From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: [PATCH] NetworkPkg/Dhcp6Dxe: Fix FORWARD_NULL Coverity issue To: devel@edk2.groups.io From: "Ranbir Singh" X-Originating-Location: Bengaluru, Karnataka, IN (122.172.85.38) X-Originating-Platform: Windows Chrome 108 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Wed, 04 Jan 2023 01:00:33 -0800 Message-ID: Content-Type: multipart/alternative; boundary="He0IO25CqVxbhhHiZpLN" --He0IO25CqVxbhhHiZpLN Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The function Dhcp6HandleStateful checks if (Instance->Config =3D=3D NULL) { goto ON_CONTINUE; } At label ON_CONTINUE, UdpIoRecvDatagram function is called and if for whatever reasons its return value is not EFI_SUCCESS, then the check if (EFI_ERROR (Status)) at label ON_EXIT passes leading to invokation of Dhcp6CleanupSession function in which ASSERT (Instance->Config); will get hit in DEBUG mode and in RELEASE mode, the code continues to dereference Instance->Config in the check if (Instance->Config->IaInfoEvent !=3D NULL) { which will lead to CRASH as Instance->Config is NULL. Hence, for safety add Instance->Config NULL pointer check before calling Dhcp6CleanupSession. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4223 Signed-off-by: Ranbir Singh --- NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c index dcd01e6268..2c924d373f 100644 --- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c +++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c @@ -2636,7 +2636,7 @@ ON_CONTINUE: 0 ); ON_EXIT: -=C2=A0 if (EFI_ERROR (Status)) { +=C2=A0 if (EFI_ERROR (Status) && (Instance->Config !=3D NULL)) { Dhcp6CleanupSession (Instance, Status); } } -- 2.36.1.windows.1 --He0IO25CqVxbhhHiZpLN Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable
The function Dhcp6HandleStateful checks
 
  if (Instance->Config =3D=3D NULL) {
    goto ON_CONTINUE;
  }
 
At label ON_CONTINUE, UdpIoRecvDatagram function is called and if for<= /div>
whatever reasons its return value is not EFI_SUCCESS, then the check
if (EFI_ERROR (Status)) at label ON_EXIT passes leading to invokation<= /div>
of Dhcp6CleanupSession function in which
 
  ASSERT (Instance->Config);
 
will get hit in DEBUG mode and in RELEASE mode, the code continues to<= /div>
dereference Instance->Config in the check
 
  if (Instance->Config->IaInfoEvent !=3D NULL) {
 
which will lead to CRASH as Instance->Config is NULL.
 
Hence, for safety add Instance->Config NULL pointer check before
calling Dhcp6CleanupSession.
 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4223
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
---
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6= Io.c
index dcd01e6268..2c924d373f 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
@@ -2636,7 +2636,7 @@ ON_CONTINUE:
              0
              );
 ON_EXIT:
-  if (EFI_ERROR (Status)) {
+  if (EFI_ERROR (Status) && (Instance->Config !=3D NU= LL)) {
     Dhcp6CleanupSession (Instance, Status);
   }
 }
--
2.36.1.windows.1
--He0IO25CqVxbhhHiZpLN--