From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web11.2281.1587719649691120827
 for <devel@edk2.groups.io>;
 Fri, 24 Apr 2020 02:14:09 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: shenglei.zhang@intel.com)
IronPort-SDR: ODP+KWtd8NUu4eWgj79GgI2P5RQAK5bviWyKK0rBShCZZIPkuArQr4JAL1QVw7FGEaMROG7t1N
 nfQ7J1UptFvw==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2020 02:14:08 -0700
IronPort-SDR: Yzq44xUe/iPRqhFDBQNujWBY1fUXmwTvdSlxrTEH/8brPdtUfMcl9g+HsArK/KjjEZcsSUa4U5
 gxAFjXgOORJg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,311,1583222400"; 
   d="scan'208";a="259753386"
Received: from shenglei-dev.ccr.corp.intel.com ([10.239.158.52])
  by orsmga006.jf.intel.com with ESMTP; 24 Apr 2020 02:14:07 -0700
From: "Zhang, Shenglei" <shenglei.zhang@intel.com>
To: devel@edk2.groups.io
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>,
	Jiaxin Wu <jiaxin.wu@intel.com>,
	Siyuan Fu <siyuan.fu@intel.com>
Subject: [PATCH] NetworkPkg/IScsiDxe: Enhance the check for array boundary
Date: Fri, 24 Apr 2020 17:13:56 +0800
Message-Id: <20200424091356.157536-1-shenglei.zhang@intel.com>
X-Mailer: git-send-email 2.18.0.windows.1

Array 'TargetUrl' of size 255 may use index value(s) 255 and 256.
So enhance the boundary check to ensure the index is valid.

Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
---
 NetworkPkg/IScsiDxe/IScsiDhcp.c  | 2 +-
 NetworkPkg/IScsiDxe/IScsiDhcp6.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/NetworkPkg/IScsiDxe/IScsiDhcp.c b/NetworkPkg/IScsiDxe/IScsiDhcp.c
index 7ce9bf575012..afa8a86cd419 100644
--- a/NetworkPkg/IScsiDxe/IScsiDhcp.c
+++ b/NetworkPkg/IScsiDxe/IScsiDhcp.c
@@ -122,7 +122,7 @@ IScsiDhcpExtractRootPath (
   //
   if ((!NET_IS_DIGIT (*(Field->Str))) && (*(Field->Str) != '[')) {
     ConfigNvData->DnsMode = TRUE;
-    if (Field->Len > sizeof (ConfigNvData->TargetUrl)) {
+    if ((Field->Len + 2) > sizeof (ConfigNvData->TargetUrl)) {
       return EFI_INVALID_PARAMETER;
     }
     CopyMem (&ConfigNvData->TargetUrl, Field->Str, Field->Len);
diff --git a/NetworkPkg/IScsiDxe/IScsiDhcp6.c b/NetworkPkg/IScsiDxe/IScsiDhcp6.c
index 86a872adeccc..691650b7334f 100644
--- a/NetworkPkg/IScsiDxe/IScsiDhcp6.c
+++ b/NetworkPkg/IScsiDxe/IScsiDhcp6.c
@@ -161,7 +161,7 @@ IScsiDhcp6ExtractRootPath (
   // Server name is expressed as domain name, just save it.
   //
   if (ConfigNvData->DnsMode) {
-    if (Field->Len > sizeof (ConfigNvData->TargetUrl)) {
+    if ((Field->Len + 2) > sizeof (ConfigNvData->TargetUrl)) {
       return EFI_INVALID_PARAMETER;
     }
     CopyMem (&ConfigNvData->TargetUrl, Field->Str, Field->Len);
-- 
2.18.0.windows.1