From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com [209.85.218.48]) by mx.groups.io with SMTP id smtpd.web11.835.1600984636229214659 for ; Thu, 24 Sep 2020 14:57:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@broadcom.com header.s=google header.b=UH90b8cs; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: broadcom.com, ip: 209.85.218.48, mailfrom: vladimir.olovyannikov@broadcom.com) Received: by mail-ej1-f48.google.com with SMTP id o8so828557ejb.10 for ; Thu, 24 Sep 2020 14:57:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:cc; bh=snzyEAxVJcTj523NmyGpfwg2oE07z7S45dCeabqioSU=; b=UH90b8csLE0T2jNPp0PQdC2KRNBfWh5xLS2+puH3qABsrxsdm86UbRQViGoXeGDifE 0Vl69Ysfqye8EFGEEIYzu3gAs+HNNEIB0iTUjdj7dxhism7Dhx+5ePR3TSffRpZ+lPSt ynLiYdzEozUCWmsX2lOZbJWgx0cvlTu+e7Llk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:cc; bh=snzyEAxVJcTj523NmyGpfwg2oE07z7S45dCeabqioSU=; b=WZJYpvvMLWvMnrXVeHfvI490Vj6uvZ8h90DD6zoH1+ukhXgW9/vXhMw8qHO7L38npY 3UH0VhF+oWLm+ndHBfSpI4i/ZYczn4fIPAQKpPnP46DbLgMdC2fSRz4P6AhrPKcyh4dy mGcgdgwwIXLob7fxqt6JmkkWFC/XybzKU9x7oZ7f2nBSW1BztQF/bLnYZXp7Q5kru4h6 v3tMLY5E+vwkVGxtS/xzm2rZ5PddmfSkrO0IfgNyFJFrAOi0LUnwZ9tBVuhXlZBPZjsg h3WyKumTLn3BCHuAhaJIcZOIGn8ZYfrE1bCCIhhoi2uBD3y372VWiKysE8gtLaeHq1Jq 7xCA== X-Gm-Message-State: AOAM531W2q6kIzKIcdelEcYmHNYU95YX9nKW5rh1iYRtKGSE3HpZfu+k Ph952ReX90tH1Jldg4EsZCv/8wXIX30Tj5dv4tweXpijIs+6On6w X-Google-Smtp-Source: ABdhPJzpoDS+tDhX3zje5c7I6GuqvZZ+LfXTx00ntTtvgMpn1P9bF8uqy7KCKXRDBnJpcqr9KeSdupk+yCZanBjjLQY= X-Received: by 2002:a17:907:408e:: with SMTP id nt22mr656255ejb.169.1600984633958; Thu, 24 Sep 2020 14:57:13 -0700 (PDT) From: "Vladimir Olovyannikov" References: <20200828181706.25296-1-vladimir.olovyannikov@broadcom.com> In-Reply-To: <20200828181706.25296-1-vladimir.olovyannikov@broadcom.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQE1fRb8jT6ymox4c4n7NSQG76GQLqq6gHaw Date: Thu, 24 Sep 2020 14:57:10 -0700 Message-ID: <2d7b8b14f01cc630017e3e1134f17585@mail.gmail.com> Subject: Re: [PATCH 1/1] NetworkPkg: Fix possible infinite loop in HTTP msg body parser To: devel@edk2.groups.io Cc: Maciej Rabeda , Jiaxin Wu , Siyuan Fu , Laszlo Ersek X-Groupsio-MsgNum: 65585 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000006d87af05b0164889" --0000000000006d87af05b0164889 Content-Type: text/plain; charset="UTF-8" Hi Maciej, Can you please review this patch? It is sitting there for a while, looks like it slipped through the cracks. Thank you, Vladimir > -----Original Message----- > From: Vladimir Olovyannikov > Sent: Friday, August 28, 2020 11:17 AM > To: devel@edk2.groups.io > Cc: Vladimir Olovyannikov ; Maciej > Rabeda ; Jiaxin Wu ; > Siyuan Fu > Subject: [PATCH 1/1] NetworkPkg: Fix possible infinite loop in HTTP msg body > parser > > When an HTTP server sends a non-chunked body data with no Content- > Length header, the HttpParserMessageBody in DxeHttpLib gets confused > and never sets the Char pointer beyond the body start. > This causes "for" loop to never break because the condition of "Char >= Body > + BodyLength" is never satisfied. > Use BodyLength as the ContentLength for the parser when ContentLength is > absent in HTTP response headers. > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2941 > > Signed-off-by: Vladimir Olovyannikov > > Cc: Maciej Rabeda > Cc: Jiaxin Wu > Cc: Siyuan Fu > --- > NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 19 ++++++++++++++++--- > 1 file changed, 16 insertions(+), 3 deletions(-) > > diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > index 180d9321025a..e550c9962dc1 100644 > --- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > +++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > @@ -1122,6 +1122,7 @@ HttpParseMessageBody ( > CHAR8 *Char; > UINTN RemainderLengthInThis; > UINTN LengthForCallback; > + UINTN PortionLength; > EFI_STATUS Status; > HTTP_BODY_PARSER *Parser; > > @@ -1173,19 +1174,31 @@ HttpParseMessageBody ( > // > // Identity transfer-coding, just notify user to save the body data. > // > + PortionLength = MIN ( > + BodyLength, > + Parser->ContentLength - Parser->ParsedBodyLength > + ); > + if (!PortionLength) { > + // > + // Got BodyLength, but no ContentLength. Use BodyLength. > + // > + PortionLength = BodyLength; > + Parser->ContentLength = PortionLength; > + } > + > if (Parser->Callback != NULL) { > Status = Parser->Callback ( > BodyParseEventOnData, > Char, > - MIN (BodyLength, Parser->ContentLength - Parser- > >ParsedBodyLength), > + PortionLength, > Parser->Context > ); > if (EFI_ERROR (Status)) { > return Status; > } > } > - Char += MIN (BodyLength, Parser->ContentLength - Parser- > >ParsedBodyLength); > - Parser->ParsedBodyLength += MIN (BodyLength, Parser- > >ContentLength - Parser->ParsedBodyLength); > + Char += PortionLength; > + Parser->ParsedBodyLength += PortionLength; > if (Parser->ParsedBodyLength == Parser->ContentLength) { > Parser->State = BodyParserComplete; > if (Parser->Callback != NULL) { > -- > 2.26.2.266.ge870325ee8 --0000000000006d87af05b0164889 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQXQYJKoZIhvcNAQcCoIIQTjCCEEoCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg2yMIIE6DCCA9CgAwIBAgIOSBtqCRO9gCTKXSLwFPMwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UE CxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMT Ckdsb2JhbFNpZ24wHhcNMTYwNjE1MDAwMDAwWhcNMjQwNjE1MDAwMDAwWjBdMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMiBDQSAtIFNIQTI1NiAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA tpZok2X9LAHsYqMNVL+Ly6RDkaKar7GD8rVtb9nw6tzPFnvXGeOEA4X5xh9wjx9sScVpGR5wkTg1 fgJIXTlrGESmaqXIdPRd9YQ+Yx9xRIIIPu3Jp/bpbiZBKYDJSbr/2Xago7sb9nnfSyjTSnucUcIP ZVChn6hKneVGBI2DT9yyyD3PmCEJmEzA8Y96qT83JmVH2GaPSSbCw0C+Zj1s/zqtKUbwE5zh8uuZ p4vC019QbaIOb8cGlzgvTqGORwK0gwDYpOO6QQdg5d03WvIHwTunnJdoLrfvqUg2vOlpqJmqR+nH 9lHS+bEstsVJtZieU1Pa+3LzfA/4cT7XA/pnwwIDAQABo4IBtTCCAbEwDgYDVR0PAQH/BAQDAgEG MGoGA1UdJQRjMGEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwkGCisGAQQBgjcUAgIGCisG AQQBgjcKAwQGCSsGAQQBgjcVBgYKKwYBBAGCNwoDDAYIKwYBBQUHAwcGCCsGAQUFBwMRMBIGA1Ud EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGlygmIxZ5VEhXeRgMQENkmdewthMB8GA1UdIwQYMBaA FI/wS3+oLkUkrk1Q+mOai97i3Ru8MD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDov L29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3Js Lmdsb2JhbHNpZ24uY29tL3Jvb3QtcjMuY3JsMGcGA1UdIARgMF4wCwYJKwYBBAGgMgEoMAwGCisG AQQBoDIBKAowQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNp Z24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQConc0yzHxn4gtQ16VccKNm4iXv 6rS2UzBuhxI3XDPiwihW45O9RZXzWNgVcUzz5IKJFL7+pcxHvesGVII+5r++9eqI9XnEKCILjHr2 DgvjKq5Jmg6bwifybLYbVUoBthnhaFB0WLwSRRhPrt5eGxMw51UmNICi/hSKBKsHhGFSEaJQALZy 4HL0EWduE6ILYAjX6BSXRDtHFeUPddb46f5Hf5rzITGLsn9BIpoOVrgS878O4JnfUWQi29yBfn75 HajifFvPC+uqn+rcVnvrpLgsLOYG/64kWX/FRH8+mhVe+mcSX3xsUpcxK9q9vLTVtroU/yJUmEC4 OcH5dQsbHBqjMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNV BAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQL ExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMK R2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aE yiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5 uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bL yCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg 6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkW qQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+ yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5 RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBov Hd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX42 68NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o 2HLO02JQZR7rkpeDMdmztcpHWD9fMIIFXzCCBEegAwIBAgIMBw3CbwgYaqPO0+uSMA0GCSqGSIb3 DQEBCwUAMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQD EypHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMwHhcNMjAwOTIxMTQz MzA3WhcNMjIwOTIyMTQzMzA3WjCBoDELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUthcm5hdGFrYTES MBAGA1UEBxMJQmFuZ2Fsb3JlMRYwFAYDVQQKEw1Ccm9hZGNvbSBJbmMuMR4wHAYDVQQDExVWbGFk aW1pciBPbG92eWFubmlrb3YxMTAvBgkqhkiG9w0BCQEWInZsYWRpbWlyLm9sb3Z5YW5uaWtvdkBi cm9hZGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtC9ndId8ga5Zsa+ZJ U+4QDnLlQMMhwjDLInDST6fvt6+oE9BX00iEq+uOt+3KIJCJilscHrOB9g0mE713PWIjaQo8b1I3 DRGmGFpl1hruS7T0HWGE+ZP33jtVDzZrBb3zvSk8+E/Lf/nTR+F+VwX6on+z8Y+LU0pucDiu2T5p S7sfAwpj0IA7PEQ+rl8sGuaElE7+kTli1UJQYF8gGJ6G89o+2RwmrJY/l0djjqrx76fiV3oxPNOy CEeHLI4vWrczctSrj6Zfz8gkq/X5+VuLhz/qPpzbO0njI0wGXVzERHi75LgYNh6/3Nm0DdoHTwEq ClanLF/XPVk3/d8bR+y/AgMBAAGjggHZMIIB1TAOBgNVHQ8BAf8EBAMCBaAwgZ4GCCsGAQUFBwEB BIGRMIGOME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9n c3BlcnNvbmFsc2lnbjJzaGEyZzNvY3NwLmNydDA9BggrBgEFBQcwAYYxaHR0cDovL29jc3AyLmds b2JhbHNpZ24uY29tL2dzcGVyc29uYWxzaWduMnNoYTJnMzBNBgNVHSAERjBEMEIGCisGAQQBoDIB KAowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w CQYDVR0TBAIwADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dz cGVyc29uYWxzaWduMnNoYTJnMy5jcmwwLQYDVR0RBCYwJIEidmxhZGltaXIub2xvdnlhbm5pa292 QGJyb2FkY29tLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDBDAfBgNVHSMEGDAWgBRpcoJiMWeVRIV3 kYDEBDZJnXsLYTAdBgNVHQ4EFgQU+vsYKvV6xIXx4rzkdgiFVWkSRX4wDQYJKoZIhvcNAQELBQAD ggEBAD3mqkZw4/rXmlUqLemAHv+/v1dHzIihiPso0EMPCWPuLXJOB+V5/ycqiwvDX+NeqTRQScgR EsOdSN9GaElW/1gTGOKC65QdWNooQJ208QJzFvcDEC5bMtM9lgcbW/qzJkvCSz8RqxfweRm2bW9b c0RM78alM55SpavIo4Qfp2qn5uAFjYebPMgzXaJAUSkRezr+PQeN5padF72wbi6/kkCclyP1cQ9D 5MSDVvTKmRr+2pf0Gdoqc0SmH5BjdtTboujwk2/GyLJGD0CkqIn0QowF/Jn/uoIcHVs8dY44ZuSt cSE8fXhVGVKi9VWuEUBjNjG6JikByuL4u+7DsEYhdpoxggJvMIICawIBATBtMF0xCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNv bmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMCDAcNwm8IGGqjztPrkjANBglghkgBZQMEAgEFAKCB 1DAvBgkqhkiG9w0BCQQxIgQgnMdBGQlkSoJgxCvTeT0PBBI8qfTUefBfBNFLdofyDpEwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwOTI0MjE1NzE0WjBpBgkqhkiG 9w0BCQ8xXDBaMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3 DQMHMAsGCSqGSIb3DQEBCjALBgkqhkiG9w0BAQcwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUA BIIBADRVOX6rNx0g+tQXs+cxQ2x6vHM3L90/mPP4gHu1ha2xrcCJwZziLqPoYz5JJi5UJcz+whzh npI+HHFRxLlvxBJMv5YMwQQvVxVjT7gCbvs6rSXCGoGUAlsZ4u43oEvIDryFtNhxIZLW4JTVBQnL Po1h3M2EX0bkJjLQ5BL2E/fVKfSC4K9ZgKiVhNAmBagxR7OtijCmndWzLLOwR88V8c5y6qNm9Dn1 rpHg45sCCDEF5AAbhVr7Fq3oxh4O06yUDUwZlE4baXR2aezFUjY23kgYZFf0k0R/YfZptAU/2RF8 eEnSj9n9LXkiCbHxq3LGhqiUVXF8G6+/PCiyNQ/WFv0= --0000000000006d87af05b0164889--