From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=195.135.221.5; helo=smtp.nue.novell.com; envelope-from=glin@suse.com; receiver=edk2-devel@lists.01.org Received: from smtp.nue.novell.com (smtp.nue.novell.com [195.135.221.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 52822210E4340 for ; Tue, 3 Jul 2018 19:14:39 -0700 (PDT) Received: from emea4-mta.ukb.novell.com ([10.120.13.87]) by smtp.nue.novell.com with ESMTP (TLS encrypted); Wed, 04 Jul 2018 04:14:38 +0200 Received: from GaryWorkstation (nwb-a10-snat.microfocus.com [10.120.13.202]) by emea4-mta.ukb.novell.com with ESMTP (TLS encrypted); Wed, 04 Jul 2018 03:14:06 +0100 Date: Wed, 4 Jul 2018 10:14:00 +0800 From: Gary Lin To: Jiaxin Wu Cc: edk2-devel@lists.01.org, Ye Ting , Fu Siyuan Message-ID: <20180704021400.rbmil3o6dm3m5rxb@GaryWorkstation> References: <20180704004052.4560-1-Jiaxin.wu@intel.com> MIME-Version: 1.0 In-Reply-To: <20180704004052.4560-1-Jiaxin.wu@intel.com> User-Agent: NeoMutt/20170912 (1.9.0) Subject: Re: [Patch v3] NetworkPkg/HttpDxe: Fix the bug when parsing HTTP(S) message body. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jul 2018 02:14:41 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Jul 04, 2018 at 08:40:52AM +0800, Jiaxin Wu wrote: > *v2: Resolve the conflict commit. > > *v3: Fixed the failure if BodyLength in HTTP token is less than the received > size of HTTPS message. > > HttpBodyParserCallback function is to parse the HTTP(S) message body so as to > confirm whether there is the next message header. But it doesn't record the > parsing message data/length correctly. > > This patch is refine the parsing logic so as to fix the potential failure. > > Cc: Ye Ting > Cc: Fu Siyuan > Cc: Gary Lin > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Wu Jiaxin > Tested-by: Gary Lin Thanks for the patch. I've tested this patch with shim and grub2 from SLE15 GM, and they worked as expected. A crash in grub2 https connection is also gone after applying this patch. Thanks, Gary Lin > --- > NetworkPkg/HttpDxe/HttpImpl.c | 112 +++++++++++++++++---------------- > NetworkPkg/HttpDxe/HttpProto.c | 10 +++ > NetworkPkg/HttpDxe/HttpProto.h | 10 +++ > 3 files changed, 78 insertions(+), 54 deletions(-) > > diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c > index f70e116f38..17deceb395 100644 > --- a/NetworkPkg/HttpDxe/HttpImpl.c > +++ b/NetworkPkg/HttpDxe/HttpImpl.c > @@ -914,10 +914,11 @@ HttpBodyParserCallback ( > IN CHAR8 *Data, > IN UINTN Length, > IN VOID *Context > ) > { > + HTTP_CALLBACK_DATA *CallbackData; > HTTP_TOKEN_WRAP *Wrap; > UINTN BodyLength; > CHAR8 *Body; > > if (EventType != BodyParseEventOnComplete) { > @@ -926,25 +927,22 @@ HttpBodyParserCallback ( > > if (Data == NULL || Length != 0 || Context == NULL) { > return EFI_SUCCESS; > } > > - Wrap = (HTTP_TOKEN_WRAP *) Context; > - Body = Wrap->HttpToken->Message->Body; > - BodyLength = Wrap->HttpToken->Message->BodyLength; > + CallbackData = (HTTP_CALLBACK_DATA *) Context; > + > + Wrap = (HTTP_TOKEN_WRAP *) (CallbackData->Wrap); > + Body = CallbackData->ParseData; > + BodyLength = CallbackData->ParseDataLength; > + > if (Data < Body + BodyLength) { > Wrap->HttpInstance->NextMsg = Data; > } else { > Wrap->HttpInstance->NextMsg = NULL; > } > > - > - // > - // Free Tx4Token or Tx6Token since already received corrsponding HTTP response. > - // > - FreePool (Wrap); > - > return EFI_SUCCESS; > } > > /** > The work function of EfiHttpResponse(). > @@ -1189,33 +1187,43 @@ HttpResponseWorker ( > HttpInstance->Method, > HttpMsg->Data.Response->StatusCode, > HttpMsg->HeaderCount, > HttpMsg->Headers, > HttpBodyParserCallback, > - (VOID *) ValueInItem, > + (VOID *) (&HttpInstance->CallbackData), > &HttpInstance->MsgParser > ); > if (EFI_ERROR (Status)) { > goto Error2; > } > > // > // Check whether we received a complete HTTP message. > // > if (HttpInstance->CacheBody != NULL) { > + // > + // Record the CallbackData data. > + // > + HttpInstance->CallbackData.Wrap = (VOID *) Wrap; > + HttpInstance->CallbackData.ParseData = (VOID *) HttpInstance->CacheBody; > + HttpInstance->CallbackData.ParseDataLength = HttpInstance->CacheLen; > + > + // > + // Parse message with CallbackData data. > + // > Status = HttpParseMessageBody (HttpInstance->MsgParser, HttpInstance->CacheLen, HttpInstance->CacheBody); > if (EFI_ERROR (Status)) { > goto Error2; > } > + } > > - if (HttpIsMessageComplete (HttpInstance->MsgParser)) { > - // > - // Free the MsgParse since we already have a full HTTP message. > - // > - HttpFreeMsgParser (HttpInstance->MsgParser); > - HttpInstance->MsgParser = NULL; > - } > + if (HttpIsMessageComplete (HttpInstance->MsgParser)) { > + // > + // Free the MsgParse since we already have a full HTTP message. > + // > + HttpFreeMsgParser (HttpInstance->MsgParser); > + HttpInstance->MsgParser = NULL; > } > } > > if ((HttpMsg->Body == NULL) || (HttpMsg->BodyLength == 0)) { > Status = EFI_SUCCESS; > @@ -1330,16 +1338,30 @@ HttpResponseWorker ( > if (EFI_ERROR (Status)) { > goto Error2; > } > > // > - // Check whether we receive a complete HTTP message. > + // Process the received the body packet. > + // > + HttpMsg->BodyLength = MIN (Fragment.Len, (UINT32) HttpMsg->BodyLength); > + > + CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); > + > + // > + // Record the CallbackData data. > + // > + HttpInstance->CallbackData.Wrap = (VOID *) Wrap; > + HttpInstance->CallbackData.ParseData = HttpMsg->Body; > + HttpInstance->CallbackData.ParseDataLength = HttpMsg->BodyLength; > + > + // > + // Parse Body with CallbackData data. > // > Status = HttpParseMessageBody ( > HttpInstance->MsgParser, > - (UINTN) Fragment.Len, > - (CHAR8 *) Fragment.Bulk > + HttpMsg->BodyLength, > + HttpMsg->Body > ); > if (EFI_ERROR (Status)) { > goto Error2; > } > > @@ -1350,50 +1372,32 @@ HttpResponseWorker ( > HttpFreeMsgParser (HttpInstance->MsgParser); > HttpInstance->MsgParser = NULL; > } > > // > - // We receive part of header of next HTTP msg. > + // Check whether there is the next message header in the HttpMsg->Body. > // > if (HttpInstance->NextMsg != NULL) { > - HttpMsg->BodyLength = MIN ((UINTN) HttpInstance->NextMsg - (UINTN) Fragment.Bulk, HttpMsg->BodyLength); > - CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); > - > - HttpInstance->CacheLen = Fragment.Len - HttpMsg->BodyLength; > - if (HttpInstance->CacheLen != 0) { > - if (HttpInstance->CacheBody != NULL) { > - FreePool (HttpInstance->CacheBody); > - } > - > - HttpInstance->CacheBody = AllocateZeroPool (HttpInstance->CacheLen); > - if (HttpInstance->CacheBody == NULL) { > - Status = EFI_OUT_OF_RESOURCES; > - goto Error2; > - } > - > - CopyMem (HttpInstance->CacheBody, Fragment.Bulk + HttpMsg->BodyLength, HttpInstance->CacheLen); > - HttpInstance->CacheOffset = 0; > + HttpMsg->BodyLength = HttpInstance->NextMsg - (CHAR8 *) HttpMsg->Body; > + } > > - HttpInstance->NextMsg = HttpInstance->CacheBody + ((UINTN) HttpInstance->NextMsg - (UINTN) (Fragment.Bulk + HttpMsg->BodyLength)); > + HttpInstance->CacheLen = Fragment.Len - HttpMsg->BodyLength; > + if (HttpInstance->CacheLen != 0) { > + if (HttpInstance->CacheBody != NULL) { > + FreePool (HttpInstance->CacheBody); > } > - } else { > - HttpMsg->BodyLength = MIN (Fragment.Len, (UINT32) HttpMsg->BodyLength); > - CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); > - HttpInstance->CacheLen = Fragment.Len - HttpMsg->BodyLength; > - if (HttpInstance->CacheLen != 0) { > - if (HttpInstance->CacheBody != NULL) { > - FreePool (HttpInstance->CacheBody); > - } > > - HttpInstance->CacheBody = AllocateZeroPool (HttpInstance->CacheLen); > - if (HttpInstance->CacheBody == NULL) { > - Status = EFI_OUT_OF_RESOURCES; > - goto Error2; > - } > + HttpInstance->CacheBody = AllocateZeroPool (HttpInstance->CacheLen); > + if (HttpInstance->CacheBody == NULL) { > + Status = EFI_OUT_OF_RESOURCES; > + goto Error2; > + } > > - CopyMem (HttpInstance->CacheBody, Fragment.Bulk + HttpMsg->BodyLength, HttpInstance->CacheLen); > - HttpInstance->CacheOffset = 0; > + CopyMem (HttpInstance->CacheBody, Fragment.Bulk + HttpMsg->BodyLength, HttpInstance->CacheLen); > + HttpInstance->CacheOffset = 0; > + if (HttpInstance->NextMsg != NULL) { > + HttpInstance->NextMsg = HttpInstance->CacheBody; > } > } > > if (Fragment.Bulk != NULL) { > FreePool (Fragment.Bulk); > diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c > index 5356cd35c0..94f89f5665 100644 > --- a/NetworkPkg/HttpDxe/HttpProto.c > +++ b/NetworkPkg/HttpDxe/HttpProto.c > @@ -195,10 +195,20 @@ HttpTcpReceiveNotifyDpc ( > Length = (UINTN) Wrap->TcpWrap.Rx6Data.FragmentTable[0].FragmentLength; > } else { > Length = (UINTN) Wrap->TcpWrap.Rx4Data.FragmentTable[0].FragmentLength; > } > > + // > + // Record the CallbackData data. > + // > + HttpInstance->CallbackData.Wrap = (VOID *) Wrap; > + HttpInstance->CallbackData.ParseData = Wrap->HttpToken->Message->Body; > + HttpInstance->CallbackData.ParseDataLength = Length; > + > + // > + // Parse Body with CallbackData data. > + // > Status = HttpParseMessageBody ( > HttpInstance->MsgParser, > Length, > Wrap->HttpToken->Message->Body > ); > diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h > index cc6c1eb566..fa57dbfd39 100644 > --- a/NetworkPkg/HttpDxe/HttpProto.h > +++ b/NetworkPkg/HttpDxe/HttpProto.h > @@ -89,10 +89,19 @@ typedef struct { > EFI_TLS_CONNECTION_END ConnectionEnd; > EFI_TLS_VERIFY VerifyMethod; > EFI_TLS_SESSION_STATE SessionState; > } TLS_CONFIG_DATA; > > +// > +// Callback data for HTTP_PARSER_CALLBACK() > +// > +typedef struct { > + UINTN ParseDataLength; > + VOID *ParseData; > + VOID *Wrap; > +} HTTP_CALLBACK_DATA; > + > typedef struct _HTTP_PROTOCOL { > UINT32 Signature; > EFI_HTTP_PROTOCOL Http; > EFI_HANDLE Handle; > HTTP_SERVICE *Service; > @@ -147,10 +156,11 @@ typedef struct _HTTP_PROTOCOL { > > // > // HTTP message-body parser. > // > VOID *MsgParser; > + HTTP_CALLBACK_DATA CallbackData; > > EFI_HTTP_VERSION HttpVersion; > UINT32 TimeOutMillisec; > BOOLEAN LocalAddressIsIPv6; > > -- > 2.17.1.windows.2 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel >