From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ting.ye@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=ting.ye@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id E3DA42116DF97
 for <edk2-devel@lists.01.org>; Wed, 17 Oct 2018 20:26:04 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 17 Oct 2018 20:26:04 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,395,1534834800"; d="scan'208";a="242226888"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
 by orsmga004.jf.intel.com with ESMTP; 17 Oct 2018 20:26:04 -0700
Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 17 Oct 2018 20:26:03 -0700
Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by
 fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 17 Oct 2018 20:26:03 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.111]) by
 SHSMSX104.ccr.corp.intel.com ([169.254.5.183]) with mapi id 14.03.0319.002;
 Thu, 18 Oct 2018 11:26:00 +0800
From: "Ye, Ting" <ting.ye@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Fu, Siyuan" <siyuan.fu@intel.com>, "Wu, Jiaxin" <jiaxin.wu@intel.com>
Thread-Topic: [edk2] [Patch] NetworkPkg/IpSecDxe: Fix issue to parse SA
 Payload.
Thread-Index: AQHUZPBeYLkvvuGntEyZQxKCjqtBg6UkWeIg
Date: Thu, 18 Oct 2018 03:26:00 +0000
Message-ID: <BC0C045B0E2A584CA4575E779FA2C12A1AB35071@SHSMSX103.ccr.corp.intel.com>
References: <20181016013410.3044-1-Jiaxin.wu@intel.com>
In-Reply-To: <20181016013410.3044-1-Jiaxin.wu@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [Patch] NetworkPkg/IpSecDxe: Fix issue to parse SA Payload.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 03:26:05 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Jiaxin,

I am confused why we need set values to following local variables when Ikev=
2ParseProposalData marks them as 'out' attribute. Please adds more comments=
 why '0' is required and updates 'out' to 'in out' if '0' is necessary.

+        IntegrityAlgorithm =3D 0;
+        EncryptAlgorithm   =3D 0;
+        EncryptKeylength   =3D 0;
+        IsSupportEsn       =3D FALSE;

Thanks,
Ting

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jiax=
in Wu
Sent: Tuesday, October 16, 2018 9:34 AM
To: edk2-devel@lists.01.org
Cc: Ye, Ting <ting.ye@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jia=
xin <jiaxin.wu@intel.com>
Subject: [edk2] [Patch] NetworkPkg/IpSecDxe: Fix issue to parse SA Payload.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1251

IpSecDxe failed to create the Child SA during parsing SA Payload, the issue=
 was caused by the below commit:

SHA-1: 1e0db7b11987d0ec93be7dfe26102a327860fdbd
* MdeModulePkg/NetworkPkg: Checking for NULL pointer before use.

In above commit, it changed the value of IsMatch in Ikev2ChildSaParseSaPayl=
oad() to FALSE. That's correct but it exposed the potential bug in to match=
 the correct proposal Data, which will cause the issue happen.

Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 NetworkPkg/IpSecDxe/Ikev2/Utility.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev=
2/Utility.c
index 0c9c929705..d61bae8c9d 100644
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@@ -2502,15 +2502,16 @@ Ikev2ChildSaParseSaPayload (
           IntegrityAlgorithm =3D=3D PreferIntegrityAlgorithm &&
           IsSupportEsn =3D=3D PreferIsSupportEsn
           ) {
         IsMatch =3D TRUE;
       } else {
-        PreferEncryptAlgorithm   =3D 0;
-        PreferIntegrityAlgorithm =3D 0;
-        IsSupportEsn             =3D TRUE;
+        IntegrityAlgorithm =3D 0;
+        EncryptAlgorithm   =3D 0;
+        EncryptKeylength   =3D 0;
+        IsSupportEsn       =3D FALSE;
       }
-       ProposalData =3D (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) =
+
+      ProposalData =3D (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1)=20
+ +
                      ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM=
_DATA));
     }
=20
     ProposalData  =3D (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->=
PayloadBuf + 1);
     if (IsMatch) {
--
2.17.1.windows.2

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel