From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7C0B782066 for ; Fri, 16 Dec 2016 00:57:56 -0800 (PST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP; 16 Dec 2016 00:57:55 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,356,1477983600"; d="scan'208";a="18878204" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga002.jf.intel.com with ESMTP; 16 Dec 2016 00:57:52 -0800 Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 16 Dec 2016 00:57:52 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 16 Dec 2016 00:57:51 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.11]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.77]) with mapi id 14.03.0248.002; Fri, 16 Dec 2016 16:57:47 +0800 From: "Wu, Jiaxin" To: "Fu, Siyuan" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" , "Ye, Ting" Thread-Topic: [Patch 2/2] NetworkPkg: Replace ASSERT with error return code in PXE and HTTP boot driver. Thread-Index: AQHSV3UQPgfraS+DLE6S+3hP8HyauqEKRUOg Date: Fri, 16 Dec 2016 08:57:47 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B727416280C9D@SHSMSX103.ccr.corp.intel.com> References: <1481876334-130492-1-git-send-email-siyuan.fu@intel.com> <1481876334-130492-3-git-send-email-siyuan.fu@intel.com> In-Reply-To: <1481876334-130492-3-git-send-email-siyuan.fu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTU3NzQ0MzMtYjU1MS00ZjhlLWE3NGQtNmFjZTgxYWJkMGMyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX1BVQkxJQyJ9XX1dfSwiU3ViamVjdExhYmVscyI6W10sIlRNQ1ZlcnNpb24iOiIxNS45LjYuNiIsIlRydXN0ZWRMYWJlbEhhc2giOiJGeTkwNFQyVmxrXC80cEhtVkFHT1p5NTY2QXpJYjEzTldzSzZSdGRTS1wvclU9In0= x-ctpclassification: CTP_PUBLIC x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch 2/2] NetworkPkg: Replace ASSERT with error return code in PXE and HTTP boot driver. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2016 08:57:56 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi siyuan, In PxeBcCacheDhcp6Offer() function, 'Status' is set but not used, this may = break the GCC build. Please double check that. Others good to me. Reviewed-by: Wu Jiaxin Thanks, Jiaxin > -----Original Message----- > From: Fu, Siyuan > Sent: Friday, December 16, 2016 4:19 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Ye, Ting ; Wu, > Jiaxin > Subject: [Patch 2/2] NetworkPkg: Replace ASSERT with error return code in > PXE and HTTP boot driver. >=20 > This patch remove the ASSERT when receive a DHCP packet large than the > maximum cache buffer size. >=20 > Cc: Yao Jiewen > Cc: Ye Ting > Cc: Wu Jiaxin > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Fu Siyuan > --- > NetworkPkg/HttpBootDxe/HttpBootDhcp4.c | 32 +++++++-- > NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 29 ++++++-- > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 119 > +++++++++++++++++++++++---------- > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 67 +++++++++++++------ > 4 files changed, 181 insertions(+), 66 deletions(-) >=20 > diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c > b/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c > index a47a8f4..fcea916 100644 > --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c > +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c > @@ -220,17 +220,24 @@ HttpBootParseDhcp4Options ( > @param[in] Dst Pointer to the cache buffer for DHCPv4 packet= . > @param[in] Src Pointer to the DHCPv4 packet to be cached. >=20 > + @retval EFI_SUCCESS Packet is copied. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > HttpBootCacheDhcp4Packet ( > IN EFI_DHCP4_PACKET *Dst, > IN EFI_DHCP4_PACKET *Src > ) > { > - ASSERT (Dst->Size >=3D Src->Length); > + if (Dst->Size < Src->Length) { > + return EFI_BUFFER_TOO_SMALL; > + } >=20 > CopyMem (&Dst->Dhcp4, &Src->Dhcp4, Src->Length); > Dst->Length =3D Src->Length; > + > + return EFI_SUCCESS; > } >=20 > /** > @@ -429,8 +436,10 @@ HttpBootParseDhcp4Packet ( > @param[in] Private Pointer to HTTP boot driver private = data. > @param[in] RcvdOffer Pointer to the received offer packet= . >=20 > + @retval EFI_SUCCESS Cache and parse the packet successfully. > + @retval Others Operation failed. > **/ > -VOID > +EFI_STATUS > HttpBootCacheDhcp4Offer ( > IN HTTP_BOOT_PRIVATE_DATA *Private, > IN EFI_DHCP4_PACKET *RcvdOffer > @@ -439,6 +448,7 @@ HttpBootCacheDhcp4Offer ( > HTTP_BOOT_DHCP4_PACKET_CACHE *Cache4; > EFI_DHCP4_PACKET *Offer; > HTTP_BOOT_OFFER_TYPE OfferType; > + EFI_STATUS Status; >=20 > ASSERT (Private->OfferNum < HTTP_BOOT_OFFER_MAX_NUM); > Cache4 =3D &Private->OfferBuffer[Private->OfferNum].Dhcp4; > @@ -447,13 +457,16 @@ HttpBootCacheDhcp4Offer ( > // > // Cache the content of DHCPv4 packet firstly. > // > - HttpBootCacheDhcp4Packet (Offer, RcvdOffer); > + Status =3D HttpBootCacheDhcp4Packet (Offer, RcvdOffer); if (EFI_ERROR > + (Status)) { > + return Status; > + } >=20 > // > // Validate the DHCPv4 packet, and parse the options and offer type. > // > if (EFI_ERROR (HttpBootParseDhcp4Packet (Cache4))) { > - return; > + return EFI_ABORTED; > } >=20 > // > @@ -465,6 +478,8 @@ HttpBootCacheDhcp4Offer ( > Private->OfferIndex[OfferType][Private->OfferCount[OfferType]] =3D > Private->OfferNum; > Private->OfferCount[OfferType]++; > Private->OfferNum++; > + > + return EFI_SUCCESS; > } >=20 > /** > @@ -618,10 +633,17 @@ HttpBootDhcp4CallBack ( > switch (Dhcp4Event) { > case Dhcp4RcvdOffer: > Status =3D EFI_NOT_READY; > + if (Packet->Length > HTTP_BOOT_DHCP4_PACKET_MAX_SIZE) { > + // > + // Ignore the incoming packets which exceed the maximum length. > + // > + break; > + } > if (Private->OfferNum < HTTP_BOOT_OFFER_MAX_NUM) { > // > // Cache the DHCPv4 offers to OfferBuffer[] for select later, and = record > // the OfferIndex and OfferCount. > + // If error happens, just ignore this packet and continue to wait = more > offer. > // > HttpBootCacheDhcp4Offer (Private, Packet); > } > diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > index ca84f2a..f2b8195 100644 > --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > @@ -329,17 +329,24 @@ HttpBootParseDhcp6Packet ( > @param[in] Dst The pointer to the cache buffer for DHCPv6 pa= cket. > @param[in] Src The pointer to the DHCPv6 packet to be cached= . >=20 > + @retval EFI_SUCCESS Packet is copied. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > HttpBootCacheDhcp6Packet ( > IN EFI_DHCP6_PACKET *Dst, > IN EFI_DHCP6_PACKET *Src > ) > { > - ASSERT (Dst->Size >=3D Src->Length); > + if (Dst->Size < Src->Length) { > + return EFI_BUFFER_TOO_SMALL; > + } >=20 > CopyMem (&Dst->Dhcp6, &Src->Dhcp6, Src->Length); > Dst->Length =3D Src->Length; > + > + return EFI_SUCCESS; > } >=20 > /** > @@ -348,8 +355,11 @@ HttpBootCacheDhcp6Packet ( > @param[in] Private The pointer to HTTP_BOOT_PRIVATE_DAT= A. > @param[in] RcvdOffer The pointer to the received offer pa= cket. >=20 > + @retval EFI_SUCCESS Cache and parse the packet successfully. > + @retval Others Operation failed. > + > **/ > -VOID > +EFI_STATUS > HttpBootCacheDhcp6Offer ( > IN HTTP_BOOT_PRIVATE_DATA *Private, > IN EFI_DHCP6_PACKET *RcvdOffer > @@ -358,6 +368,7 @@ HttpBootCacheDhcp6Offer ( > HTTP_BOOT_DHCP6_PACKET_CACHE *Cache6; > EFI_DHCP6_PACKET *Offer; > HTTP_BOOT_OFFER_TYPE OfferType; > + EFI_STATUS Status; >=20 > Cache6 =3D &Private->OfferBuffer[Private->OfferNum].Dhcp6; > Offer =3D &Cache6->Packet.Offer; > @@ -365,13 +376,16 @@ HttpBootCacheDhcp6Offer ( > // > // Cache the content of DHCPv6 packet firstly. > // > - HttpBootCacheDhcp6Packet(Offer, RcvdOffer); > + Status =3D HttpBootCacheDhcp6Packet(Offer, RcvdOffer); if (EFI_ERROR > + (Status)) { > + return Status; > + } >=20 > // > // Validate the DHCPv6 packet, and parse the options and offer type. > // > if (EFI_ERROR (HttpBootParseDhcp6Packet (Cache6))) { > - return ; > + return EFI_ABORTED; > } >=20 > // > @@ -382,7 +396,9 @@ HttpBootCacheDhcp6Offer ( > ASSERT (Private->OfferCount[OfferType] < > HTTP_BOOT_OFFER_MAX_NUM); > Private->OfferIndex[OfferType][Private->OfferCount[OfferType]] =3D > Private->OfferNum; > Private->OfferCount[OfferType]++; > - Private->OfferNum++; > + Private->OfferNum++; > + > + return EFI_SUCCESS; > } >=20 > /** > @@ -437,6 +453,7 @@ HttpBootDhcp6CallBack ( > // > // Cache the dhcp offers to OfferBuffer[] for select later, and r= ecord > // the OfferIndex and OfferCount. > + // If error happens, just ignore this packet and continue to wait= more > offer. > // > HttpBootCacheDhcp6Offer (Private, Packet); > } > diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > index 44b0714..5497390 100644 > --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > @@ -424,17 +424,24 @@ PxeBcSeedDhcp4Packet ( > @param[in] Dst Pointer to the cache buffer for DHCPv4 packet= . > @param[in] Src Pointer to the DHCPv4 packet to be cached. >=20 > + @retval EFI_SUCCESS Packet is copied. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > PxeBcCacheDhcp4Packet ( > IN EFI_DHCP4_PACKET *Dst, > IN EFI_DHCP4_PACKET *Src > ) > { > - ASSERT (Dst->Size >=3D Src->Length); > - > + if (Dst->Size < Src->Length) { > + return EFI_BUFFER_TOO_SMALL; > + } > + > CopyMem (&Dst->Dhcp4, &Src->Dhcp4, Src->Length); > Dst->Length =3D Src->Length; > + > + return EFI_SUCCESS; > } >=20 >=20 > @@ -620,8 +627,11 @@ PxeBcParseDhcp4Packet ( > @param[in] Ack Pointer to the DHCPv4 ack packet. > @param[in] Verified If TRUE, parse the ACK packet and stor= e info into > mode data. >=20 > + @retval EFI_SUCCESS Cache and parse the packet succ= essfully. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > PxeBcCopyDhcp4Ack ( > IN PXEBC_PRIVATE_DATA *Private, > IN EFI_DHCP4_PACKET *Ack, > @@ -629,10 +639,14 @@ PxeBcCopyDhcp4Ack ( > ) > { > EFI_PXE_BASE_CODE_MODE *Mode; > + EFI_STATUS Status; >=20 > Mode =3D Private->PxeBc.Mode; >=20 > - PxeBcCacheDhcp4Packet (&Private->DhcpAck.Dhcp4.Packet.Ack, Ack); > + Status =3D PxeBcCacheDhcp4Packet (&Private->DhcpAck.Dhcp4.Packet.Ack, > + Ack); if (EFI_ERROR (Status)) { > + return Status; > + } >=20 > if (Verified) { > // > @@ -642,6 +656,8 @@ PxeBcCopyDhcp4Ack ( > CopyMem (&Mode->DhcpAck.Dhcpv4, &Ack->Dhcp4, Ack->Length); > Mode->DhcpAckReceived =3D TRUE; > } > + > + return EFI_SUCCESS; > } >=20 >=20 > @@ -651,8 +667,11 @@ PxeBcCopyDhcp4Ack ( > @param[in] Private Pointer to PxeBc private data. > @param[in] OfferIndex The received order of offer packets. >=20 > + @retval EFI_SUCCESS Cache and parse the packet succ= essfully. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > PxeBcCopyProxyOffer ( > IN PXEBC_PRIVATE_DATA *Private, > IN UINT32 OfferIndex > @@ -660,6 +679,7 @@ PxeBcCopyProxyOffer ( { > EFI_PXE_BASE_CODE_MODE *Mode; > EFI_DHCP4_PACKET *Offer; > + EFI_STATUS Status; >=20 > ASSERT (OfferIndex < Private->OfferNum); > ASSERT (OfferIndex < PXEBC_OFFER_MAX_NUM); @@ -670,7 +690,11 @@ > PxeBcCopyProxyOffer ( > // > // Cache the proxy offer packet and parse it. > // > - PxeBcCacheDhcp4Packet (&Private->ProxyOffer.Dhcp4.Packet.Offer, > Offer); > + Status =3D PxeBcCacheDhcp4Packet > + (&Private->ProxyOffer.Dhcp4.Packet.Offer, Offer); if (EFI_ERROR(Status= )) > { > + return Status; > + } > + > PxeBcParseDhcp4Packet (&Private->ProxyOffer.Dhcp4); >=20 > // > @@ -678,6 +702,8 @@ PxeBcCopyProxyOffer ( > // > CopyMem (&Mode->ProxyOffer.Dhcpv4, &Offer->Dhcp4, Offer->Length); > Mode->ProxyOfferReceived =3D TRUE; > + > + return EFI_SUCCESS; > } >=20 >=20 > @@ -780,8 +806,11 @@ PxeBcRetryBinlOffer ( > @param[in] Private Pointer to PxeBc private data. > @param[in] RcvdOffer Pointer to the received offer packet= . >=20 > + @retval EFI_SUCCESS Cache and parse the packet successfully. > + @retval Others Operation failed. > + > **/ > -VOID > +EFI_STATUS > PxeBcCacheDhcp4Offer ( > IN PXEBC_PRIVATE_DATA *Private, > IN EFI_DHCP4_PACKET *RcvdOffer > @@ -790,6 +819,7 @@ PxeBcCacheDhcp4Offer ( > PXEBC_DHCP4_PACKET_CACHE *Cache4; > EFI_DHCP4_PACKET *Offer; > PXEBC_OFFER_TYPE OfferType; > + EFI_STATUS Status; >=20 > ASSERT (Private->OfferNum < PXEBC_OFFER_MAX_NUM); > Cache4 =3D &Private->OfferBuffer[Private->OfferNum].Dhcp4; > @@ -798,13 +828,16 @@ PxeBcCacheDhcp4Offer ( > // > // Cache the content of DHCPv4 packet firstly. > // > - PxeBcCacheDhcp4Packet (Offer, RcvdOffer); > + Status =3D PxeBcCacheDhcp4Packet (Offer, RcvdOffer); if > + (EFI_ERROR(Status)) { > + return Status; > + } >=20 > // > // Validate the DHCPv4 packet, and parse the options and offer type. > // > if (EFI_ERROR (PxeBcParseDhcp4Packet (Cache4))) { > - return; > + return EFI_ABORTED; > } >=20 > // > @@ -821,7 +854,7 @@ PxeBcCacheDhcp4Offer ( > Private->OfferIndex[OfferType][0] =3D Private->OfferNum; > Private->OfferCount[OfferType] =3D 1; > } else { > - return; > + return EFI_ABORTED; > } > } else { > ASSERT (Private->OfferCount[OfferType] < PXEBC_OFFER_MAX_NUM); > @@ -844,7 +877,7 @@ PxeBcCacheDhcp4Offer ( > Private->OfferIndex[OfferType][0] =3D Private->OfferNum; > Private->OfferCount[OfferType] =3D 1; > } else { > - return ; > + return EFI_ABORTED; > } > } else { > // > @@ -856,6 +889,8 @@ PxeBcCacheDhcp4Offer ( > } >=20 > Private->OfferNum++; > + > + return EFI_SUCCESS; > } >=20 >=20 > @@ -980,11 +1015,12 @@ PxeBcSelectDhcp4Offer ( > /** > Handle the DHCPv4 offer packet. >=20 > - @param[in] Private Pointer to PxeBc private data. > + @param[in] Private Pointer to PxeBc private data. >=20 > - @retval EFI_SUCCESS Handled the DHCPv4 offer packet succes= sfully. > - @retval EFI_NO_RESPONSE No response to the following request > packet. > - @retval EFI_NOT_FOUND No boot filename received. > + @retval EFI_SUCCESS Handled the DHCPv4 offer packet succ= essfully. > + @retval EFI_NO_RESPONSE No response to the following request > packet. > + @retval EFI_NOT_FOUND No boot filename received. > + @retval EFI_BUFFER_TOO_SMALL Can't cache the offer pacet. >=20 > **/ > EFI_STATUS > @@ -1089,7 +1125,7 @@ PxeBcHandleDhcp4Offer ( > // > // Success to try to request by a ProxyPxe10 or ProxyWfm11a offe= r, copy > and parse it. > // > - PxeBcCopyProxyOffer (Private, ProxyIndex); > + Status =3D PxeBcCopyProxyOffer (Private, ProxyIndex); > } > } else { > // > @@ -1116,7 +1152,10 @@ PxeBcHandleDhcp4Offer ( > Ack =3D Offer; > } >=20 > - PxeBcCopyDhcp4Ack (Private, Ack, TRUE); > + Status =3D PxeBcCopyDhcp4Ack (Private, Ack, TRUE); > + if (EFI_ERROR (Status)) { > + return Status; > + } > Mode->DhcpDiscoverValid =3D TRUE; > } >=20 > @@ -1258,6 +1297,7 @@ PxeBcDhcp4CallBack ( > // > // Cache the DHCPv4 offers to OfferBuffer[] for select later, and = record > // the OfferIndex and OfferCount. > + // If error happens, just ignore this packet and continue to wait = more > offer. > // > PxeBcCacheDhcp4Offer (Private, Packet); > } > @@ -1278,21 +1318,16 @@ PxeBcDhcp4CallBack ( > break; >=20 > case Dhcp4RcvdAck: > - if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) { > - // > - // Abort the DHCP if the ACK packet exceeds the maximum length. > - // > - Status =3D EFI_ABORTED; > - break; > - } > - > // > // Cache the DHCPv4 ack to Private->Dhcp4Ack, but it's not the final= ack in > mode data > // without verification. > // > ASSERT (Private->SelectIndex !=3D 0); >=20 > - PxeBcCopyDhcp4Ack (Private, Packet, FALSE); > + Status =3D PxeBcCopyDhcp4Ack (Private, Packet, FALSE); > + if (EFI_ERROR (Status)) { > + Status =3D EFI_ABORTED; > + } > break; >=20 > default: > @@ -1491,6 +1526,12 @@ PxeBcDhcp4Discover ( > // Find the right PXE Reply according to server address. > // > while (RepIndex < Token.ResponseCount) { > + if (Response->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) { > + SrvIndex =3D 0; > + RepIndex++; > + Response =3D (EFI_DHCP4_PACKET *) ((UINT8 *) Response + Response= - > >Size); > + continue; > + } >=20 > while (SrvIndex < IpCount) { > if (SrvList[SrvIndex].AcceptAnyResponse) { @@ -1509,7 +1550,6 @@ > PxeBcDhcp4Discover ( >=20 > SrvIndex =3D 0; > RepIndex++; > - > Response =3D (EFI_DHCP4_PACKET *) ((UINT8 *) Response + Response- > >Size); > } >=20 > @@ -1519,10 +1559,16 @@ PxeBcDhcp4Discover ( > // Especially for PXE discover packet, store it into mode data her= e. > // > if (Private->IsDoDiscover) { > - PxeBcCacheDhcp4Packet (&Private->PxeReply.Dhcp4.Packet.Ack, > Response); > + Status =3D PxeBcCacheDhcp4Packet (&Private- > >PxeReply.Dhcp4.Packet.Ack, Response); > + if (EFI_ERROR(Status)) { > + goto ON_EXIT; > + } > CopyMem (&Mode->PxeDiscover, &Token.Packet->Dhcp4, > Token.Packet->Length); > } else { > - PxeBcCacheDhcp4Packet (&Private->ProxyOffer.Dhcp4.Packet.Offer, > Response); > + Status =3D PxeBcCacheDhcp4Packet (&Private- > >ProxyOffer.Dhcp4.Packet.Offer, Response); > + if (EFI_ERROR(Status)) { > + goto ON_EXIT; > + } > } > } else { > // > @@ -1530,12 +1576,15 @@ PxeBcDhcp4Discover ( > // > Status =3D EFI_NOT_FOUND; > } > - if (Token.ResponseList !=3D NULL) { > - FreePool (Token.ResponseList); > - } > } > - > - FreePool (Token.Packet); > +ON_EXIT: > + > + if (Token.ResponseList !=3D NULL) { > + FreePool (Token.ResponseList); > + } > + if (Token.Packet !=3D NULL) { > + FreePool (Token.Packet); > + } > return Status; > } >=20 > diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > index 6a08e9a..3672f13 100644 > --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > @@ -181,17 +181,24 @@ PxeBcBuildDhcp6Options ( > @param[in] Dst The pointer to the cache buffer for DHCPv6 pa= cket. > @param[in] Src The pointer to the DHCPv6 packet to be cached= . >=20 > + @retval EFI_SUCCESS Packet is copied. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > PxeBcCacheDhcp6Packet ( > IN EFI_DHCP6_PACKET *Dst, > IN EFI_DHCP6_PACKET *Src > ) > { > - ASSERT (Dst->Size >=3D Src->Length); > + if (Dst->Size < Src->Length) { > + return EFI_BUFFER_TOO_SMALL; > + } >=20 > CopyMem (&Dst->Dhcp6, &Src->Dhcp6, Src->Length); > Dst->Length =3D Src->Length; > + > + return EFI_SUCCESS; > } >=20 >=20 > @@ -749,8 +756,11 @@ PxeBcParseDhcp6Packet ( > @param[in] Ack The pointer to the DHCPv6 ack packet. > @param[in] Verified If TRUE, parse the ACK packet and stor= e info into > mode data. >=20 > + @retval EFI_SUCCESS Cache and parse the packet succ= essfully. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > PxeBcCopyDhcp6Ack ( > IN PXEBC_PRIVATE_DATA *Private, > IN EFI_DHCP6_PACKET *Ack, > @@ -758,10 +768,14 @@ PxeBcCopyDhcp6Ack ( > ) > { > EFI_PXE_BASE_CODE_MODE *Mode; > + EFI_STATUS Status; >=20 > Mode =3D Private->PxeBc.Mode; >=20 > - PxeBcCacheDhcp6Packet (&Private->DhcpAck.Dhcp6.Packet.Ack, Ack); > + Status =3D PxeBcCacheDhcp6Packet (&Private->DhcpAck.Dhcp6.Packet.Ack, > + Ack); if (EFI_ERROR (Status)) { > + return Status; > + } >=20 > if (Verified) { > // > @@ -771,6 +785,8 @@ PxeBcCopyDhcp6Ack ( > CopyMem (&Mode->DhcpAck.Dhcpv6, &Ack->Dhcp6, Ack->Length); > Mode->DhcpAckReceived =3D TRUE; > } > + > + return EFI_SUCCESS; > } >=20 >=20 > @@ -780,8 +796,11 @@ PxeBcCopyDhcp6Ack ( > @param[in] Private The pointer to PxeBc private data. > @param[in] OfferIndex The received order of offer packets. >=20 > + @retval EFI_SUCCESS Cache and parse the packet succ= essfully. > + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough = to > hold the packet. > + > **/ > -VOID > +EFI_STATUS > PxeBcCopyDhcp6Proxy ( > IN PXEBC_PRIVATE_DATA *Private, > IN UINT32 OfferIndex > @@ -789,6 +808,7 @@ PxeBcCopyDhcp6Proxy ( { > EFI_PXE_BASE_CODE_MODE *Mode; > EFI_DHCP6_PACKET *Offer; > + EFI_STATUS Status; >=20 > ASSERT (OfferIndex < Private->OfferNum); > ASSERT (OfferIndex < PXEBC_OFFER_MAX_NUM); @@ -799,7 +819,10 @@ > PxeBcCopyDhcp6Proxy ( > // > // Cache the proxy offer packet and parse it. > // > - PxeBcCacheDhcp6Packet (&Private->ProxyOffer.Dhcp6.Packet.Offer, > Offer); > + Status =3D PxeBcCacheDhcp6Packet > + (&Private->ProxyOffer.Dhcp6.Packet.Offer, Offer); if (EFI_ERROR(Status= )) > { > + return Status; > + } > PxeBcParseDhcp6Packet (&Private->ProxyOffer.Dhcp6); >=20 > // > @@ -807,6 +830,8 @@ PxeBcCopyDhcp6Proxy ( > // > CopyMem (&Mode->ProxyOffer.Dhcpv6, &Offer->Dhcp6, Offer->Length); > Mode->ProxyOfferReceived =3D TRUE; > + > + return EFI_SUCCESS; > } >=20 > /** > @@ -1121,8 +1146,10 @@ PxeBcRetryDhcp6Binl ( > @param[in] Private The pointer to PXEBC_PRIVATE_DATA. > @param[in] RcvdOffer The pointer to the received offer pa= cket. >=20 > + @retval EFI_SUCCESS Cache and parse the packet successfully. > + @retval Others Operation failed. > **/ > -VOID > +EFI_STATUS > PxeBcCacheDhcp6Offer ( > IN PXEBC_PRIVATE_DATA *Private, > IN EFI_DHCP6_PACKET *RcvdOffer > @@ -1131,6 +1158,7 @@ PxeBcCacheDhcp6Offer ( > PXEBC_DHCP6_PACKET_CACHE *Cache6; > EFI_DHCP6_PACKET *Offer; > PXEBC_OFFER_TYPE OfferType; > + EFI_STATUS Status; >=20 > Cache6 =3D &Private->OfferBuffer[Private->OfferNum].Dhcp6; > Offer =3D &Cache6->Packet.Offer; > @@ -1138,13 +1166,13 @@ PxeBcCacheDhcp6Offer ( > // > // Cache the content of DHCPv6 packet firstly. > // > - PxeBcCacheDhcp6Packet (Offer, RcvdOffer); > + Status =3D PxeBcCacheDhcp6Packet (Offer, RcvdOffer); >=20 > // > // Validate the DHCPv6 packet, and parse the options and offer type. > // > if (EFI_ERROR (PxeBcParseDhcp6Packet (Cache6))) { > - return ; > + return EFI_ABORTED; > } >=20 > // > @@ -1173,7 +1201,7 @@ PxeBcCacheDhcp6Offer ( > Private->OfferIndex[OfferType][0] =3D Private->OfferNum; > Private->OfferCount[OfferType] =3D 1; > } else { > - return; > + return EFI_ABORTED; > } > } else { > // > @@ -1184,6 +1212,8 @@ PxeBcCacheDhcp6Offer ( > } >=20 > Private->OfferNum++; > + > + return EFI_SUCCESS; > } >=20 >=20 > @@ -1301,6 +1331,7 @@ PxeBcSelectDhcp6Offer ( > @retval EFI_SUCCESS Handled the DHCPv6 offer packet succ= essfully. > @retval EFI_NO_RESPONSE No response to the following request > packet. > @retval EFI_OUT_OF_RESOURCES Failed to allocate resources. > + @retval EFI_BUFFER_TOO_SMALL Can't cache the offer pacet. >=20 > **/ > EFI_STATUS > @@ -1410,7 +1441,7 @@ PxeBcHandleDhcp6Offer ( > // > // Success to try to request by a ProxyPxe10 or ProxyWfm11a offe= r, copy > and parse it. > // > - PxeBcCopyDhcp6Proxy (Private, ProxyIndex); > + Status =3D PxeBcCopyDhcp6Proxy (Private, ProxyIndex); > } > } else { > // > @@ -1424,7 +1455,7 @@ PxeBcHandleDhcp6Offer ( > // > // All PXE boot information is ready by now. > // > - PxeBcCopyDhcp6Ack (Private, &Private->DhcpAck.Dhcp6.Packet.Ack, > TRUE); > + Status =3D PxeBcCopyDhcp6Ack (Private, > + &Private->DhcpAck.Dhcp6.Packet.Ack, TRUE); > Private->PxeBc.Mode->DhcpDiscoverValid =3D TRUE; > } >=20 > @@ -1997,19 +2028,15 @@ PxeBcDhcp6CallBack ( > break; >=20 > case Dhcp6RcvdReply: > - if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) { > - // > - // Abort the DHCP if the Peply packet exceeds the maximum length. > - // > - Status =3D EFI_ABORTED; > - break; > - } > // > // Cache the dhcp ack to Private->Dhcp6Ack, but it's not the final a= ck in > mode data > // without verification. > // > ASSERT (Private->SelectIndex !=3D 0); > - PxeBcCopyDhcp6Ack (Private, Packet, FALSE); > + Status =3D PxeBcCopyDhcp6Ack (Private, Packet, FALSE); > + if (EFI_ERROR (Status)) { > + Status =3D EFI_ABORTED; > + } > break; >=20 > default: > -- > 2.7.4.windows.1