From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) by mx.groups.io with SMTP id smtpd.web11.16665.1601651312269514120 for ; Fri, 02 Oct 2020 08:08:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@broadcom.com header.s=google header.b=NFhECu8G; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: broadcom.com, ip: 209.85.208.44, mailfrom: vladimir.olovyannikov@broadcom.com) Received: by mail-ed1-f44.google.com with SMTP id g4so2005346edk.0 for ; Fri, 02 Oct 2020 08:08:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:cc; bh=cqMil9rOj/rNR8elGKH2Hvrpp05qjbLFYSCBxB5uj9I=; b=NFhECu8GRp2z63eyBRiVFaenczGubcgDmg2Ek1HlBvJXcp7XSTK7+KVm2CJOzPmVBR MV4lOWp0p7x3BHq9ulMOFxbfcwrU2Tp0D49Vd12jOeZ5qu3Ci0990dSJU0bdPegn/NJs +TRnasMJRzv1MbcB80j5rZKSZ2m8do9hN6yOs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:cc; bh=cqMil9rOj/rNR8elGKH2Hvrpp05qjbLFYSCBxB5uj9I=; b=P195sgG0Il12OTYmCyxvEAIUeIwcTW4SnlX62WcypbcJ6vTiA8IOaNYgtRjHDBpmOu aZWG/0HAOIFkA0vC7L8onmnjgRmDvk78oPXSLfpEYGiADkfmq1gjtmYGJyHtnTp5Gn9u 2FwaPI0auLH5a7anyTpgoXTnsWBBr6v/6GYZRgKykkiippUnB8FOCsHHjh2P5L5evpZz FgvWt1V53z3zAd5vfkL8B5JyuWQWLNut5zJ70aJpwOleS90jYeDUQrS7PARRkktflWrF Qp1NLosKwrTJKhnHc8oGVcjuS7+LvqMqM17kKRlTi+Bg92FQbN5OEwTw00at5EYKSyRm WvOA== X-Gm-Message-State: AOAM533NJb3uKovx8fLP9MLg9vLbCS9lL/jJbtyr1Y15KvYX4OfYxw7T 5OvHC08fdR6qqji/f659BNF5Rs61XQbq1Eyj+2PwMQ== X-Google-Smtp-Source: ABdhPJzupnmR8wN+0aXP7tXZvtYpUEzceIyQl6638EZtUxlTOKV2+MAfUtIJXdtW5uoLBBXhbW86jlIqPU3Q8KGvwH4= X-Received: by 2002:aa7:d353:: with SMTP id m19mr2672435edr.275.1601651310544; Fri, 02 Oct 2020 08:08:30 -0700 (PDT) From: "Vladimir Olovyannikov" References: <20200828181706.25296-1-vladimir.olovyannikov@broadcom.com> <2d7b8b14f01cc630017e3e1134f17585@mail.gmail.com> <4b4d9ed6f95926f5029beb97fbf8f47a@mail.gmail.com> <4f0f875d-865e-cc4b-ae21-21a422b4b0b9@linux.intel.com> In-Reply-To: <4f0f875d-865e-cc4b-ae21-21a422b4b0b9@linux.intel.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQE1fRb8jT6ymox4c4n7NSQG76GQLgG7slElAXmN+rQBMzwSTQK1EZCFqo20oaA= Date: Fri, 2 Oct 2020 08:08:29 -0700 Message-ID: <7f0c8a9bcb51af3d5f974e5fd2abc334@mail.gmail.com> Subject: Re: [edk2-devel] [PATCH 1/1] NetworkPkg: Fix possible infinite loop in HTTP msg body parser To: "Rabeda, Maciej" , devel@edk2.groups.io Cc: Jiaxin Wu , Siyuan Fu , Laszlo Ersek X-Groupsio-MsgNum: 65844 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="00000000000071306005b0b18104" --00000000000071306005b0b18104 Content-Type: text/plain; charset="UTF-8" Hi Maciej, Thank you for reviewing the patch. > -----Original Message----- > From: Rabeda, Maciej > Sent: Friday, October 2, 2020 5:02 AM > To: Vladimir Olovyannikov ; > devel@edk2.groups.io > Cc: Jiaxin Wu ; Siyuan Fu ; > Laszlo Ersek > Subject: Re: [edk2-devel] [PATCH 1/1] NetworkPkg: Fix possible infinite > loop > in HTTP msg body parser > > Hi Vladimir, > > Functionally the patch is fine. > However, from coding standard perspective, !PortionLen is not allowed - > such structure is used only for BOOLEAN type values. > Reference: Table 10, > https://edk2-docs.gitbook.io/edk-ii-c-coding-standards- > specification/5_source_files/57_c_programming#5-7-2-2-a-comparison-of- > any-pointer-to-zero-must-be-done-via-the-null-type Sorry, my bad. That's a result of switching between edk2 and Linux developments. > > Do not submit v2, I will correct that upon merging. On terms CS issue is > addressed, I am giving: > Reviewed-by: Maciej Rabeda Thank you Maciej, Vladimir > > Thanks, > Maciej > > On 01-Oct-20 17:25, Vladimir Olovyannikov wrote: > > Hi Maciej, > > > > Thank you for looking into this. > > > > Vladimir > >> -----Original Message----- > >> From: Rabeda, Maciej > >> Sent: Wednesday, September 30, 2020 2:57 AM > >> To: devel@edk2.groups.io; vladimir.olovyannikov@broadcom.com > >> Cc: Jiaxin Wu ; Siyuan Fu ; > >> Laszlo Ersek > >> Subject: Re: [edk2-devel] [PATCH 1/1] NetworkPkg: Fix possible > >> infinite loop in HTTP msg body parser > >> > >> Hi Vladimir, > >> > >> Yes, this must have go past my radar, sorry. Things are becoming more > >> and more busy out here :/ I will take a look at it by the end of week. > >> > >> On 24-Sep-20 23:57, Vladimir Olovyannikov via groups.io wrote: > >>> Hi Maciej, > >>> > >>> Can you please review this patch? > >>> It is sitting there for a while, looks like it slipped through the > >>> cracks. > >>> > >>> Thank you, > >>> Vladimir > >>>> -----Original Message----- > >>>> From: Vladimir Olovyannikov > >>>> Sent: Friday, August 28, 2020 11:17 AM > >>>> To: devel@edk2.groups.io > >>>> Cc: Vladimir Olovyannikov ; > >>>> Maciej Rabeda ; Jiaxin Wu > >>>> ; Siyuan Fu > >>>> Subject: [PATCH 1/1] NetworkPkg: Fix possible infinite loop in HTTP > >>>> msg > >>> body > >>>> parser > >>>> > >>>> When an HTTP server sends a non-chunked body data with no > Content- > >>>> Length header, the HttpParserMessageBody in DxeHttpLib gets > >>>> confused and never sets the Char pointer beyond the body start. > >>>> This causes "for" loop to never break because the condition of > >>>> "Char > >>>>> = > >>> Body > >>>> + BodyLength" is never satisfied. > >>>> Use BodyLength as the ContentLength for the parser when > >> ContentLength > >>>> is absent in HTTP response headers. > >>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2941 > >>>> > >>>> Signed-off-by: Vladimir Olovyannikov > >>>> > >>>> Cc: Maciej Rabeda > >>>> Cc: Jiaxin Wu > >>>> Cc: Siyuan Fu > >>>> --- > >>>> NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 19 > >>>> ++++++++++++++++- > >> -- > >>>> 1 file changed, 16 insertions(+), 3 deletions(-) > >>>> > >>>> diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >>>> b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >>>> index 180d9321025a..e550c9962dc1 100644 > >>>> --- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >>>> +++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > >>>> @@ -1122,6 +1122,7 @@ HttpParseMessageBody ( > >>>> CHAR8 *Char; > >>>> UINTN RemainderLengthInThis; > >>>> UINTN LengthForCallback; > >>>> + UINTN PortionLength; > >>>> EFI_STATUS Status; > >>>> HTTP_BODY_PARSER *Parser; > >>>> > >>>> @@ -1173,19 +1174,31 @@ HttpParseMessageBody ( > >>>> // > >>>> // Identity transfer-coding, just notify user to save the > >>>> body > >>> data. > >>>> // > >>>> + PortionLength = MIN ( > >>>> + BodyLength, > >>>> + Parser->ContentLength - > >>> Parser->ParsedBodyLength > >>>> + ); > >>>> + if (!PortionLength) { > >>>> + // > >>>> + // Got BodyLength, but no ContentLength. Use BodyLength. > >>>> + // > >>>> + PortionLength = BodyLength; > >>>> + Parser->ContentLength = PortionLength; > >>>> + } > >>>> + > >>>> if (Parser->Callback != NULL) { > >>>> Status = Parser->Callback ( > >>>> BodyParseEventOnData, > >>>> Char, > >>>> - MIN (BodyLength, Parser->ContentLength - > >>> Parser- > >>>>> ParsedBodyLength), > >>>> + PortionLength, > >>>> Parser->Context > >>>> ); > >>>> if (EFI_ERROR (Status)) { > >>>> return Status; > >>>> } > >>>> } > >>>> - Char += MIN (BodyLength, Parser->ContentLength - Parser- > >>>>> ParsedBodyLength); > >>>> - Parser->ParsedBodyLength += MIN (BodyLength, Parser- > >>>>> ContentLength - Parser->ParsedBodyLength); > >>>> + Char += PortionLength; > >>>> + Parser->ParsedBodyLength += PortionLength; > >>>> if (Parser->ParsedBodyLength == Parser->ContentLength) { > >>>> Parser->State = BodyParserComplete; > >>>> if (Parser->Callback != NULL) { > >>>> -- > >>>> 2.26.2.266.ge870325ee8 > >>> > >>> > >>> --00000000000071306005b0b18104 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQXQYJKoZIhvcNAQcCoIIQTjCCEEoCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg2yMIIE6DCCA9CgAwIBAgIOSBtqCRO9gCTKXSLwFPMwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UE CxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMT Ckdsb2JhbFNpZ24wHhcNMTYwNjE1MDAwMDAwWhcNMjQwNjE1MDAwMDAwWjBdMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBQZXJzb25h bFNpZ24gMiBDQSAtIFNIQTI1NiAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA tpZok2X9LAHsYqMNVL+Ly6RDkaKar7GD8rVtb9nw6tzPFnvXGeOEA4X5xh9wjx9sScVpGR5wkTg1 fgJIXTlrGESmaqXIdPRd9YQ+Yx9xRIIIPu3Jp/bpbiZBKYDJSbr/2Xago7sb9nnfSyjTSnucUcIP ZVChn6hKneVGBI2DT9yyyD3PmCEJmEzA8Y96qT83JmVH2GaPSSbCw0C+Zj1s/zqtKUbwE5zh8uuZ p4vC019QbaIOb8cGlzgvTqGORwK0gwDYpOO6QQdg5d03WvIHwTunnJdoLrfvqUg2vOlpqJmqR+nH 9lHS+bEstsVJtZieU1Pa+3LzfA/4cT7XA/pnwwIDAQABo4IBtTCCAbEwDgYDVR0PAQH/BAQDAgEG MGoGA1UdJQRjMGEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwkGCisGAQQBgjcUAgIGCisG AQQBgjcKAwQGCSsGAQQBgjcVBgYKKwYBBAGCNwoDDAYIKwYBBQUHAwcGCCsGAQUFBwMRMBIGA1Ud EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFGlygmIxZ5VEhXeRgMQENkmdewthMB8GA1UdIwQYMBaA FI/wS3+oLkUkrk1Q+mOai97i3Ru8MD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDov L29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3Js Lmdsb2JhbHNpZ24uY29tL3Jvb3QtcjMuY3JsMGcGA1UdIARgMF4wCwYJKwYBBAGgMgEoMAwGCisG AQQBoDIBKAowQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNp Z24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQConc0yzHxn4gtQ16VccKNm4iXv 6rS2UzBuhxI3XDPiwihW45O9RZXzWNgVcUzz5IKJFL7+pcxHvesGVII+5r++9eqI9XnEKCILjHr2 DgvjKq5Jmg6bwifybLYbVUoBthnhaFB0WLwSRRhPrt5eGxMw51UmNICi/hSKBKsHhGFSEaJQALZy 4HL0EWduE6ILYAjX6BSXRDtHFeUPddb46f5Hf5rzITGLsn9BIpoOVrgS878O4JnfUWQi29yBfn75 HajifFvPC+uqn+rcVnvrpLgsLOYG/64kWX/FRH8+mhVe+mcSX3xsUpcxK9q9vLTVtroU/yJUmEC4 OcH5dQsbHBqjMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNV BAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQL ExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMK R2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aE yiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5 uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bL yCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg 6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkW qQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+ yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5 RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBov Hd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX42 68NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o 2HLO02JQZR7rkpeDMdmztcpHWD9fMIIFXzCCBEegAwIBAgIMBw3CbwgYaqPO0+uSMA0GCSqGSIb3 DQEBCwUAMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQD EypHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMwHhcNMjAwOTIxMTQz MzA3WhcNMjIwOTIyMTQzMzA3WjCBoDELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUthcm5hdGFrYTES MBAGA1UEBxMJQmFuZ2Fsb3JlMRYwFAYDVQQKEw1Ccm9hZGNvbSBJbmMuMR4wHAYDVQQDExVWbGFk aW1pciBPbG92eWFubmlrb3YxMTAvBgkqhkiG9w0BCQEWInZsYWRpbWlyLm9sb3Z5YW5uaWtvdkBi cm9hZGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtC9ndId8ga5Zsa+ZJ U+4QDnLlQMMhwjDLInDST6fvt6+oE9BX00iEq+uOt+3KIJCJilscHrOB9g0mE713PWIjaQo8b1I3 DRGmGFpl1hruS7T0HWGE+ZP33jtVDzZrBb3zvSk8+E/Lf/nTR+F+VwX6on+z8Y+LU0pucDiu2T5p S7sfAwpj0IA7PEQ+rl8sGuaElE7+kTli1UJQYF8gGJ6G89o+2RwmrJY/l0djjqrx76fiV3oxPNOy CEeHLI4vWrczctSrj6Zfz8gkq/X5+VuLhz/qPpzbO0njI0wGXVzERHi75LgYNh6/3Nm0DdoHTwEq ClanLF/XPVk3/d8bR+y/AgMBAAGjggHZMIIB1TAOBgNVHQ8BAf8EBAMCBaAwgZ4GCCsGAQUFBwEB BIGRMIGOME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9n c3BlcnNvbmFsc2lnbjJzaGEyZzNvY3NwLmNydDA9BggrBgEFBQcwAYYxaHR0cDovL29jc3AyLmds b2JhbHNpZ24uY29tL2dzcGVyc29uYWxzaWduMnNoYTJnMzBNBgNVHSAERjBEMEIGCisGAQQBoDIB KAowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w CQYDVR0TBAIwADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dz cGVyc29uYWxzaWduMnNoYTJnMy5jcmwwLQYDVR0RBCYwJIEidmxhZGltaXIub2xvdnlhbm5pa292 QGJyb2FkY29tLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDBDAfBgNVHSMEGDAWgBRpcoJiMWeVRIV3 kYDEBDZJnXsLYTAdBgNVHQ4EFgQU+vsYKvV6xIXx4rzkdgiFVWkSRX4wDQYJKoZIhvcNAQELBQAD ggEBAD3mqkZw4/rXmlUqLemAHv+/v1dHzIihiPso0EMPCWPuLXJOB+V5/ycqiwvDX+NeqTRQScgR EsOdSN9GaElW/1gTGOKC65QdWNooQJ208QJzFvcDEC5bMtM9lgcbW/qzJkvCSz8RqxfweRm2bW9b c0RM78alM55SpavIo4Qfp2qn5uAFjYebPMgzXaJAUSkRezr+PQeN5padF72wbi6/kkCclyP1cQ9D 5MSDVvTKmRr+2pf0Gdoqc0SmH5BjdtTboujwk2/GyLJGD0CkqIn0QowF/Jn/uoIcHVs8dY44ZuSt cSE8fXhVGVKi9VWuEUBjNjG6JikByuL4u+7DsEYhdpoxggJvMIICawIBATBtMF0xCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNv bmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMCDAcNwm8IGGqjztPrkjANBglghkgBZQMEAgEFAKCB 1DAvBgkqhkiG9w0BCQQxIgQgWIlfQ6RUVaQ2fqZNUR67wKmXTw2QSFZBoHc/dqF4KWowGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAxMDAyMTUwODMwWjBpBgkqhkiG 9w0BCQ8xXDBaMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3 DQMHMAsGCSqGSIb3DQEBCjALBgkqhkiG9w0BAQcwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUA BIIBAHzxRiGRlkTBItKITnppg9gWdU4TyHHYsBoETAwZuNTRXnFoSGw1BWLoNMliRG4+tTOTudyE arP7a3UTrWmpeh0soriESN6k77zkremmdYBRP35BXwakhuQqzH/NsyyaYll/noR5xtsl/7tq68TD 7ISgBcBx+PwlKKI4itM7ah29p7J+OciysrKeYsGXcpns7YCQioJoeN5aLS90YASTuk4d1jtjExO0 A4WXYMjW0Qp5GfSjZV+asNF2vwhleswz6lrqcI2nTs0M9gMj1JVlFlIVHJPhAYxB4regoeUaYVJ3 lceGrKJmkbZmZprwzPvnmmNP7UwmsBUarXXsHeFvjt8= --00000000000071306005b0b18104--