateZeroPool (sizeof (DNS_RESOURCE_RECORD));
if (Dns4TokenEntry->Token->RspData.GLookupData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
- Dns4TokenEntry->Token->RspData.GLookupData->RRList = AllocatePool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
+ Dns4TokenEntry->Token->RspData.GLookupData->RRList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
if (Dns4TokenEntry->Token->RspData.GLookupData->RRList == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
} else {
//
// It's not the GeneralLookUp querying. Check the Query type.
//
if (QuerySection->Type == DNS_TYPE_A) {
- Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA));
+ Dns4TokenEntry->Token->RspData.H2AData = AllocateZeroPool (sizeof (DNS_HOST_TO_ADDR_DATA));
if (Dns4TokenEntry->Token->RspData.H2AData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
- Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
+ Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
if (Dns4TokenEntry->Token->RspData.H2AData->IpList == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
} else {
@@ -1291,31 +1305,31 @@ ParseDnsResponse (
if (Dns6TokenEntry->GeneralLookUp) {
//
// It's the GeneralLookUp querying.
//
- Dns6TokenEntry->Token->RspData.GLookupData = AllocatePool (sizeof (DNS_RESOURCE_RECORD));
+ Dns6TokenEntry->Token->RspData.GLookupData = AllocateZeroPool (sizeof (DNS_RESOURCE_RECORD));
if (Dns6TokenEntry->Token->RspData.GLookupData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
- Dns6TokenEntry->Token->RspData.GLookupData->RRList = AllocatePool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
+ Dns6TokenEntry->Token->RspData.GLookupData->RRList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
if (Dns6TokenEntry->Token->RspData.GLookupData->RRList == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
} else {
//
// It's not the GeneralLookUp querying. Check the Query type.
//
if (QuerySection->Type == DNS_TYPE_AAAA) {
- Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA));
+ Dns6TokenEntry->Token->RspData.H2AData = AllocateZeroPool (sizeof (DNS6_HOST_TO_ADDR_DATA));
if (Dns6TokenEntry->Token->RspData.H2AData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
- Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
+ Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
if (Dns6TokenEntry->Token->RspData.H2AData->IpList == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
} else {
@@ -1601,10 +1615,101 @@ ON_COMPLETE:
DispatchDpc ();
}
}
ON_EXIT:
+ //
+ // Free the allocated buffer if error happen.
+ //
+ if (EFI_ERROR (Status)) {
+ if (Dns4TokenEntry != NULL) {
+ if (Dns4TokenEntry->GeneralLookUp) {
+ if (Dns4TokenEntry->Token->RspData.GLookupData != NULL) {
+ if (Dns4TokenEntry->Token->RspData.GLookupData->RRList != NULL) {
+ while (RRCount != 0) {
+ RRCount --;
+ if (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName != NULL) {
+ FreePool (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName);
+ }
+
+ if (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData != NULL) {
+ FreePool (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData);
+ }
+ }
+
+ FreePool (Dns4TokenEntry->Token->RspData.GLookupData->RRList);
+ }
+
+ FreePool (Dns4TokenEntry->Token->RspData.GLookupData);
+ }
+ } else {
+ if (QuerySection->Type == DNS_TYPE_A && Dns4TokenEntry->Token->RspData.H2AData != NULL) {
+ if (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL) {
+ FreePool (Dns4TokenEntry->Token->RspData.H2AData->IpList);
+ }
+
+ FreePool (Dns4TokenEntry->Token->RspData.H2AData);
+ }
+ }
+ }
+
+ if (Dns6TokenEntry != NULL) {
+ if (Dns6TokenEntry->GeneralLookUp) {
+ if (Dns6TokenEntry->Token->RspData.GLookupData != NULL) {
+ if (Dns6TokenEntry->Token->RspData.GLookupData->RRList != NULL) {
+ while (RRCount != 0) {
+ RRCount --;
+ if (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName != NULL) {
+ FreePool (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName);
+ }
+
+ if (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData != NULL) {
+ FreePool (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData);
+ }
+ }
+
+ FreePool (Dns6TokenEntry->Token->RspData.GLookupData->RRList);
+ }
+
+ FreePool (Dns6TokenEntry->Token->RspData.GLookupData);
+ }
+ } else {
+ if (QuerySection->Type == DNS_TYPE_AAAA && Dns6TokenEntry->Token->RspData.H2AData != NULL) {
+ if (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL) {
+ FreePool (Dns6TokenEntry->Token->RspData.H2AData->IpList);
+ }
+
+ FreePool (Dns6TokenEntry->Token->RspData.H2AData);
+ }
+ }
+ }
+
+ if (Dns4CacheEntry != NULL) {
+ if (Dns4CacheEntry->HostName != NULL) {
+ FreePool (Dns4CacheEntry->HostName);
+ }
+
+ if (Dns4CacheEntry->IpAddress != NULL) {
+ FreePool (Dns4CacheEntry->IpAddress);
+ }
+
+ FreePool (Dns4CacheEntry);
+ }
+
+ if (Dns6CacheEntry != NULL) {
+ if (Dns6CacheEntry->HostName != NULL) {
+ FreePool (Dns6CacheEntry->HostName);
+ }
+
+ if (Dns6CacheEntry->IpAddress != NULL) {
+ FreePool (Dns6CacheEntry->IpAddress);
+ }
+
+ FreePool (Dns6CacheEntry);
+ }
+ }
+
gBS->RestoreTPL (OldTpl);
return Status;
}
/**
@@ -2051,10 +2156,13 @@ DnsOnTimerUpdate (
Entry = mDriverData->Dns4CacheList.ForwardLink;
while (Entry != &mDriverData->Dns4CacheList) {
Item4 = NET_LIST_USER_STRUCT (Entry, DNS4_CACHE, AllCacheLink);
if (Item4->DnsCache.Timeout == 0) {
RemoveEntryList (&Item4->AllCacheLink);
+ FreePool (Item4->DnsCache.HostName);
+ FreePool (Item4->DnsCache.IpAddress);
+ FreePool (Item4);
Entry = mDriverData->Dns4CacheList.ForwardLink;
} else {
Entry = Entry->ForwardLink;
}
}
@@ -2070,10 +2178,13 @@ DnsOnTimerUpdate (
Entry = mDriverData->Dns6CacheList.ForwardLink;
while (Entry != &mDriverData->Dns6CacheList) {
Item6 = NET_LIST_USER_STRUCT (Entry, DNS6_CACHE, AllCacheLink);
if (Item6->DnsCache.Timeout == 0) {
RemoveEntryList (&Item6->AllCacheLink);
+ FreePool (Item6->DnsCache.HostName);
+ FreePool (Item6->DnsCache.IpAddress);
+ FreePool (Item6);
Entry = mDriverData->Dns6CacheList.ForwardLink;
} else {
Entry = Entry->ForwardLink;
}
}
--
1.9.5.msysgit.1
next prev parent reply other threads:[~2017-12-05 6:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-05 6:59 [Patch 0/4] NetworkPkg/DnsDxe: Fix several issues in DnsDxe driver Jiaxin Wu
2017-12-05 6:59 ` [Patch 1/4] NetworkPkg/DnsDxe: Remove the unnecessary if condition check in DNS.Config Jiaxin Wu
2017-12-05 6:59 ` [Patch 2/4] NetworkPkg/DnsDxe: Update RetryCount/RetryInterval to comply with UEFI spec Jiaxin Wu
2017-12-05 6:59 ` Jiaxin Wu [this message]
2017-12-05 6:59 ` [Patch 4/4] NetworkPkg/DnsDxe: Avoid to access the freed memory buffer Jiaxin Wu
2017-12-05 8:09 ` [Patch 0/4] NetworkPkg/DnsDxe: Fix several issues in DnsDxe driver Fu, Siyuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1512457162-9296-4-git-send-email-jiaxin.wu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox