From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B9244740047 for ; Fri, 10 May 2024 11:04:44 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=4uQGpxQdXbM1uDRqKi8gRWJD3b9W8U97o12hO9H90iw=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1715339083; v=1; b=x6bnQfskVKiykSVrVM9qDbp57NPvezzFaYRvrQ0d1N3n50Gt/QqyBcQJUSRvMjZs6VKX4aqk vvvpQ6BslII+QmiOrZ0+XaSEBhllbZapnburVfEZqUq3hIBYyYq0gRlP2FTW+6tbsd/9PG147oo XxknLVzshOjjyRZnDE4JpppQX78HnWnYo1cbfoPs4lo2sIoBOwoVK4e4hMYuzKGUmuZdOSQOtgI tdXcLM7ID2ZeH0AVlEdCVqUNSKbj/qn1nxbFyvGZ3l/N1bFaDslw5v+jGNf4yTxgQnx7fnRA3pV DoBBzEGY3lBM/MfoqBPZCCmTf2GdmQQpfdzULYfRqNFgg== X-Received: by 127.0.0.2 with SMTP id 0eGMYY7687511xwsQz9K5iTO; Fri, 10 May 2024 04:04:43 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.139]) by mx.groups.io with SMTP id smtpd.web10.10127.1715339082139744219 for ; Fri, 10 May 2024 04:04:42 -0700 X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com (2603:10b6:5:3ab::11) by DS0PR10MB6269.namprd10.prod.outlook.com (2603:10b6:8:d3::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.47; Fri, 10 May 2024 11:04:40 +0000 X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com ([fe80::8150:88f6:2efe:6242]) by DS7PR10MB5375.namprd10.prod.outlook.com ([fe80::8150:88f6:2efe:6242%7]) with mapi id 15.20.7544.048; Fri, 10 May 2024 11:04:40 +0000 From: "Santhosh Kumar V via groups.io" To: "devel@edk2.groups.io" , Santhosh Kumar V CC: Sivaraman Nainar , Raj V Akilan Subject: [edk2-devel] [PATCH] NetworkPkg:HttpDxe:CoverityIssues Thread-Topic: [PATCH] NetworkPkg:HttpDxe:CoverityIssues Thread-Index: AQHaosna+ravj+xYUEWJgLPt9hqZXQ== Date: Fri, 10 May 2024 11:04:40 +0000 Message-ID: <20240510110436.1542-1-santhoshkumarv@ami.com> Accept-Language: en-US, en-IN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DS7PR10MB5375:EE_|DS0PR10MB6269:EE_ x-ms-office365-filtering-correlation-id: 3aa64241-47bb-4ed8-49c3-08dc70e0fd34 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?iso-8859-1?Q?uL0qkmFnmCQV9m1q95DINuNJM3wslvdPmYh/WTsJfvjlq/lxsW2mgwFFh8?= =?iso-8859-1?Q?HuK9qDyLGlA/Pa5S7MgV39O88vvbbX7hIrENR0h5s5ZfSCaWblb89N5JyG?= =?iso-8859-1?Q?HJOpd/tsLkKzVJD1p01OX/J6FVLRlxeoepYrMZz5sgMiZfGNSeR+RslJkx?= =?iso-8859-1?Q?PZa/cwk2k2NbIOlD5UncDF4yMUIF7xWwC/lhyRRvmdjnU7dsJP+082Zj54?= =?iso-8859-1?Q?qhIhX9MfTKqlFWfN3ycIykyeM+uvn3eGBPRyMBJaOQNN+N6Jd8wMP9tTJT?= =?iso-8859-1?Q?W+hv3nbMHfhYgIxT3d7Nnq7F1nNHLVGEaafBbsCLcHAzj0Fm0J9s92+V3g?= =?iso-8859-1?Q?x5mm97rV65jBcXr+e2WUPLcjvj03WrDVyP/ySDwgGbXcib8KeUFwKUcI+f?= =?iso-8859-1?Q?z8X6DFBVhbtDr9xTWizqlq9bjsq7si4LBn4mHRQ3hE5ClHtkKJyAsn6CzP?= =?iso-8859-1?Q?V+H7H6WhWVLHZo/PpWAjJn0PiOdF0311DkBOh7tLd/kh9HhKs7vuK+TCGm?= =?iso-8859-1?Q?I1my/pFdwtH0Pf1A5ewoah/g6KWOYsPn+eeB65GiLi7w0P88H3WsyAlEHR?= =?iso-8859-1?Q?6o/TToveJIC8ZVKQtL61nPMHpW7PmHexPZgT1tWtWDqi+GlG52w+Ets3Em?= =?iso-8859-1?Q?+hJ0WVckgu3hEDJrA9bB+2wSscYezL6STDRBDpiKSBEaccWxoFbXaWNLYE?= =?iso-8859-1?Q?5yZW0XVW0yr7/ZWLL+47aL91yWTFdeNy6pn3SbGC33M0BUZ9Dc2YBN5X7z?= =?iso-8859-1?Q?/0ClIwIOVwCWmoggYjX++0Yuwz5aqAFpdY2gdRKgdunf08pePiNWFJM30P?= =?iso-8859-1?Q?ZpOE0neTT7UMXRB2IJFQ9JPkGFX4S8U8k8NJwkYXIv5j/4xkcP+RmiUv3w?= =?iso-8859-1?Q?WxIi8uyztJp7I30V34lxnRCcpkx8Iuh+iSbs6vUP1LbgTnEViT3wNrBX2E?= =?iso-8859-1?Q?Uxdo09p/53c8gWH3dBGGbEI9ziPDe5i1pSyQC2dZe8VJqa5b/4S+AR3NzB?= =?iso-8859-1?Q?eVfC1UYUkUMdUhaQ693CQ6PUgYR23zOCOYpZBGLKDOqJ9AHaobh6tVEatU?= =?iso-8859-1?Q?/j7SNKQ5rw6Zn+PS65MSObkjOyWXqbaK6vEmBna40PIXu88kO0oE2viCrs?= =?iso-8859-1?Q?+DxbKnRiv4nPqJ9J+ea1ZD2BkUOK9zANs9aGiByTR/I4mHRFoYdQPmDaBk?= =?iso-8859-1?Q?gshzk97n3oF8hRRIXzID6NOP7QFilsCGYIfMxkPVX1M99Bo3jJWkG8Fj38?= =?iso-8859-1?Q?/cRpBZY1FCIdxnnRoc+0qGIsiTBT56ABdl5W9G9lt8BqJh/+rXM6pA7PMj?= =?iso-8859-1?Q?Y1qiZoEzpxWKSEYj6aak0Il6lqpL0VPMlN10KOU8VH1blSAzCH3DXlLnu5?= =?iso-8859-1?Q?hUizFi08lpnMYwqIsCOn+DeWEBaEvyyA=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?68cZ+KLOq9XsTitQDEX5ocUJcjNEbdn1LoP3xnva1KjM6cNgUqSjmFAqxm?= =?iso-8859-1?Q?46KSEzqdoh2JylibTUdELdx9MqhwvMaAPOv5wKG6yKxr5PpuQDunPc8Whi?= =?iso-8859-1?Q?GesObdESLWnGox1MCuLlT/GzYG0LK/NHQPNdUutJmrudeH03bOwZE7it/1?= =?iso-8859-1?Q?1ab5T4gcGSSIWhRQutkt1fRwL0m4OWTWSUDK8O39MZXgIRpE5jMFXPVUza?= =?iso-8859-1?Q?EE5I5cpqQf70IDfaDV18jzgixGrOz+o7gw3ifUw9PgpjPRuFZd39Dq5oQI?= =?iso-8859-1?Q?ajL8+STakrJA7jqt/e0MpFK7ijDikjApRXx1W3vwuDhTdMZXMd7Z4rOQ24?= =?iso-8859-1?Q?uIKb0V2nxYYhF01VYMYDZiQeASukMaWBHYAQTi4doji5d9CwJVPRAal8AT?= =?iso-8859-1?Q?NjdU2s/ieziS//dze3e0sL0Jkfhva9fwbdXiCHBJejfvN8nehuXO0SfePe?= =?iso-8859-1?Q?oW1wgWaxSOa3ZOzKxCZmHygppdUrF6Y8FsRCPSQuVkHxzqxbd2kSAIC2SX?= =?iso-8859-1?Q?Gn2PCuRi5M5A78nV0JaEQuXhOmC26M/bYVxcfKc8Poz+YFjjF+YGX3pp8n?= =?iso-8859-1?Q?8E6949Obeem6eV9VnPLDzEBAZ97vL8DI4qv//TKdnmW5+V4pqHauhfp5tc?= =?iso-8859-1?Q?TycqdshLLkI5XWoCDNvg0vtqmevJqjlLQKW/9KBSJFgOpeSipyvfoaIvt4?= =?iso-8859-1?Q?46M0owFRH8+0J1Lw1W1BKrqi+kaHM91yjSpquTHsJAmlPdC8CWs2v4HHvA?= =?iso-8859-1?Q?MHKeUnWAPKUGoUYORMIvPrrH2+JhWx2bS5JgiG9WHZGepBLUIvzU9vUgt3?= =?iso-8859-1?Q?g2g9HlGCcu92X1ccH+hhQwNqMNkBdMAHJjLs9VP28OVj6imB5Q/T4xRgVT?= =?iso-8859-1?Q?esgG54n42scqWC9Vc/HrpKDh4m4ubPslKIarjBof55tASLiy7F6uvCWVFv?= =?iso-8859-1?Q?pms+baP6m0EET3ifDU8M1EXyGqh8Qt+8mt6Haq3/EF8tVTVyvBQn6FIlPv?= =?iso-8859-1?Q?Fiv7/O/or6ptvqSI+WghRpCaMo+5umc7DhH8rc09o2y/u0zfwbzJKL/kcZ?= =?iso-8859-1?Q?oh0rI3Cv9D20GjoL1i5u3mtC0vlzthWOiZvA8Ud9kfLbbs9WuB338WWO93?= =?iso-8859-1?Q?6FqwrF5CulFdddtg7zfJ6dpzf4HC2mfv5K1tOxvLFz4LmQs1ETTanrV4Kd?= =?iso-8859-1?Q?jMJuO5rEPLHRyS8sRvWMl+Fab+TjaripSm0lrq8PAr+EwZU/Kon7CXqIOP?= =?iso-8859-1?Q?slsoAZjb2qDIZxcy1Ofnc2PpbpzeFuowCSpYPra9pprvxPjBoiwI06+YJm?= =?iso-8859-1?Q?NX9ZMo7tpE6PCwqPoscF36NRKsbE6F+tDjjR1cWg8q4DB8igP4bUtPuHqW?= =?iso-8859-1?Q?YvG1zAQUE84U8JvziScHSRnFc7oBPni+yoMxGQjidx/RVBq+CSzCGFgOo3?= =?iso-8859-1?Q?0/n24qP1Kd2AV00WQG0asLNcNK7Xe97aVIHjr3Na9hwbrUKWfo1qInhPO8?= =?iso-8859-1?Q?oC1GA4NNvINw7NyJHat1+iLQCoujYUB5GYO4p2gpy53B4d7sGlNJJNvZtN?= =?iso-8859-1?Q?elmqug9UDgFx4qnpqLsF6z+77K5lfU2m5HHp4Uoh0eEJp29ES0mo74VFb0?= =?iso-8859-1?Q?OgvqvdrO2Jp7E2x51Uay6irIsQrmEhkLcAcmBbOlNXsNqQdAlJi4/SDA?= =?iso-8859-1?Q?=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: ami.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DS7PR10MB5375.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3aa64241-47bb-4ed8-49c3-08dc70e0fd34 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2024 11:04:40.2692 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 27e97857-e15f-486c-b58e-86c2b3040f93 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: m+xLciGw9vMFm9bJOiwvYiARo4Vd0UnHLWTzADOX5rieHRWKHQ1S57RoLnUImS8hn5yQPLM4gG0xUCiKpiNf0g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR10MB6269 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 10 May 2024 04:04:42 -0700 Resent-From: santhoshkumarv@ami.com Reply-To: devel@edk2.groups.io,santhoshkumarv@ami.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: wDJT8fqMGxWbIIDFrp3BFaX3x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=x6bnQfsk; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Resolved Coverity Issues in Http Dxe 1.HttpResponseWorker(DEADCODE) The result of pointer arithmetic "HttpHeaders + AsciiStrLen("HTTP/1.1") + 1= " is never null. 2.HttpDns4 (DEAD LOOP) Coverity reports dead loop error since IsDone is always false ,In Some scen= ario it might not update the to true 3.HttpsSupport.c (NULL_RETURNS) NetbufAlloc ,NetbufAllocSpace might return null pointer ,so Assigning: "NUL= L" to "PacketOut" and "DataOut" pointer. --- NetworkPkg/HttpDxe/HttpDns.c | 2 +- NetworkPkg/HttpDxe/HttpImpl.c | 5 +---- NetworkPkg/HttpDxe/HttpsSupport.c | 21 ++++++++++++++++++++- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpDns.c b/NetworkPkg/HttpDxe/HttpDns.c index 13cbde0f34..b8ac6fba4b 100644 --- a/NetworkPkg/HttpDxe/HttpDns.c +++ b/NetworkPkg/HttpDxe/HttpDns.c @@ -150,7 +150,7 @@ HttpDns4 ( goto Exit; } - while (!IsDone) { + while (!IsDone && (Dns4->Poll !=3D NULL)) { Dns4->Poll (Dns4); } diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index 6606c29342..6d05c203b0 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -1104,10 +1104,7 @@ HttpResponseWorker ( // Search for Status Code. // StatusCodeStr =3D HttpHeaders + AsciiStrLen (HTTP_VERSION_STR) + 1; - if (StatusCodeStr =3D=3D NULL) { - Status =3D EFI_NOT_READY; - goto Error; - } + StatusCode =3D AsciiStrDecimalToUintn (StatusCodeStr); diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu= pport.c index 8d7bffe1e9..e40386a99c 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -732,7 +732,6 @@ TlsConfigureSession ( // the caller. The failure is pushed back to TLS DXE driver if the // HTTP communication actually requires certificate. // - Status =3D EFI_SUCCESS; } else { DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n")); return Status; @@ -1250,6 +1249,10 @@ TlsConnectSession ( // Transmit ClientHello // PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NET_BU= F_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1336,6 +1339,10 @@ TlsConnectSession ( // Transmit the response packet. // PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NE= T_BUF_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1493,6 +1500,10 @@ TlsCloseSession ( } PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NET_BU= F_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1781,6 +1792,10 @@ HttpsReceive ( if (BufferOutSize !=3D 0) { PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize= , NET_BUF_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1873,6 +1888,10 @@ HttpsReceive ( if (BufferOutSize !=3D 0) { PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NE= T_BUF_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); -- 2.42.0.windows.2 -The information contained in this message may be confidential and propriet= ary to American Megatrends (AMI). This communication is intended to be read= only by the individual or entity to whom it is addressed or by their desig= nee. If the reader of this message is not the intended recipient, you are o= n notice that any distribution of this message, in any form, is strictly pr= ohibited. Please promptly notify the sender by reply e-mail or by telephone= at 770-246-8600, and then delete or destroy all copies of the transmission= . -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118812): https://edk2.groups.io/g/devel/message/118812 Mute This Topic: https://groups.io/mt/106018538/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-