From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120])
 by mx.groups.io with SMTP id smtpd.web12.2109.1572068268956202917
 for <devel@edk2.groups.io>;
 Fri, 25 Oct 2019 22:37:49 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KEmjZO0k;
 spf=pass (domain: redhat.com, ip: 207.211.31.120, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1572068268;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=LNL+4Dng3YYDagD7j/PomOD6Bz4n5ltEZe9e7Bb41kA=;
	b=KEmjZO0kUnAC5dXHRth/bhlibfOBnoNWB6VzP/fVYzoQD+BHH2Z1DprGN+UdNPR3pFGU+f
	wbbu/4VGXeXJdgGri6wVhnO4BbS3KTzaQe/da/bKGlt/CSCZtpXbjJ5oo6+CvQJMBQ62mr
	JCODOQKqBbRnUjnhXLGunACmnNqsLTg=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-171-8KM3Sy7uPcuryBOalap9gg-1; Sat, 26 Oct 2019 01:37:46 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A017C800D4C;
	Sat, 26 Oct 2019 05:37:44 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26])
	by smtp.corp.redhat.com (Postfix) with ESMTP id AE78C5D9CA;
	Sat, 26 Oct 2019 05:37:42 +0000 (UTC)
From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: David Woodhouse <dwmw2@infradead.org>,
	Jian J Wang <jian.j.wang@intel.com>,
	Jiaxin Wu <jiaxin.wu@intel.com>,
	Sivaraman Nainar <sivaramann@amiindia.co.in>,
	Xiaoyu Lu <xiaoyux.lu@intel.com>
Subject: [PATCH v2 8/8] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553)
Date: Sat, 26 Oct 2019 07:37:19 +0200
Message-Id: <20191026053719.10453-9-lersek@redhat.com>
In-Reply-To: <20191026053719.10453-1-lersek@redhat.com>
References: <20191026053719.10453-1-lersek@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-MC-Unique: 8KM3Sy7uPcuryBOalap9gg-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

From: "Wu, Jiaxin" <jiaxin.wu@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960
CVE: CVE-2019-14553
Set the HostName by consuming TLS protocol to enable the host name
check so as to avoid the potential Man-In-The-Middle attack.

Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    v2:
    - fix whitespace in subject line
    - drop Contributed-under line per BZ#1373

 NetworkPkg/HttpDxe/HttpProto.h    |  1 +
 NetworkPkg/HttpDxe/HttpsSupport.c | 21 ++++++++++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.=
h
index 6e1f51748a73..34308e016d3e 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -81,8 +81,9 @@ typedef struct {
 typedef struct {
   EFI_TLS_VERSION               Version;
   EFI_TLS_CONNECTION_END        ConnectionEnd;
   EFI_TLS_VERIFY                VerifyMethod;
+  EFI_TLS_VERIFY_HOST           VerifyHost;
   EFI_TLS_SESSION_STATE         SessionState;
 } TLS_CONFIG_DATA;
=20
 //
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu=
pport.c
index 988bbcbce7d8..5dfb13bd6021 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -622,15 +622,18 @@ TlsConfigureSession (
=20
   //
   // TlsConfigData initialization
   //
-  HttpInstance->TlsConfigData.ConnectionEnd =3D EfiTlsClient;
-  HttpInstance->TlsConfigData.VerifyMethod =3D EFI_TLS_VERIFY_PEER;
-  HttpInstance->TlsConfigData.SessionState =3D EfiTlsSessionNotStarted;
+  HttpInstance->TlsConfigData.ConnectionEnd       =3D EfiTlsClient;
+  HttpInstance->TlsConfigData.VerifyMethod        =3D EFI_TLS_VERIFY_PEER;
+  HttpInstance->TlsConfigData.VerifyHost.Flags    =3D EFI_TLS_VERIFY_FLAG_=
NO_WILDCARDS;
+  HttpInstance->TlsConfigData.VerifyHost.HostName =3D HttpInstance->Remote=
Host;
+  HttpInstance->TlsConfigData.SessionState        =3D EfiTlsSessionNotStar=
ted;
=20
   //
   // EfiTlsConnectionEnd,
-  // EfiTlsVerifyMethod
+  // EfiTlsVerifyMethod,
+  // EfiTlsVerifyHost,
   // EfiTlsSessionState
   //
   Status =3D HttpInstance->Tls->SetSessionData (
                                 HttpInstance->Tls,
@@ -651,8 +654,18 @@ TlsConfigureSession (
   if (EFI_ERROR (Status)) {
     return Status;
   }
=20
+  Status =3D HttpInstance->Tls->SetSessionData (
+                                HttpInstance->Tls,
+                                EfiTlsVerifyHost,
+                                &HttpInstance->TlsConfigData.VerifyHost,
+                                sizeof (EFI_TLS_VERIFY_HOST)
+                                );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
   Status =3D HttpInstance->Tls->SetSessionData (
                                 HttpInstance->Tls,
                                 EfiTlsSessionState,
                                 &(HttpInstance->TlsConfigData.SessionState=
),
--=20
2.19.1.3.g30247aa5d201