mirror of https://github.com/acidanthera/audk.git
NetworkPkg/DnsDxe: Avoid to access the freed memory buffer.
The HostNameToIp() is a asynchronous function, so the caller may free the HostName buffer immediately once HostNameToIp() is returned. Then DNS driver may access the freed memory buffer later. This patch is to fix above issue. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wang Fan <fan.wang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
parent
43d7e60734
commit
0c6108b652
|
@ -464,8 +464,14 @@ Dns4HostNameToIp (
|
|||
}
|
||||
|
||||
TokenEntry->PacketToLive = Token->RetryInterval;
|
||||
TokenEntry->QueryHostName = HostName;
|
||||
TokenEntry->Token = Token;
|
||||
TokenEntry->QueryHostName = AllocateZeroPool (StrSize (HostName));
|
||||
if (TokenEntry->QueryHostName == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
CopyMem (TokenEntry->QueryHostName, HostName, StrSize (HostName));
|
||||
|
||||
//
|
||||
// Construct QName.
|
||||
|
@ -481,10 +487,6 @@ Dns4HostNameToIp (
|
|||
//
|
||||
Status = ConstructDNSQuery (Instance, QueryName, DNS_TYPE_A, DNS_CLASS_INET, &Packet);
|
||||
if (EFI_ERROR (Status)) {
|
||||
if (TokenEntry != NULL) {
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
|
@ -495,12 +497,6 @@ Dns4HostNameToIp (
|
|||
//
|
||||
Status = NetMapInsertTail (&Instance->Dns4TxTokens, TokenEntry, Packet);
|
||||
if (EFI_ERROR (Status)) {
|
||||
if (TokenEntry != NULL) {
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
NetbufFree (Packet);
|
||||
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
|
@ -510,15 +506,24 @@ Dns4HostNameToIp (
|
|||
Status = DoDnsQuery (Instance, Packet);
|
||||
if (EFI_ERROR (Status)) {
|
||||
Dns4RemoveTokenEntry (&Instance->Dns4TxTokens, TokenEntry);
|
||||
|
||||
if (TokenEntry != NULL) {
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
NetbufFree (Packet);
|
||||
}
|
||||
|
||||
ON_EXIT:
|
||||
|
||||
if (EFI_ERROR (Status)) {
|
||||
if (TokenEntry != NULL) {
|
||||
if (TokenEntry->QueryHostName != NULL) {
|
||||
FreePool (TokenEntry->QueryHostName);
|
||||
}
|
||||
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
if (Packet != NULL) {
|
||||
NetbufFree (Packet);
|
||||
}
|
||||
}
|
||||
|
||||
if (QueryName != NULL) {
|
||||
FreePool (QueryName);
|
||||
}
|
||||
|
@ -1301,9 +1306,14 @@ Dns6HostNameToIp (
|
|||
}
|
||||
|
||||
TokenEntry->PacketToLive = Token->RetryInterval;
|
||||
TokenEntry->QueryHostName = HostName;
|
||||
TokenEntry->Token = Token;
|
||||
TokenEntry->QueryHostName = AllocateZeroPool (StrSize (HostName));
|
||||
if (TokenEntry->QueryHostName == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
CopyMem (TokenEntry->QueryHostName, HostName, StrSize (HostName));
|
||||
|
||||
//
|
||||
// Construct QName.
|
||||
|
@ -1319,10 +1329,6 @@ Dns6HostNameToIp (
|
|||
//
|
||||
Status = ConstructDNSQuery (Instance, QueryName, DNS_TYPE_AAAA, DNS_CLASS_INET, &Packet);
|
||||
if (EFI_ERROR (Status)) {
|
||||
if (TokenEntry != NULL) {
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
|
@ -1333,12 +1339,6 @@ Dns6HostNameToIp (
|
|||
//
|
||||
Status = NetMapInsertTail (&Instance->Dns6TxTokens, TokenEntry, Packet);
|
||||
if (EFI_ERROR (Status)) {
|
||||
if (TokenEntry != NULL) {
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
NetbufFree (Packet);
|
||||
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
|
@ -1348,15 +1348,24 @@ Dns6HostNameToIp (
|
|||
Status = DoDnsQuery (Instance, Packet);
|
||||
if (EFI_ERROR (Status)) {
|
||||
Dns6RemoveTokenEntry (&Instance->Dns6TxTokens, TokenEntry);
|
||||
|
||||
if (TokenEntry != NULL) {
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
NetbufFree (Packet);
|
||||
}
|
||||
|
||||
ON_EXIT:
|
||||
|
||||
if (EFI_ERROR (Status)) {
|
||||
if (TokenEntry != NULL) {
|
||||
if (TokenEntry->QueryHostName != NULL) {
|
||||
FreePool (TokenEntry->QueryHostName);
|
||||
}
|
||||
|
||||
FreePool (TokenEntry);
|
||||
}
|
||||
|
||||
if (Packet != NULL) {
|
||||
NetbufFree (Packet);
|
||||
}
|
||||
}
|
||||
|
||||
if (QueryName != NULL) {
|
||||
FreePool (QueryName);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue