* Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
[not found] <1765AF83686A77A3.7352@groups.io>
@ 2023-06-12 1:52 ` Li, Yi
0 siblings, 0 replies; 6+ messages in thread
From: Li, Yi @ 2023-06-12 1:52 UTC (permalink / raw)
To: devel@edk2.groups.io, Li, Yi1; +Cc: Maciej Rabeda, Siyuan Fu
++visibility
Hello, any feedback here?
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li, Yi
Sent: Monday, June 5, 2023 2:30 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 <yi1.li@intel.com>; Maciej Rabeda <maciej.rabeda@linux.intel.com>; Siyuan Fu <siyuan.fu@intel.com>
Subject: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
FIX: https://bugzilla.tianocore.org/show_bug.cgi?id=4477
Tls connection fail over WiFi in AMT OCR flow due to invalid identity.
This was due to missing conversion between unicode and ascii string which resulted in invalid strlen.
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
---
.../WifiConnectionMgrImpl.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
index 2e596c1981..e1430251c8 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
@@ -572,7 +572,14 @@ WifiMgrConfigEap (
// Set Identity to Eap peer, Mandatory field for PEAP and TTLS
//
if (StrLen (Profile->EapIdentity) > 0) {
- IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1);
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
+ /* Max size of EapIdentity ::= sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::= 2 * EAP_IDENTITY_SIZE */
+ IdentitySize = sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile->EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1);
+ } else {
+ IdentitySize = sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1);
+ }
+
Identity = AllocateZeroPool (IdentitySize);
if (Identity == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -580,7 +587,10 @@ WifiMgrConfigEap (
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
if (!EFI_ERROR (Status)) {
- CopyMem (Identity, &Profile->EapIdentity, IdentitySize);
+ /* The size of Identity from Username may equal
+ to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=128 bytes),
+ so here only valid characters except NULL characters are copied. */
+ CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1);
} else {
UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize);
}
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
2023-06-05 6:29 Li, Yi
@ 2023-06-16 19:07 ` Clark-williams, Zachary
2023-06-20 4:49 ` Li, Yi
0 siblings, 1 reply; 6+ messages in thread
From: Clark-williams, Zachary @ 2023-06-16 19:07 UTC (permalink / raw)
To: Li, Yi1, devel@edk2.groups.io; +Cc: Maciej Rabeda, Siyuan Fu
[-- Attachment #1: Type: text/plain, Size: 4930 bytes --]
Hey Yi,
Review the below changes.
The protocol has changes since ADL from PlatSapmle to an advanced feature and the Protocol has shifted into EDK2, so the protocol name needs to be updated:
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
The locate protocol status check is enough and we do not need to add the NULL check too, we can remove that to keep it lighter.
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
Can we clean up the second locate protocol and bring the Identity allocate above the protocol check, and bring the two conditions for EapIdentity copied to Identity into the added protocol check condition.
Here is a view of what I am thinking for consolidation.
//
// Set Identity to Eap peer, Mandatory field for PEAP and TTLS
//
if (StrLen (Profile->EapIdentity) > 0) {
- IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1);
Identity = AllocateZeroPool (IdentitySize);
if (Identity == NULL) {
return EFI_OUT_OF_RESOURCES;
}
+ Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
if (!EFI_ERROR (Status)) {
+ // Max size of EapIdentity ::= sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::= 2 * EAP_IDENTITY_SIZE
+ IdentitySize = sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile->EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1);
+ //
+ // The size of Identity from Username may equal
+ // to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=128 bytes),
+ // so here only valid characters except NULL characters are copied.
+ //
+ CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1);
} else {
+ IdentitySize = sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1);
UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize);
}
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li, Yi
Sent: Sunday, June 4, 2023 11:30 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 <yi1.li@intel.com>; Maciej Rabeda <maciej.rabeda@linux.intel.com>; Siyuan Fu <siyuan.fu@intel.com>
Subject: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
FIX: https://bugzilla.tianocore.org/show_bug.cgi?id=4477
Tls connection fail over WiFi in AMT OCR flow due to invalid identity.
This was due to missing conversion between unicode and ascii string which resulted in invalid strlen.
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com<mailto:maciej.rabeda@linux.intel.com>>
Cc: Siyuan Fu <siyuan.fu@intel.com<mailto:siyuan.fu@intel.com>>
Signed-off-by: Yi Li <yi1.li@intel.com<mailto:yi1.li@intel.com>>
---
.../WifiConnectionMgrImpl.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
index 2e596c1981..e1430251c8 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
@@ -572,7 +572,14 @@ WifiMgrConfigEap (
// Set Identity to Eap peer, Mandatory field for PEAP and TTLS
//
if (StrLen (Profile->EapIdentity) > 0) {
- IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1);
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
+ /* Max size of EapIdentity ::= sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::= 2 * EAP_IDENTITY_SIZE */
+ IdentitySize = sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile->EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1);
+ } else {
+ IdentitySize = sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1);
+ }
+
Identity = AllocateZeroPool (IdentitySize);
if (Identity == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -580,7 +587,10 @@ WifiMgrConfigEap (
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
if (!EFI_ERROR (Status)) {
- CopyMem (Identity, &Profile->EapIdentity, IdentitySize);
+ /* The size of Identity from Username may equal
+ to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=128 bytes),
+ so here only valid characters except NULL characters are copied. */
+ CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1);
} else {
UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize);
}
--
2.31.1.windows.1
[-- Attachment #2: Type: text/html, Size: 13023 bytes --]
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
2023-06-16 19:07 ` [edk2-devel] " Clark-williams, Zachary
@ 2023-06-20 4:49 ` Li, Yi
2023-06-22 22:26 ` Clark-williams, Zachary
0 siblings, 1 reply; 6+ messages in thread
From: Li, Yi @ 2023-06-20 4:49 UTC (permalink / raw)
To: Clark-williams, Zachary, devel
[-- Attachment #1: Type: text/plain, Size: 1141 bytes --]
Hi Zachary,
Thanks for review.
>
> The protocol has changes since ADL from PlatSapmle to an advanced feature
> and the Protocol has shifted into EDK2, so the protocol name needs to be
> updated:
> + Status = gBS->LocateProtocol (& gWiFiProfileSyncProtocolGuid , NULL,
> (VOID **) &WiFiProfileSyncProtocol);
> Status = gBS->LocateProtocol (& gEdkiiWiFiProfileSyncProtocolGuid , NULL,
> (VOID **)&WiFiProfileSyncProtocol);
>
> The locate protocol status check is enough and we do not need to add the
> NULL check too, we can remove that to keep it lighter.
> + if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL ) {
>
>
Agree with those changes, please check latest V2 patch or this PR: https://github.com/tianocore/edk2/pull/4561
>
> Can we clean up the second locate protocol and bring the Identity allocate
> above the protocol check, and bring the two conditions for EapIdentity
> copied to Identity into the added protocol check condition.
> Here is a view of what I am thinking for consolidation.
>
We need to get the Identity size before AllocateZeroPool() , not feasible here IMO.
[-- Attachment #2: Type: text/html, Size: 2384 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
2023-06-20 4:49 ` Li, Yi
@ 2023-06-22 22:26 ` Clark-williams, Zachary
2023-06-26 8:36 ` Li, Yi
0 siblings, 1 reply; 6+ messages in thread
From: Clark-williams, Zachary @ 2023-06-22 22:26 UTC (permalink / raw)
To: devel@edk2.groups.io, Li, Yi1, Clark-williams, Zachary
[-- Attachment #1: Type: text/plain, Size: 1703 bytes --]
Hey Yi,
I agree with the flow you have in the PR link and removing the extra protocol locate.
My only comment is to align your comments with the commenting style of the file.
Instead of /**/, use // for both single and multi-line comments.
Example included in the comments on the PR.
Thanks,
Zack
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li, Yi
Sent: Monday, June 19, 2023 9:49 PM
To: Clark-williams; Clark-williams, Zachary <zachary.clark-williams@intel.com>; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
Hi Zachary,
Thanks for review.
The protocol has changes since ADL from PlatSapmle to an advanced feature and the Protocol has shifted into EDK2, so the protocol name needs to be updated:
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
The locate protocol status check is enough and we do not need to add the NULL check too, we can remove that to keep it lighter.
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
Agree with those changes, please check latest V2 patch or this PR: https://github.com/tianocore/edk2/pull/4561
Can we clean up the second locate protocol and bring the Identity allocate above the protocol check, and bring the two conditions for EapIdentity copied to Identity into the added protocol check condition.
Here is a view of what I am thinking for consolidation.
We need to get the Identity size before AllocateZeroPool(), not feasible here IMO.
[-- Attachment #2: Type: text/html, Size: 5516 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
2023-06-22 22:26 ` Clark-williams, Zachary
@ 2023-06-26 8:36 ` Li, Yi
2023-06-27 18:07 ` Clark-williams, Zachary
0 siblings, 1 reply; 6+ messages in thread
From: Li, Yi @ 2023-06-26 8:36 UTC (permalink / raw)
To: Clark-williams, Zachary, devel@edk2.groups.io
[-- Attachment #1: Type: text/plain, Size: 2226 bytes --]
Hi Zack,
Please check V3 patch, thanks for review.
Regards,
Yi
From: Clark-williams, Zachary <zachary.clark-williams@intel.com>
Sent: Friday, June 23, 2023 6:26 AM
To: devel@edk2.groups.io; Li, Yi1 <yi1.li@intel.com>; Clark-williams, Zachary <zachary.clark-williams@intel.com>
Subject: RE: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
Hey Yi,
I agree with the flow you have in the PR link and removing the extra protocol locate.
My only comment is to align your comments with the commenting style of the file.
Instead of /**/, use // for both single and multi-line comments.
Example included in the comments on the PR.
Thanks,
Zack
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Li, Yi
Sent: Monday, June 19, 2023 9:49 PM
To: Clark-williams; Clark-williams, Zachary <zachary.clark-williams@intel.com<mailto:zachary.clark-williams@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
Hi Zachary,
Thanks for review.
The protocol has changes since ADL from PlatSapmle to an advanced feature and the Protocol has shifted into EDK2, so the protocol name needs to be updated:
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
The locate protocol status check is enough and we do not need to add the NULL check too, we can remove that to keep it lighter.
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
Agree with those changes, please check latest V2 patch or this PR: https://github.com/tianocore/edk2/pull/4561
Can we clean up the second locate protocol and bring the Identity allocate above the protocol check, and bring the two conditions for EapIdentity copied to Identity into the added protocol check condition.
Here is a view of what I am thinking for consolidation.
We need to get the Identity size before AllocateZeroPool(), not feasible here IMO.
[-- Attachment #2: Type: text/html, Size: 6874 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
2023-06-26 8:36 ` Li, Yi
@ 2023-06-27 18:07 ` Clark-williams, Zachary
0 siblings, 0 replies; 6+ messages in thread
From: Clark-williams, Zachary @ 2023-06-27 18:07 UTC (permalink / raw)
To: Li, Yi1, devel@edk2.groups.io
[-- Attachment #1: Type: text/plain, Size: 2645 bytes --]
Looks good to me.
From: Li, Yi1 <yi1.li@intel.com>
Sent: Monday, June 26, 2023 1:36 AM
To: Clark-williams, Zachary <zachary.clark-williams@intel.com>; devel@edk2.groups.io
Subject: RE: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
Hi Zack,
Please check V3 patch, thanks for review.
Regards,
Yi
From: Clark-williams, Zachary <zachary.clark-williams@intel.com<mailto:zachary.clark-williams@intel.com>>
Sent: Friday, June 23, 2023 6:26 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Li, Yi1 <yi1.li@intel.com<mailto:yi1.li@intel.com>>; Clark-williams, Zachary <zachary.clark-williams@intel.com<mailto:zachary.clark-williams@intel.com>>
Subject: RE: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
Hey Yi,
I agree with the flow you have in the PR link and removing the extra protocol locate.
My only comment is to align your comments with the commenting style of the file.
Instead of /**/, use // for both single and multi-line comments.
Example included in the comments on the PR.
Thanks,
Zack
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Li, Yi
Sent: Monday, June 19, 2023 9:49 PM
To: Clark-williams; Clark-williams, Zachary <zachary.clark-williams@intel.com<mailto:zachary.clark-williams@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Subject: Re: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
Hi Zachary,
Thanks for review.
The protocol has changes since ADL from PlatSapmle to an advanced feature and the Protocol has shifted into EDK2, so the protocol name needs to be updated:
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
The locate protocol status check is enough and we do not need to add the NULL check too, we can remove that to keep it lighter.
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
Agree with those changes, please check latest V2 patch or this PR: https://github.com/tianocore/edk2/pull/4561
Can we clean up the second locate protocol and bring the Identity allocate above the protocol check, and bring the two conditions for EapIdentity copied to Identity into the added protocol check condition.
Here is a view of what I am thinking for consolidation.
We need to get the Identity size before AllocateZeroPool(), not feasible here IMO.
[-- Attachment #2: Type: text/html, Size: 7433 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-06-27 18:07 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1765AF83686A77A3.7352@groups.io>
2023-06-12 1:52 ` [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format Li, Yi
2023-06-05 6:29 Li, Yi
2023-06-16 19:07 ` [edk2-devel] " Clark-williams, Zachary
2023-06-20 4:49 ` Li, Yi
2023-06-22 22:26 ` Clark-williams, Zachary
2023-06-26 8:36 ` Li, Yi
2023-06-27 18:07 ` Clark-williams, Zachary
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox