From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 5DC50AC0A89 for ; Fri, 10 May 2024 11:06:10 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=q09RHKbgU8n5FDFGCRnPYPFNAag3r6fFj/bGyn2OeZs=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1715339168; v=1; b=xEknxD1wi4Bq5aI10VDW8ShXb3zVlwHtf61qz8vDr+0lfZGGdM/KdImbo/TtmGwcrSxPN4uo CzRtn8hkkZlQEj8PJUtgh+8rt6AYrMsAx4cU41JDkc0PXrGJ/axZKHLgdC5m0HR3lvRI3lFZUHr I7OhJrzdYQujPGrmCn73Pxzh8fherlGJdDZow7TwY+mfbvhFWmzVkCmuMhv6WpADfDnD30mOHM2 epUoV7l8u75/V4iQU4sezpPDchL4QI7BSYCLiKX4OMBVm1tfe+WlBnhiehBELmex0qPqzZRYcMs ecJgvyxIYWnbln4jMMs1E+1Pc4Axif5orHqg3u4HFXIEQ== X-Received: by 127.0.0.2 with SMTP id TEHnYY7687511xOu6ewtrgSo; Fri, 10 May 2024 04:06:08 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.90]) by mx.groups.io with SMTP id smtpd.web11.9953.1715339167663770431 for ; Fri, 10 May 2024 04:06:08 -0700 X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com (2603:10b6:5:3ab::11) by DS0PR10MB6269.namprd10.prod.outlook.com (2603:10b6:8:d3::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.47; Fri, 10 May 2024 11:06:05 +0000 X-Received: from DS7PR10MB5375.namprd10.prod.outlook.com ([fe80::8150:88f6:2efe:6242]) by DS7PR10MB5375.namprd10.prod.outlook.com ([fe80::8150:88f6:2efe:6242%7]) with mapi id 15.20.7544.048; Fri, 10 May 2024 11:06:05 +0000 From: "Santhosh Kumar V via groups.io" To: "devel@edk2.groups.io" , Santhosh Kumar V CC: Sivaraman Nainar , Raj V Akilan , Saloni Kasbekar , Zachary Clark-williams Subject: [edk2-devel] [PATCH] NetworkPkg:HttpDxe:CoverityIssues Thread-Topic: [PATCH] NetworkPkg:HttpDxe:CoverityIssues Thread-Index: AQHaosoNQ6OAJNlIwU6ZTHNJGcgXhw== Date: Fri, 10 May 2024 11:06:05 +0000 Message-ID: <20240510110602.1561-1-santhoshkumarv@ami.com> Accept-Language: en-US, en-IN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DS7PR10MB5375:EE_|DS0PR10MB6269:EE_ x-ms-office365-filtering-correlation-id: cb7d911b-7014-486a-7d58-08dc70e1300e x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?iso-8859-1?Q?JkDFrj1oKz58A0XjHhDW5eJC/FPUnPfYwneTrJrsvanhESEgZU+w3jA/n6?= =?iso-8859-1?Q?dAkUeJgyFEDQGE7NdPKYxkDjGQfcIyYvpJPUrd9X/IFUnWtN4VAixiJ5uY?= =?iso-8859-1?Q?XHtdN4MisaIqcye8zahrX1cd+374JxfOLrmFtLnfYq9KOPWUNTimNG+M1P?= =?iso-8859-1?Q?hROShK837X5CabzA+boJShJNwY8RDAdDo2g4nCBVUfCFsi5K+Qe4lb1HrY?= =?iso-8859-1?Q?rrKu8v6E8ZYQKMBuEhLYf3QHqO4hKvrJlP3V6vFDBbiP5Ie6FIHvbh46pv?= =?iso-8859-1?Q?Vcwjs/4I0YUyJIDTxVYkJn8RnU6SVljEo/NUa6s5J84Ba0b9qOdAl8aJN7?= =?iso-8859-1?Q?nmh4iAsDaGzP7JSv5085f4ZvrQCw7DQyMH8xZGnpVljw4EiFyvm6llaZfm?= =?iso-8859-1?Q?Zu9HyqShtLHli+jOiHfbRAmPkFt3W0i/GN0EmBYVsfpmXk/kZyiRXB09K8?= =?iso-8859-1?Q?OATQLFOYdC2qSytHYTSibgzcA+j1TNo1Em59gjetCfd36Wi3+OGkHAFShu?= =?iso-8859-1?Q?woFDiqeNyTqz5UYq92gB7YESGnWHumbmSCgnbiWfLkBUeJqTwQAZqxQH9Q?= =?iso-8859-1?Q?FJ21soQDvt5jxjmPtxMmMneMHwOBR9x2Dk2unArnSeBYeuS7paCxyNf1GQ?= =?iso-8859-1?Q?VVnPnwD17LlRCHKVLJyPr551uY9qClmIixEXjUyA5lMCRikxlrwBDn7qPM?= =?iso-8859-1?Q?hUQkZH40V/2iMqvOy+xtWx/5YSx8chj95P3Aan/uQRNg15DTUGCLtzyXCE?= =?iso-8859-1?Q?0LW6RoW4WNhbcuKOTLUwBZig2vdb2gbHMHmfd6+4GjfUurhlN9U0Y7w/fO?= =?iso-8859-1?Q?WwGKbqF4Sho3brTkiVCK76Gy0/cNkLAHDrd3Htous+zN7qPFc78pEvuskF?= =?iso-8859-1?Q?crHJfKJOSESPZg0LMQy8E0Y2lF5bcJRe5Uj5j9RdYqCmi/rY9HK5qI2iPb?= =?iso-8859-1?Q?j79N/ie3j0+I4toF41AnBfWQVr8ecYhBsu/TVq70PEdXzMuZxAecJObzwh?= =?iso-8859-1?Q?fLG5Arfq5jUDeVa6ntLsS5n7V2ig1+slRhtneKQVrSKaUw//4stI6Qa3Ik?= =?iso-8859-1?Q?pPxdrI7WUiugbqpIRJ0njq+QbJ2LM78hUrniRKdAnRZBRdysBTQu3IJ+T0?= =?iso-8859-1?Q?nc3dNpLAvoFV/lAZrJbYqay+QfbJJlZTtdegSnVNrQjIocOIyHh0rXHRoE?= =?iso-8859-1?Q?5Wk+qBT3+IbTOGChduS7N2McBmLZ0vLeLiH/WtGEbYm5F8okPqPLjDIyGc?= =?iso-8859-1?Q?ZnoBh8/RDY7FJJOC2bkz84oiiu8HTOQPUKciE3xPOdh3yH+cO3Ay/mm0be?= =?iso-8859-1?Q?7enxwSYkF4Vz8wScf6wlsYNZpwh0vmwWzzmheuH2Go4ho6BClbqeqMi54E?= =?iso-8859-1?Q?hwlAC+DEUhwAOY7z4NSoshJat6tX9YAQ=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?LTJgq2/aX+BOcAyZRQqZO6Hnb6qz7RMMLlrdeEwoEkQJLyYBsLliIUUpod?= =?iso-8859-1?Q?qm+rTAZob3bGN0feD8sqrwbrVom8w34fJRct6L3woHMnVC2gaW2LROfBcv?= =?iso-8859-1?Q?T/hBgFkmrV6Y2YfCG4D7Y+m5tOPYJpCO9R8isluJ7Px+66JQt7S4UXdUAb?= =?iso-8859-1?Q?u+yel88uswPLdQMDjIGCzRSn/jO7IbApq/mVkMsnjNHPpAQX/WPCTW13Y0?= =?iso-8859-1?Q?Z5mlRWUho3p615v2Eznd/A8tZjdL33WX68iVukTzZBTd0HIFPY4cukeVHf?= =?iso-8859-1?Q?2Z2SakHuRzK7O/MHF8A0IeS8vJpu6erGAY/LkPAGIA3PXAnJUZFJKUOrs2?= =?iso-8859-1?Q?PvT48/1ds9i2W0FhzsRyrVpElHhMxlTkVmFATfaOOwkBvFaFrQ0WmCg3j8?= =?iso-8859-1?Q?cHq8uyM8zil/aenLSdz+JlqfnQXiS/+QcDd82Iz7TR8pYEcdH9Htti6VpZ?= =?iso-8859-1?Q?d0C33DFm4Uif8ufH43eBF+wrDN6o+DNLzaKFCnefKD6kZ5AhJU5N6tt8Qp?= =?iso-8859-1?Q?7+xW70f/MjqonRkDfhThLuQOJRm8DwZ2e8u2G3WBXWzxf+ECeDf0Qy2UUB?= =?iso-8859-1?Q?eJ2i/zTpEWJNIQMWv6IJCA9lNe73czm5L47tMu0HY5Fxcp3dnzztfge92d?= =?iso-8859-1?Q?EtEbrlKnhO7+xcbhOtpcGZlZFcJxq15gl9qti05DB7gAMVnv/ZJ2CAhFAC?= =?iso-8859-1?Q?9aceCjDAAK8qs8+Yha6/ozDYkyw0Nc+c2/k0JLvgLZ6mJ948AjBzuqK96L?= =?iso-8859-1?Q?G0l31J2/AbSpTDScC17mJuKyRhEnICo0Fq7lIPVRm+0dFvpRb8JEHn3j0H?= =?iso-8859-1?Q?BN5ybc7RUk2Cuf5HQEXS5YZj61CCUBoAgNL4n9M9bvslSpRTF3QlARwmc9?= =?iso-8859-1?Q?Ve6DfhaAIfm5n+c9vAdohh4iSBOOqROC3Px1vIxc03hTEqHDsfKmwo7NUd?= =?iso-8859-1?Q?nqsldawDuqdWXfYQMtEmvdS6XR1aJ5lsx9e0bzat19mTcItbsPtETtaWZC?= =?iso-8859-1?Q?bR3R0Soo+xso0VQobQGwxaU2PR+0fOIIcRPnxq2zKnuH+Dg1R2dToHfz1/?= =?iso-8859-1?Q?ywIPBopYOuA8wr574YYVHW7g0mBbXd/JozWSGykP9IoDe4+AWP27LOZ68F?= =?iso-8859-1?Q?fGsxdGXdZL0dRIPnIiZ54r2+ave32qzVpL776wGJW+HJNqhJT2TG3BV1Wz?= =?iso-8859-1?Q?SnNhty1WcdpkEBK2EITuQDQEbT13CEKiFiP1W80RSHTNfjItk10vWY3nOv?= =?iso-8859-1?Q?syMIhR/nOgkdLDVknyLCq3jP/8gNhiUVqoRqQbpWe94MVzax3+VA5XpSc8?= =?iso-8859-1?Q?SnFHOF5exhzvnliBjkzhei9cx+e+sixrbTegnBMTmNxeS77dzOdb8Wj2Hu?= =?iso-8859-1?Q?i0p4QcvV6QyuVX6styfwDQE6eX7YHSA7SefWA0dBsfHjz/2DqwN2nHkbLV?= =?iso-8859-1?Q?oC4SY/660Vkm8vAdq7+t3dis5h3j5SNekV1Aou/InsfUvuCFDPdOhUSwp3?= =?iso-8859-1?Q?6nteZIJ+ohBs6vAgLMxWVik5mrd03rgHTHywAnsAMY5v1U+HEKf+wKbZkI?= =?iso-8859-1?Q?jKRdgO7d4+y6K0EtlshJ28mnshIsWdOK2bIX8Y22X1rAXcnq1WsIfv4Ba1?= =?iso-8859-1?Q?7slwX8NTMZWH7lafuJEg8ppy0u1uGraIuMNw6H3rqGbAzs0JXgNJI11Q?= =?iso-8859-1?Q?=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: ami.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DS7PR10MB5375.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cb7d911b-7014-486a-7d58-08dc70e1300e X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2024 11:06:05.5947 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 27e97857-e15f-486c-b58e-86c2b3040f93 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: eE63Hh4QxaNRVxuBfWHMHbdgHcIMeU73Svyd0yPMFe5RfGqDThiCDJeHDQ9nsaQVPMaCEB1AGg6LWm20aoVy3A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR10MB6269 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 10 May 2024 04:06:08 -0700 Resent-From: santhoshkumarv@ami.com Reply-To: devel@edk2.groups.io,santhoshkumarv@ami.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: bZJkzLuD2cveYsaftsYdUlFYx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=xEknxD1w; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Resolved Coverity Issues in Http Dxe 1.HttpResponseWorker(DEADCODE) The result of pointer arithmetic "HttpHeaders + AsciiStrLen("HTTP/1.1") + 1= " is never null. 2.HttpDns4 (DEAD LOOP) Coverity reports dead loop error since IsDone is always false ,In Some scen= ario it might not update the to true 3.HttpsSupport.c (NULL_RETURNS) NetbufAlloc ,NetbufAllocSpace might return null pointer ,so Assigning: "NUL= L" to "PacketOut" and "DataOut" pointer. Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: SanthoshKumarV --- NetworkPkg/HttpDxe/HttpDns.c | 2 +- NetworkPkg/HttpDxe/HttpImpl.c | 5 +---- NetworkPkg/HttpDxe/HttpsSupport.c | 21 ++++++++++++++++++++- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpDns.c b/NetworkPkg/HttpDxe/HttpDns.c index 13cbde0f34..b8ac6fba4b 100644 --- a/NetworkPkg/HttpDxe/HttpDns.c +++ b/NetworkPkg/HttpDxe/HttpDns.c @@ -150,7 +150,7 @@ HttpDns4 ( goto Exit; } - while (!IsDone) { + while (!IsDone && (Dns4->Poll !=3D NULL)) { Dns4->Poll (Dns4); } diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index 6606c29342..6d05c203b0 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -1104,10 +1104,7 @@ HttpResponseWorker ( // Search for Status Code. // StatusCodeStr =3D HttpHeaders + AsciiStrLen (HTTP_VERSION_STR) + 1; - if (StatusCodeStr =3D=3D NULL) { - Status =3D EFI_NOT_READY; - goto Error; - } + StatusCode =3D AsciiStrDecimalToUintn (StatusCodeStr); diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSu= pport.c index 8d7bffe1e9..e40386a99c 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -732,7 +732,6 @@ TlsConfigureSession ( // the caller. The failure is pushed back to TLS DXE driver if the // HTTP communication actually requires certificate. // - Status =3D EFI_SUCCESS; } else { DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n")); return Status; @@ -1250,6 +1249,10 @@ TlsConnectSession ( // Transmit ClientHello // PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NET_BU= F_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1336,6 +1339,10 @@ TlsConnectSession ( // Transmit the response packet. // PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NE= T_BUF_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1493,6 +1500,10 @@ TlsCloseSession ( } PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NET_BU= F_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1781,6 +1792,10 @@ HttpsReceive ( if (BufferOutSize !=3D 0) { PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize= , NET_BUF_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); @@ -1873,6 +1888,10 @@ HttpsReceive ( if (BufferOutSize !=3D 0) { PacketOut =3D NetbufAlloc ((UINT32)BufferOutSize); + if (PacketOut =3D=3D NULL) { + FreePool (BufferOut); + return EFI_OUT_OF_RESOURCES; + } DataOut =3D NetbufAllocSpace (PacketOut, (UINT32)BufferOutSize, NE= T_BUF_TAIL); if (DataOut =3D=3D NULL) { FreePool (BufferOut); -- 2.42.0.windows.2 -The information contained in this message may be confidential and propriet= ary to American Megatrends (AMI). This communication is intended to be read= only by the individual or entity to whom it is addressed or by their desig= nee. If the reader of this message is not the intended recipient, you are o= n notice that any distribution of this message, in any form, is strictly pr= ohibited. Please promptly notify the sender by reply e-mail or by telephone= at 770-246-8600, and then delete or destroy all copies of the transmission= . -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118813): https://edk2.groups.io/g/devel/message/118813 Mute This Topic: https://groups.io/mt/106018538/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-