From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) by mx.groups.io with SMTP id smtpd.web12.1528.1601565911410406448 for ; Thu, 01 Oct 2020 08:25:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@broadcom.com header.s=google header.b=H58NU0Tj; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: broadcom.com, ip: 209.85.218.50, mailfrom: vladimir.olovyannikov@broadcom.com) Received: by mail-ej1-f50.google.com with SMTP id z23so8643521ejr.13 for ; Thu, 01 Oct 2020 08:25:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:cc; bh=CE9ilL2eQUPZwZsiMYXQpnWxpNy3llvCpVJGZB9cYXw=; b=H58NU0TjSCm7cVSo5kh7/ak/RjIZgo2bWVt64391/jNxzzGAW1wttFSh+fqiG8A8fS uOhKdrSFYBq//vZMmX79wtyvuAgIw+v6KQKyyH3I84TwjS/fu2a1kCTlJXXEIaF02OGZ mfmIr6FKnCjF9/cWNFw8sx3rk7WOSlPXPQuj0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:cc; bh=CE9ilL2eQUPZwZsiMYXQpnWxpNy3llvCpVJGZB9cYXw=; b=pjyBa2J1a6pVlG+64Jnd192bZhhujTplhBtUhmpt9f6DWzKYfMY/ofg/xQxi420Zaa 2YZJe10ZocUSqCppJEDFsHEkeXljByHdB9MGAQvaJ7+IHJBtpObiWKnHaPDiYG8DRQtA N+WjN6ipft8pguL+o5/dZVhoMSSMwwxLFZVKVO6WmDLQnnIYt5HOZ753l/Q5pHA4u7Ad PaoSjFBaulB1t4XamHnxvkN2JUDGyH5il9if6N2taBeSk/FcaeyctprxiWzNl3tnbLoi +vhLGMSt8+qKuNXyUsI2JvrdK/56OrkjzXHjaw0axjF1qIfS/MMG0Ks1mScEKNu4fBfI io1w== X-Gm-Message-State: AOAM532BcMG3Lpn3f+Ynh6I0mjyR1e2uz6llq+SU3KAdI8PGeI/Y/k8H 5nT3yiX0hsF6rcW94dFEVv9Wjlfr9I9oGq3bqJZnaw== X-Google-Smtp-Source: ABdhPJw1syfcuiYnNAxZEh0oG19V78sayNBQVsZFcP9DD2nxXp1bjtk+7qVzWbnd3fTGAcu09uzruNerEFRaaeg/Ji8= X-Received: by 2002:a17:906:c1c6:: with SMTP id bw6mr9072201ejb.374.1601565909531; Thu, 01 Oct 2020 08:25:09 -0700 (PDT) From: "Vladimir Olovyannikov" References: <20200828181706.25296-1-vladimir.olovyannikov@broadcom.com> <2d7b8b14f01cc630017e3e1134f17585@mail.gmail.com> In-Reply-To: MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQE1fRb8jT6ymox4c4n7NSQG76GQLgG7slElAXmN+rSqq2fCYA== Date: Thu, 1 Oct 2020 08:25:07 -0700 Message-ID: <4b4d9ed6f95926f5029beb97fbf8f47a@mail.gmail.com> Subject: Re: [edk2-devel] [PATCH 1/1] NetworkPkg: Fix possible infinite loop in HTTP msg body parser To: "Rabeda, Maciej" , devel@edk2.groups.io Cc: Jiaxin Wu , Siyuan Fu , Laszlo Ersek X-Groupsio-MsgNum: 65805 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="00000000000025c65905b09d9f46" --00000000000025c65905b09d9f46 Content-Type: text/plain; charset="UTF-8" Hi Maciej, Thank you for looking into this. Vladimir > -----Original Message----- > From: Rabeda, Maciej > Sent: Wednesday, September 30, 2020 2:57 AM > To: devel@edk2.groups.io; vladimir.olovyannikov@broadcom.com > Cc: Jiaxin Wu ; Siyuan Fu ; > Laszlo Ersek > Subject: Re: [edk2-devel] [PATCH 1/1] NetworkPkg: Fix possible infinite > loop > in HTTP msg body parser > > Hi Vladimir, > > Yes, this must have go past my radar, sorry. Things are becoming more and > more busy out here :/ I will take a look at it by the end of week. > > On 24-Sep-20 23:57, Vladimir Olovyannikov via groups.io wrote: > > Hi Maciej, > > > > Can you please review this patch? > > It is sitting there for a while, looks like it slipped through the > > cracks. > > > > Thank you, > > Vladimir > >> -----Original Message----- > >> From: Vladimir Olovyannikov > >> Sent: Friday, August 28, 2020 11:17 AM > >> To: devel@edk2.groups.io > >> Cc: Vladimir Olovyannikov ; > >> Maciej Rabeda ; Jiaxin Wu > >> ; Siyuan Fu > >> Subject: [PATCH 1/1] NetworkPkg: Fix possible infinite loop in HTTP > >> msg > > body > >> parser > >> > >> When an HTTP server sends a non-chunked body data with no Content- > >> Length header, the HttpParserMessageBody in DxeHttpLib gets confused > >> and never sets the Char pointer beyond the body start. > >> This causes "for" loop to never break because the condition of "Char > >> >= > > Body > >> + BodyLength" is never satisfied. > >> Use BodyLength as the ContentLength for the parser when > ContentLength > >> is absent in HTTP response headers. > >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2941 > >> > >> Signed-off-by: Vladimir Olovyannikov > >> > >> Cc: Maciej Rabeda > >> Cc: Jiaxin Wu > >> Cc: Siyuan Fu > >> --- > >> NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 19 ++++++++++++++++- > -- > >> 1 file changed, 16 insertions(+), 3 deletions(-) > >> > >> diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >> b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >> index 180d9321025a..e550c9962dc1 100644 > >> --- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >> +++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >> @@ -1122,6 +1122,7 @@ HttpParseMessageBody ( > >> CHAR8 *Char; > >> UINTN RemainderLengthInThis; > >> UINTN LengthForCallback; > >> + UINTN PortionLength; > >> EFI_STATUS Status; > >> HTTP_BODY_PARSER *Parser; > >> > >> @@ -1173,19 +1174,31 @@ HttpParseMessageBody ( > >> // > >> // Identity transfer-coding, just notify user to save the > >> body > > data. > >> // > >> + PortionLength = MIN ( > >> + BodyLength, > >> + Parser->ContentLength - > > Parser->ParsedBodyLength > >> + ); > >> + if (!PortionLength) { > >> + // > >> + // Got BodyLength, but no ContentLength. Use BodyLength. > >> + // > >> + PortionLength = BodyLength; > >> + Parser->ContentLength = PortionLength; > >> + } > >> + > >> if (Parser->Callback != NULL) { > >> Status = Parser->Callback ( > >> BodyParseEventOnData, > >> Char, > >> - MIN (BodyLength, Parser->ContentLength - > > Parser- > >>> ParsedBodyLength), > >> + PortionLength, > >> Parser->Context > >> ); > >> if (EFI_ERROR (Status)) { > >> return Status; > >> } > >> } > >> - Char += MIN (BodyLength, Parser->ContentLength - Parser- > >>> ParsedBodyLength); > >> - Parser->ParsedBodyLength += MIN (BodyLength, Parser- > >>> ContentLength - Parser->ParsedBodyLength); > >> + Char += PortionLength; > >> + Parser->ParsedBodyLength += PortionLength; > >> if (Parser->ParsedBodyLength == Parser->ContentLength) { > >> Parser->State = BodyParserComplete; > >> if (Parser->Callback != NULL) { > >> -- > >> 2.26.2.266.ge870325ee8 > > > > > > > > --00000000000025c65905b09d9f46 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQXQYJKoZIhvcNAQcCoIIQTjCCEEoCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg2yMIIE6DCCA9CgAwIBAgIOSBtqCRO9gCTKXSLwFPMwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UE CxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMT Ckdsb2JhbFNpZ24wHhcNMTYwNjE1MDAwMDAwWhcNMjQwNjE1MDAwMDAwWjBdMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMiBDQSAtIFNIQTI1NiAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA tpZok2X9LAHsYqMNVL+Ly6RDkaKar7GD8rVtb9nw6tzPFnvXGeOEA4X5xh9wjx9sScVpGR5wkTg1 fgJIXTlrGESmaqXIdPRd9YQ+Yx9xRIIIPu3Jp/bpbiZBKYDJSbr/2Xago7sb9nnfSyjTSnucUcIP ZVChn6hKneVGBI2DT9yyyD3PmCEJmEzA8Y96qT83JmVH2GaPSSbCw0C+Zj1s/zqtKUbwE5zh8uuZ p4vC019QbaIOb8cGlzgvTqGORwK0gwDYpOO6QQdg5d03WvIHwTunnJdoLrfvqUg2vOlpqJmqR+nH 9lHS+bEstsVJtZieU1Pa+3LzfA/4cT7XA/pnwwIDAQABo4IBtTCCAbEwDgYDVR0PAQH/BAQDAgEG MGoGA1UdJQRjMGEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwkGCisGAQQBgjcUAgIGCisG AQQBgjcKAwQGCSsGAQQBgjcVBgYKKwYBBAGCNwoDDAYIKwYBBQUHAwcGCCsGAQUFBwMRMBIGA1Ud EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGlygmIxZ5VEhXeRgMQENkmdewthMB8GA1UdIwQYMBaA FI/wS3+oLkUkrk1Q+mOai97i3Ru8MD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDov L29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3Js Lmdsb2JhbHNpZ24uY29tL3Jvb3QtcjMuY3JsMGcGA1UdIARgMF4wCwYJKwYBBAGgMgEoMAwGCisG AQQBoDIBKAowQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNp Z24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQConc0yzHxn4gtQ16VccKNm4iXv 6rS2UzBuhxI3XDPiwihW45O9RZXzWNgVcUzz5IKJFL7+pcxHvesGVII+5r++9eqI9XnEKCILjHr2 DgvjKq5Jmg6bwifybLYbVUoBthnhaFB0WLwSRRhPrt5eGxMw51UmNICi/hSKBKsHhGFSEaJQALZy 4HL0EWduE6ILYAjX6BSXRDtHFeUPddb46f5Hf5rzITGLsn9BIpoOVrgS878O4JnfUWQi29yBfn75 HajifFvPC+uqn+rcVnvrpLgsLOYG/64kWX/FRH8+mhVe+mcSX3xsUpcxK9q9vLTVtroU/yJUmEC4 OcH5dQsbHBqjMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNV BAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQL ExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMK R2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aE yiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5 uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bL yCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg 6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkW qQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+ yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5 RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBov Hd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX42 68NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o 2HLO02JQZR7rkpeDMdmztcpHWD9fMIIFXzCCBEegAwIBAgIMBw3CbwgYaqPO0+uSMA0GCSqGSIb3 DQEBCwUAMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQD EypHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMwHhcNMjAwOTIxMTQz MzA3WhcNMjIwOTIyMTQzMzA3WjCBoDELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUthcm5hdGFrYTES MBAGA1UEBxMJQmFuZ2Fsb3JlMRYwFAYDVQQKEw1Ccm9hZGNvbSBJbmMuMR4wHAYDVQQDExVWbGFk aW1pciBPbG92eWFubmlrb3YxMTAvBgkqhkiG9w0BCQEWInZsYWRpbWlyLm9sb3Z5YW5uaWtvdkBi cm9hZGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtC9ndId8ga5Zsa+ZJ U+4QDnLlQMMhwjDLInDST6fvt6+oE9BX00iEq+uOt+3KIJCJilscHrOB9g0mE713PWIjaQo8b1I3 DRGmGFpl1hruS7T0HWGE+ZP33jtVDzZrBb3zvSk8+E/Lf/nTR+F+VwX6on+z8Y+LU0pucDiu2T5p S7sfAwpj0IA7PEQ+rl8sGuaElE7+kTli1UJQYF8gGJ6G89o+2RwmrJY/l0djjqrx76fiV3oxPNOy CEeHLI4vWrczctSrj6Zfz8gkq/X5+VuLhz/qPpzbO0njI0wGXVzERHi75LgYNh6/3Nm0DdoHTwEq ClanLF/XPVk3/d8bR+y/AgMBAAGjggHZMIIB1TAOBgNVHQ8BAf8EBAMCBaAwgZ4GCCsGAQUFBwEB BIGRMIGOME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9n c3BlcnNvbmFsc2lnbjJzaGEyZzNvY3NwLmNydDA9BggrBgEFBQcwAYYxaHR0cDovL29jc3AyLmds b2JhbHNpZ24uY29tL2dzcGVyc29uYWxzaWduMnNoYTJnMzBNBgNVHSAERjBEMEIGCisGAQQBoDIB KAowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w CQYDVR0TBAIwADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dz cGVyc29uYWxzaWduMnNoYTJnMy5jcmwwLQYDVR0RBCYwJIEidmxhZGltaXIub2xvdnlhbm5pa292 QGJyb2FkY29tLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDBDAfBgNVHSMEGDAWgBRpcoJiMWeVRIV3 kYDEBDZJnXsLYTAdBgNVHQ4EFgQU+vsYKvV6xIXx4rzkdgiFVWkSRX4wDQYJKoZIhvcNAQELBQAD ggEBAD3mqkZw4/rXmlUqLemAHv+/v1dHzIihiPso0EMPCWPuLXJOB+V5/ycqiwvDX+NeqTRQScgR EsOdSN9GaElW/1gTGOKC65QdWNooQJ208QJzFvcDEC5bMtM9lgcbW/qzJkvCSz8RqxfweRm2bW9b c0RM78alM55SpavIo4Qfp2qn5uAFjYebPMgzXaJAUSkRezr+PQeN5padF72wbi6/kkCclyP1cQ9D 5MSDVvTKmRr+2pf0Gdoqc0SmH5BjdtTboujwk2/GyLJGD0CkqIn0QowF/Jn/uoIcHVs8dY44ZuSt cSE8fXhVGVKi9VWuEUBjNjG6JikByuL4u+7DsEYhdpoxggJvMIICawIBATBtMF0xCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNv bmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMCDAcNwm8IGGqjztPrkjANBglghkgBZQMEAgEFAKCB 1DAvBgkqhkiG9w0BCQQxIgQghewkX8LqEDglq8FUZmpQ2jPrVM9Q+9eY8LOW9SYmEYowGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAxMDAxMTUyNTA5WjBpBgkqhkiG 9w0BCQ8xXDBaMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3 DQMHMAsGCSqGSIb3DQEBCjALBgkqhkiG9w0BAQcwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUA BIIBAEVnsgcUaVqPM6AJG4ynSKZddCo78/wCK2bOOZQnTGxjyRvRuFe8VQcid6rHa8LQRkvZ1hIP LC46YE5E6O2Q18Xjn0hOR23N786fpyk2YlsK64PrsRm6w3tH0Vcm8a8Ubvl2htG7j/Mr9ldw8c/Z ZGsbNHnJ1OcxmXlPYzhx900PnkP8pLgElO4bwnCNcbRA6rXfXzy7CipY/AOzdoS51VkW+6ayE6IF 4DDqggelGdCKjyfhsUqKEGnymEZ4ews+Gw1DDBoRNWT1GksG2UqwK8j1azlNhIMl5ZyXC4GWQU+2 cqFAgHVFWvByJrKfsJ+7/zcq2mqTwKPHiiZc5N4fpxk= --00000000000025c65905b09d9f46--