From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ting.ye@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=ting.ye@intel.com;
 receiver=edk2-devel@lists.01.org 
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 0F2AA2112E001
 for <edk2-devel@lists.01.org>; Wed, 12 Sep 2018 19:32:26 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 12 Sep 2018 19:32:25 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,367,1531810800"; d="scan'208";a="80036226"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by FMSMGA003.fm.intel.com with ESMTP; 12 Sep 2018 19:32:23 -0700
Received: from fmsmsx122.amr.corp.intel.com (10.18.125.37) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 12 Sep 2018 19:32:23 -0700
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 fmsmsx122.amr.corp.intel.com (10.18.125.37) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 12 Sep 2018 19:32:22 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.240]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.16]) with mapi id 14.03.0319.002;
 Thu, 13 Sep 2018 10:32:20 +0800
From: "Ye, Ting" <ting.ye@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: Stephen Benjamin <stephen@redhat.com>, Laszlo Ersek <lersek@redhat.com>,
 "Fu, Siyuan" <siyuan.fu@intel.com>
Thread-Topic: [Patch] MdeModulePkg/Library/DxeHttpLib: Handle the blank
 value in HTTP header.
Thread-Index: AQHURB9axzs4xQMHckikJaUlmP1TjaTti62A
Date: Thu, 13 Sep 2018 02:32:20 +0000
Message-ID: <BC0C045B0E2A584CA4575E779FA2C12A1AAEC03E@SHSMSX103.ccr.corp.intel.com>
References: <20180904071722.7728-1-Jiaxin.wu@intel.com>
In-Reply-To: <20180904071722.7728-1-Jiaxin.wu@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYmIyZTJiNDUtZTRiYy00ZDgxLWI5NDAtODQxNmE5OGUxNjUxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiZ2lCSDB3QytHSXI5ZmpOYzJwdVwvVkJYeDhQXC9EeXh6ZmdkaGhWaG1WYVwvM2lNUlhnQmQ0M3l1eEJ5K2RNeEZRYyJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [Patch] MdeModulePkg/Library/DxeHttpLib: Handle the blank value in HTTP header.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2018 02:32:26 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Ye Ting <ting.ye@intel.com>=20

-----Original Message-----
From: Wu, Jiaxin=20
Sent: Tuesday, September 4, 2018 3:17 PM
To: edk2-devel@lists.01.org
Cc: Stephen Benjamin <stephen@redhat.com>; Laszlo Ersek <lersek@redhat.com>=
; Ye, Ting <ting.ye@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jiaxi=
n <jiaxin.wu@intel.com>
Subject: [Patch] MdeModulePkg/Library/DxeHttpLib: Handle the blank value in=
 HTTP header.

This patch is to resolve the lock-up issue if the value of HTTP header is b=
lank.  The issue is recorded @ https://bugzilla.tianocore.org/show_bug.cgi?=
id=3D1102.

Cc: Stephen Benjamin <stephen@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c | 57 +++++++++++++++-----
 1 file changed, 44 insertions(+), 13 deletions(-)

diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c b/MdeModulePkg/Li=
brary/DxeHttpLib/DxeHttpLib.c
index 5fbb50d03a..2fc3da8a2d 100644
--- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -1595,63 +1595,94 @@ HttpGetFieldNameAndValue (
     return NULL;
   }
=20
   //
   // Each header field consists of a name followed by a colon (":") and th=
e field value.
+  // The field value MAY be preceded by any amount of LWS, though a single=
 SP is preferred.
+  //
+  // message-header =3D field-name ":" [ field-value ]  // field-name =3D=
=20
+ token  // field-value =3D *( field-content | LWS )  //  // Note:=20
+ "*(element)" allows any number element, including zero; "1*(element)" req=
uires at least one element.
+  //       [element] means element is optional.
+  //       LWS  =3D [CRLF] 1*(SP|HT), it can be ' ' or '\t' or '\r\n ' or =
'\r\n\t'.
+  //       CRLF =3D '\r\n'.
+  //       SP   =3D ' '.
+  //       HT   =3D '\t' (Tab).
   //
   FieldNameStr =3D String;
   FieldValueStr =3D AsciiStrGetNextToken (FieldNameStr, ':');
   if (FieldValueStr =3D=3D NULL) {
     return NULL;
   }
=20
   //
-  // Replace ':' with 0
+  // Replace ':' with 0, then FieldName has been retrived from String.
   //
   *(FieldValueStr - 1) =3D 0;
=20
   //
-  // The field value MAY be preceded by any amount of LWS, though a single=
 SP is preferred.
-  // Note: LWS  =3D [CRLF] 1*(SP|HT), it can be '\r\n ' or '\r\n\t' or ' '=
 or '\t'.
-  //       CRLF =3D '\r\n'.
-  //       SP   =3D ' '.
-  //       HT   =3D '\t' (Tab).
+  // Handle FieldValueStr, skip all the preceded LWS.
   //
   while (TRUE) {
     if (*FieldValueStr =3D=3D ' ' || *FieldValueStr =3D=3D '\t') {
       //
       // Boundary condition check.
       //
       if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 1) {
+        //
+        // Wrong String format!
+        //
         return NULL;
       }
=20
       FieldValueStr ++;
     } else if (*FieldValueStr =3D=3D '\r') {
       //
       // Boundary condition check.
       //
       if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 3) {
-        return NULL;
+        //
+        // No more preceded LWS, so break here.
+        //
+        break;
       }
=20
-      if (*(FieldValueStr + 1) =3D=3D '\n' && (*(FieldValueStr + 2) =3D=3D=
 ' ' || *(FieldValueStr + 2) =3D=3D '\t')) {
-        FieldValueStr =3D FieldValueStr + 3;
+      if (*(FieldValueStr + 1) =3D=3D '\n' ) {
+        if (*(FieldValueStr + 2) =3D=3D ' ' || *(FieldValueStr + 2) =3D=3D=
 '\t') {
+          FieldValueStr =3D FieldValueStr + 3;
+        } else {
+          //
+          // No more preceded LWS, so break here.
+          //
+          break;
+        }
+      } else {
+        //
+        // Wrong String format!
+        //
+        return NULL;
       }
     } else {
+      //
+      // No more preceded LWS, so break here.
+      //
       break;
     }
   }
=20
-  //
-  // Header fields can be extended over multiple lines by preceding each e=
xtra
-  // line with at least one SP or HT.
-  //
   StrPtr =3D FieldValueStr;
   do {
+    //
+    // Handle the LWS within the field value.
+    //
     StrPtr =3D AsciiStrGetNextToken (StrPtr, '\r');
     if (StrPtr =3D=3D NULL || *StrPtr !=3D '\n') {
+      //
+      // Wrong String format!
+      //
       return NULL;
     }
=20
     StrPtr++;
   } while (*StrPtr =3D=3D ' ' || *StrPtr =3D=3D '\t');
--
2.17.1.windows.2