public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Jiaxin Wu <jiaxin.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Ye Ting <ting.ye@intel.com>, Fu Siyuan <siyuan.fu@intel.com>,
	Wang Fan <fan.wang@intel.com>, Wu Jiaxin <jiaxin.wu@intel.com>
Subject: [Patch 3/4] NetworkPkg/DnsDxe: Fix the potential memory leak issue.
Date: Tue,  5 Dec 2017 14:59:21 +0800	[thread overview]
Message-ID: <1512457162-9296-4-git-send-email-jiaxin.wu@intel.com> (raw)
In-Reply-To: <1512457162-9296-1-git-send-email-jiaxin.wu@intel.com>

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 NetworkPkg/DnsDxe/DnsImpl.c | 131 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 121 insertions(+), 10 deletions(-)

diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
index 7c236a0..7057bfb 100644
--- a/NetworkPkg/DnsDxe/DnsImpl.c
+++ b/NetworkPkg/DnsDxe/DnsImpl.c
@@ -790,10 +790,14 @@ UpdateDns4Cache (
       if (DeleteFlag) {
         //
         // Delete matching DNS Cache entry
         //
         RemoveEntryList (&Item->AllCacheLink);
+
+        FreePool (Item->DnsCache.HostName);
+        FreePool (Item->DnsCache.IpAddress);
+        FreePool (Item);
         
         return EFI_SUCCESS;
       } else if (Override) {
         //
         // Update this one
@@ -817,17 +821,20 @@ UpdateDns4Cache (
   
   InitializeListHead (&NewDnsCache->AllCacheLink);
    
   NewDnsCache->DnsCache.HostName = AllocatePool (StrSize (DnsCacheEntry.HostName));
   if (NewDnsCache->DnsCache.HostName == NULL) { 
+    FreePool (NewDnsCache);
     return EFI_OUT_OF_RESOURCES;
   }
   
   CopyMem (NewDnsCache->DnsCache.HostName, DnsCacheEntry.HostName, StrSize (DnsCacheEntry.HostName));
 
   NewDnsCache->DnsCache.IpAddress = AllocatePool (sizeof (EFI_IPv4_ADDRESS));
-  if (NewDnsCache->DnsCache.IpAddress == NULL) { 
+  if (NewDnsCache->DnsCache.IpAddress == NULL) {
+    FreePool (NewDnsCache->DnsCache.HostName);
+    FreePool (NewDnsCache);
     return EFI_OUT_OF_RESOURCES;
   }
 
   CopyMem (NewDnsCache->DnsCache.IpAddress, DnsCacheEntry.IpAddress, sizeof (EFI_IPv4_ADDRESS));
 
@@ -882,10 +889,14 @@ UpdateDns6Cache (
         //
         // Delete matching DNS Cache entry
         //
         RemoveEntryList (&Item->AllCacheLink);
         
+        FreePool (Item->DnsCache.HostName);
+        FreePool (Item->DnsCache.IpAddress);
+        FreePool (Item);
+        
         return EFI_SUCCESS;
       } else if (Override) {
         //
         // Update this one
         //
@@ -908,17 +919,20 @@ UpdateDns6Cache (
   
   InitializeListHead (&NewDnsCache->AllCacheLink);
    
   NewDnsCache->DnsCache.HostName = AllocatePool (StrSize (DnsCacheEntry.HostName));
   if (NewDnsCache->DnsCache.HostName == NULL) { 
+    FreePool (NewDnsCache);
     return EFI_OUT_OF_RESOURCES;
   }
   
   CopyMem (NewDnsCache->DnsCache.HostName, DnsCacheEntry.HostName, StrSize (DnsCacheEntry.HostName));
 
   NewDnsCache->DnsCache.IpAddress = AllocatePool (sizeof (EFI_IPv6_ADDRESS));
-  if (NewDnsCache->DnsCache.IpAddress == NULL) { 
+  if (NewDnsCache->DnsCache.IpAddress == NULL) {
+    FreePool (NewDnsCache->DnsCache.HostName);
+    FreePool (NewDnsCache);
     return EFI_OUT_OF_RESOURCES;
   }
   
   CopyMem (NewDnsCache->DnsCache.IpAddress, DnsCacheEntry.IpAddress, sizeof (EFI_IPv6_ADDRESS));
 
@@ -1254,31 +1268,31 @@ ParseDnsResponse (
 
     if (Dns4TokenEntry->GeneralLookUp) {
       //
       // It's the GeneralLookUp querying.
       //
-      Dns4TokenEntry->Token->RspData.GLookupData = AllocatePool (sizeof (DNS_RESOURCE_RECORD));
+      Dns4TokenEntry->Token->RspData.GLookupData = AllocateZeroPool (sizeof (DNS_RESOURCE_RECORD));
       if (Dns4TokenEntry->Token->RspData.GLookupData == NULL) {
         Status = EFI_OUT_OF_RESOURCES;
         goto ON_EXIT;
       }
-      Dns4TokenEntry->Token->RspData.GLookupData->RRList = AllocatePool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
+      Dns4TokenEntry->Token->RspData.GLookupData->RRList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
       if (Dns4TokenEntry->Token->RspData.GLookupData->RRList == NULL) {
         Status = EFI_OUT_OF_RESOURCES;
         goto ON_EXIT;
       }
     } else {
       //
       // It's not the GeneralLookUp querying. Check the Query type.
       //
       if (QuerySection->Type == DNS_TYPE_A) {
-        Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA));
+        Dns4TokenEntry->Token->RspData.H2AData = AllocateZeroPool (sizeof (DNS_HOST_TO_ADDR_DATA));
         if (Dns4TokenEntry->Token->RspData.H2AData == NULL) {
           Status = EFI_OUT_OF_RESOURCES;
           goto ON_EXIT;
         }
-        Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
+        Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
         if (Dns4TokenEntry->Token->RspData.H2AData->IpList == NULL) {
           Status = EFI_OUT_OF_RESOURCES;
           goto ON_EXIT;
         }
       } else {
@@ -1291,31 +1305,31 @@ ParseDnsResponse (
 
     if (Dns6TokenEntry->GeneralLookUp) {
       //
       // It's the GeneralLookUp querying.
       //
-      Dns6TokenEntry->Token->RspData.GLookupData = AllocatePool (sizeof (DNS_RESOURCE_RECORD));
+      Dns6TokenEntry->Token->RspData.GLookupData = AllocateZeroPool (sizeof (DNS_RESOURCE_RECORD));
       if (Dns6TokenEntry->Token->RspData.GLookupData == NULL) {
         Status = EFI_OUT_OF_RESOURCES;
         goto ON_EXIT;
       }
-      Dns6TokenEntry->Token->RspData.GLookupData->RRList = AllocatePool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
+      Dns6TokenEntry->Token->RspData.GLookupData->RRList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (DNS_RESOURCE_RECORD));
       if (Dns6TokenEntry->Token->RspData.GLookupData->RRList == NULL) {
         Status = EFI_OUT_OF_RESOURCES;
         goto ON_EXIT;
       }
     } else {
       //
       // It's not the GeneralLookUp querying. Check the Query type.
       //
       if (QuerySection->Type == DNS_TYPE_AAAA) {
-        Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA));
+        Dns6TokenEntry->Token->RspData.H2AData = AllocateZeroPool (sizeof (DNS6_HOST_TO_ADDR_DATA));
         if (Dns6TokenEntry->Token->RspData.H2AData == NULL) {
           Status = EFI_OUT_OF_RESOURCES;
           goto ON_EXIT;
         }
-        Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
+        Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocateZeroPool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
         if (Dns6TokenEntry->Token->RspData.H2AData->IpList == NULL) {
           Status = EFI_OUT_OF_RESOURCES;
           goto ON_EXIT;
         }
       } else {
@@ -1601,10 +1615,101 @@ ON_COMPLETE:
       DispatchDpc ();
     }
   }
 
 ON_EXIT:
+  //
+  // Free the allocated buffer if error happen.
+  //
+  if (EFI_ERROR (Status)) {
+    if (Dns4TokenEntry != NULL) {
+      if (Dns4TokenEntry->GeneralLookUp) {
+        if (Dns4TokenEntry->Token->RspData.GLookupData != NULL) {
+          if (Dns4TokenEntry->Token->RspData.GLookupData->RRList != NULL) {
+            while (RRCount != 0) {
+              RRCount --;
+              if (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName != NULL) {
+                FreePool (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName);
+              }
+
+              if (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData != NULL) {
+                FreePool (Dns4TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData);
+              }
+            }
+            
+            FreePool (Dns4TokenEntry->Token->RspData.GLookupData->RRList);
+          }
+          
+          FreePool (Dns4TokenEntry->Token->RspData.GLookupData);
+        }
+      } else {
+        if (QuerySection->Type == DNS_TYPE_A && Dns4TokenEntry->Token->RspData.H2AData != NULL) {
+          if (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL) {
+            FreePool (Dns4TokenEntry->Token->RspData.H2AData->IpList);
+          }
+          
+          FreePool (Dns4TokenEntry->Token->RspData.H2AData);
+        }
+      }
+    }
+
+    if (Dns6TokenEntry != NULL) {
+      if (Dns6TokenEntry->GeneralLookUp) {
+        if (Dns6TokenEntry->Token->RspData.GLookupData != NULL) {
+          if (Dns6TokenEntry->Token->RspData.GLookupData->RRList != NULL) {
+            while (RRCount != 0) {
+              RRCount --;
+              if (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName != NULL) {
+                FreePool (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].QName);
+              }
+
+              if (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData != NULL) {
+                FreePool (Dns6TokenEntry->Token->RspData.GLookupData->RRList[RRCount].RData);
+              }
+            }
+            
+            FreePool (Dns6TokenEntry->Token->RspData.GLookupData->RRList);
+          }
+          
+          FreePool (Dns6TokenEntry->Token->RspData.GLookupData);
+        }
+      } else {
+        if (QuerySection->Type == DNS_TYPE_AAAA && Dns6TokenEntry->Token->RspData.H2AData != NULL) {
+          if (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL) {
+            FreePool (Dns6TokenEntry->Token->RspData.H2AData->IpList);
+          }
+          
+          FreePool (Dns6TokenEntry->Token->RspData.H2AData);
+        }
+      }
+    }
+
+    if (Dns4CacheEntry != NULL) {
+      if (Dns4CacheEntry->HostName != NULL) {
+        FreePool (Dns4CacheEntry->HostName);
+      }
+
+      if (Dns4CacheEntry->IpAddress != NULL) {
+        FreePool (Dns4CacheEntry->IpAddress);
+      }
+
+      FreePool (Dns4CacheEntry);
+    }
+
+    if (Dns6CacheEntry != NULL) {
+      if (Dns6CacheEntry->HostName != NULL) {
+        FreePool (Dns6CacheEntry->HostName);
+      }
+
+      if (Dns6CacheEntry->IpAddress != NULL) {
+        FreePool (Dns6CacheEntry->IpAddress);
+      }
+
+      FreePool (Dns6CacheEntry);
+    }    
+  }
+  
   gBS->RestoreTPL (OldTpl);
   return Status;
 }
 
 /**
@@ -2051,10 +2156,13 @@ DnsOnTimerUpdate (
   Entry = mDriverData->Dns4CacheList.ForwardLink;
   while (Entry != &mDriverData->Dns4CacheList) {
     Item4 = NET_LIST_USER_STRUCT (Entry, DNS4_CACHE, AllCacheLink);
     if (Item4->DnsCache.Timeout == 0) {
       RemoveEntryList (&Item4->AllCacheLink);
+      FreePool (Item4->DnsCache.HostName);
+      FreePool (Item4->DnsCache.IpAddress);
+      FreePool (Item4);
       Entry = mDriverData->Dns4CacheList.ForwardLink;
     } else {
       Entry = Entry->ForwardLink;
     }
   }
@@ -2070,10 +2178,13 @@ DnsOnTimerUpdate (
   Entry = mDriverData->Dns6CacheList.ForwardLink;
   while (Entry != &mDriverData->Dns6CacheList) {
     Item6 = NET_LIST_USER_STRUCT (Entry, DNS6_CACHE, AllCacheLink);
     if (Item6->DnsCache.Timeout == 0) {
       RemoveEntryList (&Item6->AllCacheLink);
+      FreePool (Item6->DnsCache.HostName);
+      FreePool (Item6->DnsCache.IpAddress);
+      FreePool (Item6);
       Entry = mDriverData->Dns6CacheList.ForwardLink;
     } else {
       Entry = Entry->ForwardLink;
     }
   }
-- 
1.9.5.msysgit.1



  parent reply	other threads:[~2017-12-05  6:55 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-05  6:59 [Patch 0/4] NetworkPkg/DnsDxe: Fix several issues in DnsDxe driver Jiaxin Wu
2017-12-05  6:59 ` [Patch 1/4] NetworkPkg/DnsDxe: Remove the unnecessary if condition check in DNS.Config Jiaxin Wu
2017-12-05  6:59 ` [Patch 2/4] NetworkPkg/DnsDxe: Update RetryCount/RetryInterval to comply with UEFI spec Jiaxin Wu
2017-12-05  6:59 ` Jiaxin Wu [this message]
2017-12-05  6:59 ` [Patch 4/4] NetworkPkg/DnsDxe: Avoid to access the freed memory buffer Jiaxin Wu
2017-12-05  8:09 ` [Patch 0/4] NetworkPkg/DnsDxe: Fix several issues in DnsDxe driver Fu, Siyuan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1512457162-9296-4-git-send-email-jiaxin.wu@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox