From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E6375221ED767 for ; Thu, 21 Dec 2017 00:43:12 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Dec 2017 00:48:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,435,1508828400"; d="scan'208";a="13569286" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by FMSMGA003.fm.intel.com with ESMTP; 21 Dec 2017 00:48:01 -0800 Received: from fmsmsx101.amr.corp.intel.com (10.18.124.199) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 21 Dec 2017 00:48:00 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx101.amr.corp.intel.com (10.18.124.199) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 21 Dec 2017 00:48:00 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.159]) with mapi id 14.03.0319.002; Thu, 21 Dec 2017 16:47:58 +0800 From: "Wu, Jiaxin" To: "Fu, Siyuan" , "edk2-devel@lists.01.org" CC: "Ye, Ting" , "Wang, Fan" Thread-Topic: [edk2] [Patch] MdeModulePkg/IpIoLib: Check the input parameters before use them. Thread-Index: AQHTc+mBh5iP3q0IbUyOqJtRQAHYK6NNiPBA Date: Thu, 21 Dec 2017 08:47:58 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B727416355AEB@SHSMSX103.ccr.corp.intel.com> References: <20171213080712.1404-1-siyuan.fu@intel.com> In-Reply-To: <20171213080712.1404-1-siyuan.fu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNjAwNjMzNTktZTU0OS00N2IxLWI2NzItMDFiNzVjNGZmOWIyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6Ilo4SFVHMyt6RnAydWM2b1pLcDRjZmxPXC9zZElkdEtOYzdOUjhGaU5uOGQ0PSJ9 x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] MdeModulePkg/IpIoLib: Check the input parameters before use them. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2017 08:43:13 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiaxin Wu > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Fu= , > Siyuan > Sent: Wednesday, December 13, 2017 4:07 PM > To: edk2-devel@lists.01.org > Cc: Ye, Ting ; Wang, Fan ; Wu, > Jiaxin > Subject: [edk2] [Patch] MdeModulePkg/IpIoLib: Check the input parameters > before use them. >=20 > This patch updates the DxeIpIoLib to check the input parameters before > using. >=20 > Cc: Ye Ting > Cc: Wu Jiaxin > Cc: Wang Fan > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Fu Siyuan > --- > MdeModulePkg/Include/Library/IpIoLib.h | 20 ++++---- > MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c | 73 > ++++++++++++++++++++++------ > 2 files changed, 68 insertions(+), 25 deletions(-) >=20 > diff --git a/MdeModulePkg/Include/Library/IpIoLib.h > b/MdeModulePkg/Include/Library/IpIoLib.h > index aab0c68059..a57bc582d6 100644 > --- a/MdeModulePkg/Include/Library/IpIoLib.h > +++ b/MdeModulePkg/Include/Library/IpIoLib.h > @@ -2,7 +2,7 @@ > This library is only intended to be used by UEFI network stack modules= . > It provides the combined IpIo layer on the EFI IP4 Protocol and EFI IP= 6 > protocol. >=20 > -Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials are licensed and made > available under > the terms and conditions of the BSD License that accompanies this > distribution. > The full text of the license may be found at > @@ -359,8 +359,9 @@ IpIoDestroy ( >=20 > @param[in, out] IpIo The pointer to the IP_IO instance tha= t needs to > stop. >=20 > - @retval EFI_SUCCESS The IP_IO instance stopped successful= ly. > - @retval Others Anrror condition occurred. > + @retval EFI_SUCCESS The IP_IO instance stopped suc= cessfully. > + @retval EFI_INVALID_PARAMETER Invalid input parameter. > + @retval Others Error condition occurred. >=20 > **/ > EFI_STATUS > @@ -381,11 +382,12 @@ IpIoStop ( > @param[in] OpenData The configuration data and callbac= ks for > the IP_IO instance. >=20 > - @retval EFI_SUCCESS The IP_IO instance opened with Ope= nData > - successfully. > - @retval EFI_ACCESS_DENIED The IP_IO instance is configured; = avoid > - reopening it. > - @retval Others An error condition occurred. > + @retval EFI_SUCCESS The IP_IO instance opened with= OpenData > + successfully. > + @retval EFI_ACCESS_DENIED The IP_IO instance is configur= ed, > avoid to > + reopen it. > + @retval EFI_INVALID_PARAMETER Invalid input parameter. > + @retval Others Error condition occurred. >=20 > **/ > EFI_STATUS > @@ -518,7 +520,7 @@ IpIoRemoveIp ( > @param[in] Src The local IP address. >=20 > @return The pointer to the IP protocol can be used for sending purpose > and its local > - address is the same with Src. > + address is the same with Src. NULL if failed. >=20 > **/ > IP_IO_IP_INFO * > diff --git a/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c > b/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c > index abc07fb0ff..33e2863419 100644 > --- a/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c > +++ b/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c > @@ -2,7 +2,7 @@ > IpIo Library. >=20 > (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
> -Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e > found at > @@ -280,15 +280,22 @@ IpIoIcmpv4Handler ( > UINT8 Type; > UINT8 Code; > UINT32 TrimBytes; > - > + > + ASSERT (IpIo !=3D NULL); > + ASSERT (Pkt !=3D NULL); > + ASSERT (Session !=3D NULL); > ASSERT (IpIo->IpVersion =3D=3D IP_VERSION_4); > - > - IcmpHdr =3D NET_PROTO_HDR (Pkt, IP4_ICMP_ERROR_HEAD); > - IpHdr =3D (EFI_IP4_HEADER *) (&IcmpHdr->IpHead); > - > + > // > // Check the ICMP packet length. > // > + if (Pkt->TotalSize < sizeof (IP4_ICMP_ERROR_HEAD)) { > + return EFI_ABORTED; > + } > + > + IcmpHdr =3D NET_PROTO_HDR (Pkt, IP4_ICMP_ERROR_HEAD); > + IpHdr =3D (EFI_IP4_HEADER *) (&IcmpHdr->IpHead); > + > if (Pkt->TotalSize < ICMP_ERRLEN (IpHdr)) { >=20 > return EFI_ABORTED; > @@ -412,6 +419,9 @@ IpIoIcmpv6Handler ( > UINT32 TrimBytes; > BOOLEAN Flag; >=20 > + ASSERT (IpIo !=3D NULL); > + ASSERT (Pkt !=3D NULL); > + ASSERT (Session !=3D NULL); > ASSERT (IpIo->IpVersion =3D=3D IP_VERSION_6); >=20 > // > @@ -1028,6 +1038,7 @@ IpIoListenHandlerDpc ( > } >=20 > if (IpIo->IpVersion =3D=3D IP_VERSION_4) { > + ASSERT (RxData->Ip4RxData.Header !=3D NULL); > if (IP4_IS_LOCAL_BROADCAST (EFI_IP4 (RxData->Ip4RxData.Header- > >SourceAddress))) { > // > // The source address is a broadcast address, discard it. > @@ -1052,6 +1063,11 @@ IpIoListenHandlerDpc ( > } >=20 > // > + // The fragment should always be valid for non-zero length packet. > + // > + ASSERT (RxData->Ip4RxData.FragmentCount !=3D 0); > + > + // > // Create a netbuffer representing IPv4 packet > // > Pkt =3D NetbufFromExt ( > @@ -1075,7 +1091,7 @@ IpIoListenHandlerDpc ( > Session.IpHdrLen =3D RxData->Ip4RxData.HeaderLength; > Session.IpVersion =3D IP_VERSION_4; > } else { > - > + ASSERT (RxData->Ip6RxData.Header !=3D NULL); > if (!NetIp6IsValidUnicast(&RxData->Ip6RxData.Header->SourceAddress))= { > goto CleanUp; > } > @@ -1088,6 +1104,11 @@ IpIoListenHandlerDpc ( > } >=20 > // > + // The fragment should always be valid for non-zero length packet. > + // > + ASSERT (RxData->Ip6RxData.FragmentCount !=3D 0); > + > + // > // Create a netbuffer representing IPv6 packet > // > Pkt =3D NetbufFromExt ( > @@ -1272,11 +1293,12 @@ ReleaseIpIo: > @param[in] OpenData The configuration data and callbac= ks for > the IP_IO instance. >=20 > - @retval EFI_SUCCESS The IP_IO instance opened with Ope= nData > - successfully. > - @retval EFI_ACCESS_DENIED The IP_IO instance is configured, = avoid > to > - reopen it. > - @retval Others Error condition occurred. > + @retval EFI_SUCCESS The IP_IO instance opened with= OpenData > + successfully. > + @retval EFI_ACCESS_DENIED The IP_IO instance is configur= ed, > avoid to > + reopen it. > + @retval EFI_INVALID_PARAMETER Invalid input parameter. > + @retval Others Error condition occurred. >=20 > **/ > EFI_STATUS > @@ -1289,6 +1311,10 @@ IpIoOpen ( > EFI_STATUS Status; > UINT8 IpVersion; >=20 > + if (IpIo =3D=3D NULL || OpenData =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > if (IpIo->IsConfigured) { > return EFI_ACCESS_DENIED; > } > @@ -1400,8 +1426,9 @@ ErrorExit: >=20 > @param[in, out] IpIo Pointer to the IP_IO instance that ne= eds to stop. >=20 > - @retval EFI_SUCCESS The IP_IO instance stopped successful= ly. > - @retval Others Error condition occurred. > + @retval EFI_SUCCESS The IP_IO instance stopped suc= cessfully. > + @retval EFI_INVALID_PARAMETER Invalid input parameter. > + @retval Others Error condition occurred. >=20 > **/ > EFI_STATUS > @@ -1414,6 +1441,10 @@ IpIoStop ( > IP_IO_IP_INFO *IpInfo; > UINT8 IpVersion; >=20 > + if (IpIo =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > if (!IpIo->IsConfigured) { > return EFI_SUCCESS; > } > @@ -1916,6 +1947,10 @@ IpIoRemoveIp ( > { >=20 > UINT8 IpVersion; > + > + if (IpIo =3D=3D NULL || IpInfo =3D=3D NULL) { > + return; > + } >=20 > ASSERT (IpInfo->RefCnt > 0); >=20 > @@ -1980,7 +2015,7 @@ IpIoRemoveIp ( > @param[in] Src The local IP address. >=20 > @return Pointer to the IP protocol can be used for sending purpose and= its > local > - address is the same with Src. > + address is the same with Src. NULL if failed. >=20 > **/ > IP_IO_IP_INFO * > @@ -1996,7 +2031,13 @@ IpIoFindSender ( > LIST_ENTRY *IpInfoEntry; > IP_IO_IP_INFO *IpInfo; >=20 > - ASSERT ((IpVersion =3D=3D IP_VERSION_4) || (IpVersion =3D=3D IP_VERSIO= N_6)); > + if (IpIo =3D=3D NULL || Src =3D=3D NULL) { > + return NULL; > + } > + > + if ((IpVersion !=3D IP_VERSION_4) && (IpVersion !=3D IP_VERSION_6)) { > + return NULL; > + } >=20 > NET_LIST_FOR_EACH (IpIoEntry, &mActiveIpIoList) { > IpIoPtr =3D NET_LIST_USER_STRUCT (IpIoEntry, IP_IO, Entry); > -- > 2.13.0.windows.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel