From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web10.156504.1669743216473458054
 for <devel@edk2.groups.io>;
 Tue, 29 Nov 2022 09:33:36 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=ds5I9Gm8;
 spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com)
Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id 5D8A320B717A;
	Tue, 29 Nov 2022 09:33:35 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 5D8A320B717A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1669743216;
	bh=X0tmsLdFxYkTLrSF9qRiXK6lyWYLmDHIamjQ9RgtSLw=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ds5I9Gm8brbeDuLW7Kx4RdQ2/E0DOB6AVet4bB/bDy2JYOerpCyIBGRo04hjVMrEV
	 gghzYT+31BwGyA04r78pT8mXL8yRITsw/t1hGvkJJrBGzMEWaFahW1fL+IoLXm7ovE
	 SB8woJ+5DzD+3QANx12fkmXkDnsTgOuVs5hcOLrg=
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Erich McMillan <emcmillan@microsoft.com>,
	Jiaxin Wu <jiaxin.wu@intel.com>,
	Maciej Rabeda <maciej.rabeda@linux.intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>,
	Siyuan Fu <siyuan.fu@intel.com>
Subject: [PATCH v2 07/12] NetworkPkg: Fix conditionally uninitialized variables
Date: Tue, 29 Nov 2022 12:32:41 -0500
Message-Id: <20221129173246.2182-8-mikuback@linux.microsoft.com>
X-Mailer: git-send-email 2.28.0.windows.1
In-Reply-To: <20221129173246.2182-1-mikuback@linux.microsoft.com>
References: <20221129173246.2182-1-mikuback@linux.microsoft.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Michael Kubacki <michael.kubacki@microsoft.com>

Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html

Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Co-authored-by: Erich McMillan <emcmillan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
 NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 2 +-
 NetworkPkg/TcpDxe/TcpInput.c               | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c b/NetworkPkg/Libr=
ary/DxeHttpLib/DxeHttpLib.c
index 6a5d78629bb3..21813463aa4f 100644
--- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -753,7 +753,7 @@ HttpUrlGetPort (
=20
   Status =3D  AsciiStrDecimalToUintnS (Url + Parser->FieldData[HTTP_URI_=
FIELD_PORT].Offset, (CHAR8 **)NULL, &Data);
=20
-  if (Data > HTTP_URI_PORT_MAX_NUM) {
+  if (EFI_ERROR (Status) || (Data > HTTP_URI_PORT_MAX_NUM)) {
     Status =3D EFI_INVALID_PARAMETER;
     goto ON_EXIT;
   }
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
index fb1aa827f8ba..7b329be64dfe 100644
--- a/NetworkPkg/TcpDxe/TcpInput.c
+++ b/NetworkPkg/TcpDxe/TcpInput.c
@@ -1570,6 +1570,9 @@ TcpIcmpInput (
   BOOLEAN     IcmpErrIsHard;
   BOOLEAN     IcmpErrNotify;
=20
+  IcmpErrIsHard =3D FALSE;
+  IcmpErrNotify =3D FALSE;
+
   if (Nbuf->TotalSize < sizeof (TCP_HEAD)) {
     goto CLEAN_EXIT;
   }
--=20
2.28.0.windows.1