From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.1669.1687758043426233141 for ; Sun, 25 Jun 2023 22:40:44 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=IFMTUr1Z; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687758043; x=1719294043; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=rXhb2hAt3r7wH6ndUjjv+i+PJdZx1El9Dw9TyQHlHGM=; b=IFMTUr1Znyo5brHe357zcMKK0+jz9vA7kEg4PO/63PGBGc0LvEDhX+R0 HpmbocpglW0ho2Tasa3kd7ejvX70CdYOVL/Riaogb5yPJVKvx7DtHdHi0 Xg8x7fmhgg9ZnbBLtkPNV8bAd0Kf2w+qiaT00pUK2Sht7rVLpgDDNOA6t 4BnsWnxVek+e9qm3sJkwqEIuk6SCHX/XFtZ5dycLJakNiLT+Y4WmMaoTK 9j9nPZod3CnlPdpg/+txM+Tnie0n5WsRXWe9MckGftboCXJGu7iZXPPsx uopj+4KspTwYecD6HUouHsMzD/Vdg8WGgGnbGU3nppmRqyfmTIUUoR9o6 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10752"; a="424850625" X-IronPort-AV: E=Sophos;i="6.01,158,1684825200"; d="scan'208";a="424850625" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2023 22:40:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10752"; a="710108524" X-IronPort-AV: E=Sophos;i="6.01,158,1684825200"; d="scan'208";a="710108524" Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.10]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2023 22:40:41 -0700 From: "Li, Yi" To: devel@edk2.groups.io Cc: Yi Li , Maciej Rabeda , Zachary Clark-Williams Subject: [PATCH V3] NetworkPkg: Correct the length of EAP Identity when in ASCII format Date: Mon, 26 Jun 2023 13:40:34 +0800 Message-Id: <20230626054034.2346-1-yi1.li@intel.com> X-Mailer: git-send-email 2.31.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit FIX: https://bugzilla.tianocore.org/show_bug.cgi?id=4477 Tls connection fail over WiFi in AMT OCR flow due to invalid identity. This was due to missing conversion between unicode and ascii string which resulted in invalid strlen. Cc: Maciej Rabeda Cc: Zachary Clark-Williams Signed-off-by: Yi Li --- .../WifiConnectionMgrImpl.c | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c index 2e596c1981..d1182e52bd 100644 --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c @@ -572,15 +572,28 @@ WifiMgrConfigEap ( // Set Identity to Eap peer, Mandatory field for PEAP and TTLS // if (StrLen (Profile->EapIdentity) > 0) { - IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1); - Identity = AllocateZeroPool (IdentitySize); + Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol); + if (!EFI_ERROR (Status)) { + // + // Max size of EapIdentity ::= sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::= 2 * EAP_IDENTITY_SIZE + // + IdentitySize = sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *)Profile->EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1); + } else { + IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1); + } + + Identity = AllocateZeroPool (IdentitySize); if (Identity == NULL) { return EFI_OUT_OF_RESOURCES; } - Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol); if (!EFI_ERROR (Status)) { - CopyMem (Identity, &Profile->EapIdentity, IdentitySize); + // + // The size of Identity from Username may equal + // to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=128 bytes), + // so here only valid characters except NULL characters are copied. + // + CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1); } else { UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize); } -- 2.31.1.windows.1