From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C1C3921954074 for ; Thu, 20 Apr 2017 19:48:15 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2017 19:48:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.37,228,1488873600"; d="scan'208";a="90464741" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga005.jf.intel.com with ESMTP; 20 Apr 2017 19:48:09 -0700 Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 20 Apr 2017 19:48:09 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 20 Apr 2017 19:48:08 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.117]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.217]) with mapi id 14.03.0319.002; Fri, 21 Apr 2017 10:48:06 +0800 From: "Ye, Ting" To: "Wu, Jiaxin" , "edk2-devel@lists.01.org" CC: "Fu, Siyuan" Thread-Topic: [Patch] MdeModulePkg/Mtftp4Dxe: Add invalid ServerIp check during MTFTP configuration Thread-Index: AQHSukYFPWZ4M3lwwk6C7lzQi3Cuw6HPHsxA Date: Fri, 21 Apr 2017 02:48:06 +0000 Message-ID: References: <1492741287-12936-1-git-send-email-jiaxin.wu@intel.com> <1492741287-12936-2-git-send-email-jiaxin.wu@intel.com> In-Reply-To: <1492741287-12936-2-git-send-email-jiaxin.wu@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] MdeModulePkg/Mtftp4Dxe: Add invalid ServerIp check during MTFTP configuration X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 02:48:16 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ye Ting =20 -----Original Message----- From: Wu, Jiaxin=20 Sent: Friday, April 21, 2017 10:21 AM To: edk2-devel@lists.01.org Cc: Ye, Ting ; Fu, Siyuan ; Wu, Jia= xin Subject: [Patch] MdeModulePkg/Mtftp4Dxe: Add invalid ServerIp check during = MTFTP configuration Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin --- MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Impl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Impl.c b/MdeMod= ulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Impl.c index 5494231..54384e1 100644 --- a/MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Impl.c +++ b/MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Impl.c @@ -1,10 +1,10 @@ /** @file Interface routine for Mtftp4. =20 (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
-Copyrigh= t (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at http://opens= ource.org/licenses/bsd-license.php
=20 @@ -665,10 +665,14 @@ EfiMtftp4Configure ( Ip =3D NTOHL (Ip); Netmask =3D NTOHL (Netmask); Gateway =3D NTOHL (Gateway); ServerIp =3D NTOHL (ServerIp); =20 + if (ServerIp =3D=3D 0 || IP4_IS_LOCAL_BROADCAST (ServerIp)) { + return EFI_INVALID_PARAMETER; + } + if (!ConfigData->UseDefaultSetting && ((!IP4_IS_VALID_NETMASK (Netmask) || (Netmask !=3D 0 && !NetIp4IsU= nicast (Ip, Netmask))))) { =20 return EFI_INVALID_PARAMETER; } -- 1.9.5.msysgit.1