From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Jiaxin.wu@intel.com>
Received-SPF: Permerror (SPF Permanent Error: Two or more type TXT spf records
 found.) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com;
 envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 24C1F21A00AE6
 for <edk2-devel@lists.01.org>; Tue,  4 Sep 2018 00:17:27 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 04 Sep 2018 00:17:27 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,328,1531810800"; d="scan'208";a="77784557"
Received: from jiaxinwu-mobl.ccr.corp.intel.com ([10.239.192.161])
 by FMSMGA003.fm.intel.com with ESMTP; 04 Sep 2018 00:17:25 -0700
From: Jiaxin Wu <Jiaxin.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Stephen Benjamin <stephen@redhat.com>, Laszlo Ersek <lersek@redhat.com>,
 Ye Ting <ting.ye@intel.com>, Fu Siyuan <siyuan.fu@intel.com>,
 Wu Jiaxin <jiaxin.wu@intel.com>
Date: Tue,  4 Sep 2018 15:17:22 +0800
Message-Id: <20180904071722.7728-1-Jiaxin.wu@intel.com>
X-Mailer: git-send-email 2.17.1.windows.2
Subject: [Patch] MdeModulePkg/Library/DxeHttpLib: Handle the blank value in HTTP header.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Sep 2018 07:17:28 -0000

This patch is to resolve the lock-up issue if the value of HTTP header
is blank.  The issue is recorded @
https://bugzilla.tianocore.org/show_bug.cgi?id=1102.

Cc: Stephen Benjamin <stephen@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c | 57 +++++++++++++++-----
 1 file changed, 44 insertions(+), 13 deletions(-)

diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
index 5fbb50d03a..2fc3da8a2d 100644
--- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -1595,63 +1595,94 @@ HttpGetFieldNameAndValue (
     return NULL;
   }
 
   //
   // Each header field consists of a name followed by a colon (":") and the field value.
+  // The field value MAY be preceded by any amount of LWS, though a single SP is preferred.
+  //
+  // message-header = field-name ":" [ field-value ]
+  // field-name = token
+  // field-value = *( field-content | LWS )
+  //
+  // Note: "*(element)" allows any number element, including zero; "1*(element)" requires at least one element.
+  //       [element] means element is optional.
+  //       LWS  = [CRLF] 1*(SP|HT), it can be ' ' or '\t' or '\r\n ' or '\r\n\t'.
+  //       CRLF = '\r\n'.
+  //       SP   = ' '.
+  //       HT   = '\t' (Tab).
   //
   FieldNameStr = String;
   FieldValueStr = AsciiStrGetNextToken (FieldNameStr, ':');
   if (FieldValueStr == NULL) {
     return NULL;
   }
 
   //
-  // Replace ':' with 0
+  // Replace ':' with 0, then FieldName has been retrived from String.
   //
   *(FieldValueStr - 1) = 0;
 
   //
-  // The field value MAY be preceded by any amount of LWS, though a single SP is preferred.
-  // Note: LWS  = [CRLF] 1*(SP|HT), it can be '\r\n ' or '\r\n\t' or ' ' or '\t'.
-  //       CRLF = '\r\n'.
-  //       SP   = ' '.
-  //       HT   = '\t' (Tab).
+  // Handle FieldValueStr, skip all the preceded LWS.
   //
   while (TRUE) {
     if (*FieldValueStr == ' ' || *FieldValueStr == '\t') {
       //
       // Boundary condition check.
       //
       if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 1) {
+        //
+        // Wrong String format!
+        //
         return NULL;
       }
 
       FieldValueStr ++;
     } else if (*FieldValueStr == '\r') {
       //
       // Boundary condition check.
       //
       if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 3) {
-        return NULL;
+        //
+        // No more preceded LWS, so break here.
+        //
+        break;
       }
 
-      if (*(FieldValueStr + 1) == '\n' && (*(FieldValueStr + 2) == ' ' || *(FieldValueStr + 2) == '\t')) {
-        FieldValueStr = FieldValueStr + 3;
+      if (*(FieldValueStr + 1) == '\n' ) {
+        if (*(FieldValueStr + 2) == ' ' || *(FieldValueStr + 2) == '\t') {
+          FieldValueStr = FieldValueStr + 3;
+        } else {
+          //
+          // No more preceded LWS, so break here.
+          //
+          break;
+        }
+      } else {
+        //
+        // Wrong String format!
+        //
+        return NULL;
       }
     } else {
+      //
+      // No more preceded LWS, so break here.
+      //
       break;
     }
   }
 
-  //
-  // Header fields can be extended over multiple lines by preceding each extra
-  // line with at least one SP or HT.
-  //
   StrPtr = FieldValueStr;
   do {
+    //
+    // Handle the LWS within the field value.
+    //
     StrPtr = AsciiStrGetNextToken (StrPtr, '\r');
     if (StrPtr == NULL || *StrPtr != '\n') {
+      //
+      // Wrong String format!
+      //
       return NULL;
     }
 
     StrPtr++;
   } while (*StrPtr == ' ' || *StrPtr == '\t');
-- 
2.17.1.windows.2