From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.7154.1686942491740168827 for ; Fri, 16 Jun 2023 12:08:12 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=C3o4/5IG; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: zachary.clark-williams@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686942491; x=1718478491; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=xs+4nypIxALeb0F8ySeWm8lhSdgDVh5z17EhJXBzI88=; b=C3o4/5IGIvgssiOHlyxp1EhHzi+YVTlXnsgyEMwzJ8HYxQ+Dr93vj4Lu IIiMeBLUP3xSR/ZLBlK69yzbiSm9S6LM89MMEdoNhy3gPJNFs44Dr1J2z 1mKb1kLTA1kGAL9tvf7yOH3Md01AMiQuYXkbzfeTCc7CDpDTMGghxOaH5 WQzwlhI4V/Tvf77yYuY9Oio/3SU9/6XzgF8xlwI8XFB3wwuNdgC+3DBcG IFiZlIo+BJhIplvay73U+MTlNnvLwgVIpTCx+PpQuAj43sPlZixN9jL8f VqFWFdjD3JQTeiu0ndJzOwVp4Y6fzzPAFz2Ht8KoQ7jVYn1VaAHZ6atgZ Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10743"; a="422943795" X-IronPort-AV: E=Sophos;i="6.00,248,1681196400"; d="scan'208,217";a="422943795" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2023 12:08:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10743"; a="783034742" X-IronPort-AV: E=Sophos;i="6.00,248,1681196400"; d="scan'208,217";a="783034742" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga004.fm.intel.com with ESMTP; 16 Jun 2023 12:08:02 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Fri, 16 Jun 2023 12:08:01 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Fri, 16 Jun 2023 12:08:01 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Fri, 16 Jun 2023 12:08:01 -0700 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.40) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Fri, 16 Jun 2023 12:08:01 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J5jWM5DD9dCwwfW6Dkeh8LkbAjz+n9IERZ19CIFD861SrGfzC7RTFvT7TcE3u5YkgcFmwfgnbzbUiEJynIR+ktSbNnCqWH0P3wPtKR/ThKfT0DFuBTYHeYcOH4F4gZPR5bn0SsGhAgDbVMi4neWFTTIoA4Hs6tiJoVFNnP/ara7kZxuBiRPSMQcEMxClfwe5Vo8o8NeXq3frYNly0ih/EI1N2alenJy2MlWShYXuzNHuw2Vfn9YEEiV9yFkTJnUPrS4hYiSoP/CqJ08ldjaLGPRJBoWq2rGQyTk/q9Ct70LIsVv/jO7ZP2zj/g9r/5wq9KxJXIgxoQM2w3dxT0vd0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9Scq5cFjcfXGPfTBhpQF1iurbLeezzGpdQ7Jy8UA7b8=; b=QiMBQo81chZflQ3pf+x15sSPOqh3rVT9nD3O5zXG1t2FHejQ4pBKU7sZLAf4dfEXzubsIYkQwIiYTFkQNRc29JaHPIUsmH93H/v/EcuUTuk5yKfYTF7CFpZpDlN0QtIx1Sn3Jc5tz0VHbIvANOzB8Dm0B0PAgnm3sAfm2LPIAVmzJEINZVVQh1NYJE1+vxFkJ/onJbc51R3/I93STeHWfRCQ3LsOkJLPUWZgDnyoahcPnF8B+eqWwj3IIN4yhxdYvjDuYuMOHM37bKhwm1yhcp7pgAGt+sDJs616rKHdZU2ERYNWm94W//UncdfIycKZf61X4oVlvH20UqeYBrMWYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO6PR11MB5601.namprd11.prod.outlook.com (2603:10b6:303:13d::7) by SA1PR11MB8425.namprd11.prod.outlook.com (2603:10b6:806:385::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.25; Fri, 16 Jun 2023 19:07:51 +0000 Received: from CO6PR11MB5601.namprd11.prod.outlook.com ([fe80::974a:fa97:a57b:7dbb]) by CO6PR11MB5601.namprd11.prod.outlook.com ([fe80::974a:fa97:a57b:7dbb%3]) with mapi id 15.20.6500.026; Fri, 16 Jun 2023 19:07:51 +0000 From: "Clark-williams, Zachary" To: "Li, Yi1" , "devel@edk2.groups.io" CC: Maciej Rabeda , Siyuan Fu Subject: Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format Thread-Topic: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format Thread-Index: AQHZl3dAxnmzTl78LESo8Pm3qvOLiq+N0YBg Date: Fri, 16 Jun 2023 19:07:51 +0000 Message-ID: References: <20230605062957.8331-1-yi1.li@intel.com> In-Reply-To: <20230605062957.8331-1-yi1.li@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CO6PR11MB5601:EE_|SA1PR11MB8425:EE_ x-ms-office365-filtering-correlation-id: 7c6dcc86-7a66-4f44-e6dd-08db6e9cfb38 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: zfLZs8A651JiZkxfeyzoBT7OcCg7kBaTYzaRMQNMM3qxI8h5dWYN31f87MIoiDjhdYa2LaUuM13EKEZMV9TzRwPcwAuEo1UPPiQr9nq75WfyZEts434dOTPdfe/kLtlx19uu27CGvrgvfZAVBex45lk17DBwvYaSHN7QKiXZgvMZPHuUmhYZq8dUJoQZ/tsBZEn6krz0S/Y84yv1YQe/k2X9Bwus2evTVMwMRuwo7nSj7EjGPbUFxrOBCoeZisDJgRKx+D8PBdu5nhyQHc53HPfRFk4FMYBh2UDHbyWQJFf3nQwmrRExpEqcgCcVaASwax//Jxpj6A2TOyJ/s9MIUswJWaONL0NvyQ76MLG6eL1+G+UW3BneMavKWnSbvwBfIK8dFHsMgK91xDHVhLaVRPqnRzoSc0rMt6b8GQhc1uF9CIpFzoxXqsMFfdpnQ21dJUulZHi/wyiEy/ghA/70J2mr82GP9/het/fTrzq5T4ggai1sIutywFvZM0aEusL47sTW8L37vfZiYb5ubLpNKQjHxieW/sTYSsvWGOMdQdYiBzAGY+KI1FSiZSMtBzdY9z+lwi7uHbJiYqlckZsFqb4wOx9QEvpXsgI38NzX3xfF56OMWrHyVjXpbNthPWer x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO6PR11MB5601.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(346002)(39860400002)(396003)(366004)(376002)(136003)(451199021)(110136005)(54906003)(41300700001)(8676002)(86362001)(7696005)(64756008)(66946007)(66476007)(33656002)(66556008)(66446008)(8936002)(71200400001)(316002)(4326008)(76116006)(66899021)(38070700005)(478600001)(30864003)(9686003)(55016003)(5660300002)(966005)(26005)(83380400001)(52536014)(2906002)(6506007)(53546011)(186003)(82960400001)(38100700002)(122000001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?dNkEtGJPSpT0QIKLJo1RFVRWthrQ+FFMyqDHdO90gb/ODMRtV2pJQohVPplX?= =?us-ascii?Q?WV6nknQhZ8GyzwrJxuQ0InPqQqAqpFPhewTz3qKBntAE+c3B5GH1Hr6jvL1q?= =?us-ascii?Q?gPKZO3kB5r5f84hCQzEcX2CPT4V/smpQuDr5lkdZjWhJavUsTSXkfHUKHg1V?= =?us-ascii?Q?VxR9famBp6M/rJCdD7lNtHprCJbWHpzneaza0mFv0hY1PWCfoTGL7FoCklQK?= =?us-ascii?Q?MmegXmwlbLGwhTkFxDHbUXck2q+rkLGAO+07qylf94DE02GjVsXxSC7D4FO4?= =?us-ascii?Q?kSFnBwSTpSmDUw+lWCo65PrzgbdJd6SouR6/cg87C/IeljE1Rgx4C1jVGUj8?= =?us-ascii?Q?AXXXsrRLz6EGKUBPILzh2v8GtPgfhQep04EOoyK1EcjhfAq7P5WIz7yY7s1A?= =?us-ascii?Q?JnpwqQYwVAduX34ybLPhaa23ZPLD1zlGXE9X6sgLjgDn3ODmmc/UFRgngtbA?= =?us-ascii?Q?UVPvSY5tPVWYeSRNSUIXujm6LOJwoSWoi7Eq0ojX1dW6Qn7FpqH9YnI++YXE?= =?us-ascii?Q?o+WpNfcvWqlh44lP5EIR38r2aGW83xOjTYQTrT5Ie5Lkn6GNFWtJ2WXXVHBV?= =?us-ascii?Q?ZRMpCjpcrPWixanomVr94QKdJvPBTMwRSbeILIKcSsXgks1ScyX/2t/SRDUm?= =?us-ascii?Q?OlWJhY8iieGeBCE0L6i6Sj+k/oeoyEXznZ+fHlW03VYZ5GKrNhraFMuo/5cq?= =?us-ascii?Q?FGwSKMOhrbd0pkFRc/ZSGTPptibnxfKyihM9K5KdZTXtmFPFR4RrkSxUqUu9?= =?us-ascii?Q?u7Yc91A4O+qC7muAGEmjKU0vHIxqpqHS03dAWvgasIYHr9LWIgRBY4DgFq2H?= =?us-ascii?Q?lG2kUfPjUkzlMOAJyZXuZbcrFQcrqthimUiu2yVPtq0Kyv2XH+cDbm8Et+AN?= =?us-ascii?Q?BdPiPc/m1YfrtfXz2AMzTeEpaW46MWSeO1OsWgFbgRccASCfz4duDlgsGiJp?= =?us-ascii?Q?IH3oYp2bnenHGDULo5NbHWOKeWYLlyLTZR5zmuc3zBpN19/IPkOXpUtaCCv9?= =?us-ascii?Q?jCgwjAjPqacR/UVtSVP0dQ1+/Ykfvc9BMzFaxXLQ2jqWwHbOTlBbdqQ9Keni?= =?us-ascii?Q?rlEcj5UJ/cS1S7yVPadDqyXmrXV39ODnmIOr0q6QU8NYWHefITnExqhxHqd1?= =?us-ascii?Q?AcijxRO59XHXO8em+uvLK5jhwxEepShUlaWXrwPGOXdy64bUSLfLGeiV/OCZ?= =?us-ascii?Q?W3AbCuYuM4fXOy2WCKIMKQ5SznupVchTITE3FlIBzWNnwCs/YrvAPjKZIDdh?= =?us-ascii?Q?xcTRvQNU0lTkdZ4Hc5Dk1Hfd5SwZn3TCVseW0BrTAY6s8cd9ka+7baUcijgW?= =?us-ascii?Q?rKVGo2H1auZAAhkqMtb2Ix6DqYuUj73weuP0QRhB5Ndz3XD0Uv6gDWnS4M+O?= =?us-ascii?Q?d7Es5eSgu35xfHxbzqlp34YYBJF+FXaWhYfWvhIxptx2kFQhifJQiGBiPim+?= =?us-ascii?Q?Vb3+YKBlwGXOuU59y5Fog7YNMdl0kYCxeGTfNwu/VhVYQOeoxpeMyRZPGUpl?= =?us-ascii?Q?2jfC3Ar1U6EvUT59Qa7wkw84LyZ/LTklJGHMM4Pz82xe8wSQ6Qjmd/KKWEVk?= =?us-ascii?Q?d2RLvTbKLVqPi3aEd5viaZqgwM8Cwu+Glq0GO0VOy+j24i9M12mW5Q2Rzimy?= =?us-ascii?Q?yQ=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR11MB5601.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c6dcc86-7a66-4f44-e6dd-08db6e9cfb38 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jun 2023 19:07:51.1725 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2xSjGAn8vh3hGof4Vr+fCO2+ZTMH976/P/ccQhjT14MOhmdxpU8cUXPaKrCw68J+kT7mwBFmxndWBfsonJFDZeu4qsx31NJO2MKMIYdaAZL869h4QPFHLe25/9iRw0XF X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB8425 Return-Path: zachary.clark-williams@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_CO6PR11MB560197640E997F29DA8F0E60C958ACO6PR11MB5601namp_" --_000_CO6PR11MB560197640E997F29DA8F0E60C958ACO6PR11MB5601namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hey Yi, Review the below changes. The protocol has changes since ADL from PlatSapmle to an advanced feature a= nd the Protocol has shifted into EDK2, so the protocol name needs to be upd= ated: + Status =3D gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VO= ID **) &WiFiProfileSyncProtocol); Status =3D gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NUL= L, (VOID **)&WiFiProfileSyncProtocol); The locate protocol status check is enough and we do not need to add the NU= LL check too, we can remove that to keep it lighter. + if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol !=3D NULL) { Can we clean up the second locate protocol and bring the Identity allocate = above the protocol check, and bring the two conditions for EapIdentity copi= ed to Identity into the added protocol check condition. Here is a view of what I am thinking for consolidation. // // Set Identity to Eap peer, Mandatory field for PEAP and TTLS // if (StrLen (Profile->EapIdentity) > 0) { - IdentitySize =3D sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1); Identity =3D AllocateZeroPool (IdentitySize); if (Identity =3D=3D NULL) { return EFI_OUT_OF_RESOURCES; } + Status =3D gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NU= LL, (VOID **) &WiFiProfileSyncProtocol); if (!EFI_ERROR (Status)) { + // Max size of EapIdentity ::=3D sizeof (CHAR16) * sizeof (Profile-= >EapIdentity) ::=3D 2 * EAP_IDENTITY_SIZE + IdentitySize =3D sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile-= >EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1); + // + // The size of Identity from Username may equal + // to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=3D128 bytes), + // so here only valid characters except NULL characters are copied. + // + CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1); } else { + IdentitySize =3D sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1)= ; UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize); } -----Original Message----- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Sunday, June 4, 2023 11:30 PM To: devel@edk2.groups.io Cc: Li, Yi1 ; Maciej Rabeda ; Siyuan Fu Subject: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identit= y when in ASCII format FIX: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4477 Tls connection fail over WiFi in AMT OCR flow due to invalid identity. This was due to missing conversion between unicode and ascii string which r= esulted in invalid strlen. Cc: Maciej Rabeda > Cc: Siyuan Fu > Signed-off-by: Yi Li > --- .../WifiConnectionMgrImpl.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/= NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c index 2e596c1981..e1430251c8 100644 --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c @@ -572,7 +572,14 @@ WifiMgrConfigEap ( // Set Identity to Eap peer, Mandatory field for PEAP and TTLS // if (StrLen (Profile->EapIdentity) > 0) { - IdentitySize =3D sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1); + Status =3D gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (= VOID **) &WiFiProfileSyncProtocol); + if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol !=3D NULL) { + /* Max size of EapIdentity ::=3D sizeof (CHAR16) * sizeof (Profile->= EapIdentity) ::=3D 2 * EAP_IDENTITY_SIZE */ + IdentitySize =3D sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile-= >EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1); + } else { + IdentitySize =3D sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1)= ; + } + Identity =3D AllocateZeroPool (IdentitySize); if (Identity =3D=3D NULL) { return EFI_OUT_OF_RESOURCES; @@ -580,7 +587,10 @@ WifiMgrConfigEap ( Status =3D gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NU= LL, (VOID **)&WiFiProfileSyncProtocol); if (!EFI_ERROR (Status)) { - CopyMem (Identity, &Profile->EapIdentity, IdentitySize); + /* The size of Identity from Username may equal + to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=3D128 bytes), + so here only valid characters except NULL characters are copied. = */ + CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1); } else { UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize)= ; } -- 2.31.1.windows.1 --_000_CO6PR11MB560197640E997F29DA8F0E60C958ACO6PR11MB5601namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hey Yi,
 
Review the below changes.
 
The protocol has changes since ADL from PlatSapmle to an advanced feat= ure and the Protocol has shifted into EDK2, so the protocol name needs to b= e updated:
Status =3D gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid= , NULL, (VOID **) &WiFiProfileSyncProtocol);
    Status =3D gBS->LocateProtocol (&<= /i>gEdkiiWiFiProfileSyncProtocolG= uid, NULL, (VOID **)&WiFiProfileSyncProtocol);
 
The locate protocol status check is enough and we do not need to add t= he NULL check too, we can remove that to keep it lighter.
+    if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol !=3D NULL) {
 
Can we clean up the second locate protocol and bring the Identity allo= cate above the protocol check, and bring the two conditions for EapIdentity= copied to Identity into the added protocol check condition.
Here is a view of what I am thinking for consolidation.
 
&= nbsp; //
&= nbsp; // Set Identity to Eap peer, Mandatory field fo= r PEAP and TTLS
&= nbsp; //
&= nbsp; if (StrLen (Profile->Eap= Identity) > 0) {
-    IdentitySize= =3D sizeof (CHAR8<= /span>) * (StrLen (Prof= ile->EapIdentity) + 1);
&= nbsp;   Identity     =3D AllocateZeroPool (Identi= tySize);
&= nbsp;   if (Ide= ntity =3D=3D NULL) {
&= nbsp;     return EFI_OUT_OF_RESOURCES;
&= nbsp;   }
&= nbsp;
+=     Status =3D gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProf= ileSyncProtocol);
&= nbsp;   if (!EFI_E= RROR (Status)) {
+=       //  Max size of EapIdentity= ::=3D sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::=3D 2 * EAP_IDE= NTITY_SIZE
+=       IdentitySize =3D sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile->EapId= entity, sizeof (= CHAR16) * sizeof (Profile->EapIdentity)) + 1);
+=       //
+=       //  The size of Identity fr= om Username may equal
+=       //  to the max size of EapI= dentity(EAP_IDENTITY_SIZE*2=3D128 bytes),
+=       //  so here only valid char= acters except NULL characters are copied.
+=       //
+=       CopyMem (Identity, &Profile->= EapIdentity, Identit= ySize - 1);
&= nbsp;   } else {
+=       IdentitySize =3D sizeof (CHAR8) * (StrLen(Profile-&g= t;EapIdentity) + 1);
&= nbsp;     UnicodeStrToAsciiStrS (<= font color=3D"#001080">Profile->EapIdenti= ty, Identity, IdentitySize);
&= nbsp;   }
&= nbsp;
 
 
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li, Yi=
Sent: Sunday, June 4, 2023 11:30 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 <yi1.li@intel.com>; Maciej Rabeda <maciej.rabeda@linux= .intel.com>; Siyuan Fu <siyuan.fu@intel.com>
Subject: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identit= y when in ASCII format
 
 
Tls connection fail over WiFi in AMT OCR flow due to invalid identity.=
 
This was due to missing conversion between unicode and ascii string wh= ich resulted in invalid strlen.
 
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Siyuan Fu <siyuan.fu@int= el.com>
Signed-off-by: Yi Li <yi1.li@in= tel.com>
---
.../WifiConnectionMgrImpl.c       =             &nb= sp;    | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
 
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl= .c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
index 2e596c1981..e1430251c8 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
@@ -572,7 +572,14 @@ WifiMgrConfigEap (
   // Set Identity to Eap peer, Mandatory field for PEAP and= TTLS
   //
   if (StrLen (Profile->EapIdentity) > 0) {
-    IdentitySize =3D sizeof (CHAR8) * (StrLen (Profile= ->EapIdentity) + 1);
+    Status =3D gBS->LocateProtocol (&gWiFiProfi= leSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
+    if (!EFI_ERROR (Status) && WiFiProfileSync= Protocol !=3D NULL) {
+      /* Max size of EapIdentity ::=3D sizeo= f (CHAR16) * sizeof (Profile->EapIdentity) ::=3D 2 * EAP_IDENTITY_SIZE *= /
+      IdentitySize =3D sizeof (CHAR8) * (Asc= iiStrnLenS ((CHAR8 *) Profile->EapIdentity, sizeof (CHAR16) * sizeof (Pr= ofile->EapIdentity)) + 1);
+    } else {
+      IdentitySize =3D sizeof (CHAR8) * (Str= Len(Profile->EapIdentity) + 1);
+    }
+
     Identity     =3D Allocate= ZeroPool (IdentitySize);
     if (Identity =3D=3D NULL) {
       return EFI_OUT_OF_RESOURCES;
@@ -580,7 +587,10 @@ WifiMgrConfigEap (
 
     Status =3D gBS->LocateProtocol (&gEdki= iWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);=
     if (!EFI_ERROR (Status)) {
-      CopyMem (Identity, &Profile->Ea= pIdentity, IdentitySize);
+      /* The size of Identity from Username = may equal
+         to the max size of E= apIdentity(EAP_IDENTITY_SIZE*2=3D128 bytes),
+         so here only valid c= haracters except NULL characters are copied. */
+      CopyMem (Identity, &Profile->Ea= pIdentity, IdentitySize - 1);
     } else {
       UnicodeStrToAsciiStrS (Profile-&g= t;EapIdentity, Identity, IdentitySize);
     }
--
2.31.1.windows.1
 
 
 
 
 
 
--_000_CO6PR11MB560197640E997F29DA8F0E60C958ACO6PR11MB5601namp_--