tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 08:04:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update the IPsec driver to check in invalid parameter of ProcessExt() according to UEFI Spec.

Browse Source 
Signed-off-by: qianouyang
Reviewed-by: jjin9

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11714 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
qianouyang 2011-05-31 02:03:57 +00:00
parent b18e705046
commit 47b2710184
3 changed files with 36 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
NetworkPkg/IpSecDxe/IpSecImpl.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
The implementation of IPsec. The implementation of IPsec.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -1188,8 +1188,8 @@ IpSecTunnelInboundPacket (
@param[in] IpVersion The version of IP. @param[in] IpVersion The version of IP.
@param[in] SadData The related SAD data. @param[in] SadData The related SAD data.
@param[in, out] LastHead The Last Header in IP header. @param[in, out] LastHead The Last Header in IP header.
@param[in] OptionsBuffer Pointer to the options buffer. It is optional. @param[in] OptionsBuffer Pointer to the options buffer.
@param[in] OptionsLength Length of the options buffer. It is optional. @param[in] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by @param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected IPsec on input, and with IPsec protected
on return. on return.
@ -1360,8 +1360,8 @@ IpSecTunnelOutboundPacket (
to be trimed on input, and without ESP header to be trimed on input, and without ESP header
on return. on return.
@param[out] LastHead The Last Header in IP header on return. @param[out] LastHead The Last Header in IP header on return.
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec @param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected protected on input, and without IPsec protected
on return. on return.
@ -1382,8 +1382,8 @@ IpSecEspInboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
OUT UINT8 *LastHead, OUT UINT8 *LastHead,
IN OUT VOID **OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer,
IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
OUT EFI_IPSEC_SPD_SELECTOR **SpdSelector, OUT EFI_IPSEC_SPD_SELECTOR **SpdSelector,
@ -1647,8 +1647,8 @@ ON_EXIT:
to be processed on input, and inserted ESP header to be processed on input, and inserted ESP header
on return. on return.
@param[in, out] LastHead The Last Header in IP header. @param[in, out] LastHead The Last Header in IP header.
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by @param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected IPsec on input, and with IPsec protected
on return. on return.
@ -1665,8 +1665,8 @@ IpSecEspOutboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN OUT VOID **OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer,
IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry, IN IPSEC_SAD_ENTRY *SadEntry,
@ -2046,8 +2046,8 @@ ON_EXIT:
to be trimed on input, and without ESP/AH header to be trimed on input, and without ESP/AH header
on return. on return.
@param[in, out] LastHead The Last Header in IP header on return. @param[in, out] LastHead The Last Header in IP header on return.
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec @param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
protected on input, and without IPsec protected protected on input, and without IPsec protected
on return. on return.
@ -2064,8 +2064,8 @@ IpSecProtectInboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN OUT VOID **OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer,
IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry, OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry,
@ -2105,8 +2105,8 @@ IpSecProtectInboundPacket (
to be processed on input, and inserted ESP/AH header to be processed on input, and inserted ESP/AH header
on return. on return.
@param[in, out] LastHead The Last Header in IP header. @param[in, out] LastHead The Last Header in IP header.
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by @param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected IPsec on input, and with IPsec protected
on return. on return.
@ -2123,8 +2123,8 @@ IpSecProtectOutboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN OUT VOID **OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer,
IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry, IN IPSEC_SAD_ENTRY *SadEntry,

18
NetworkPkg/IpSecDxe/IpSecImpl.h
View File

@ -1,7 +1,7 @@
/** @file /** @file
The definitions related to IPsec protocol implementation. The definitions related to IPsec protocol implementation.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -158,8 +158,8 @@ struct _IPSEC_PRIVATE_DATA {
to be trimed on input, and without ESP/AH header to be trimed on input, and without ESP/AH header
on return. on return.
@param[in, out] LastHead The Last Header in IP header on return. @param[in, out] LastHead The Last Header in IP header on return.
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec @param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
protected on input, and without IPsec protected protected on input, and without IPsec protected
on return. on return.
@ -176,8 +176,8 @@ IpSecProtectInboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN OUT VOID **OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer,
IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry, OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry,
@ -196,8 +196,8 @@ IpSecProtectInboundPacket (
to be processed on input, and inserted ESP/AH header to be processed on input, and inserted ESP/AH header
on return. on return.
@param[in, out] LastHead The Last Header in IP header. @param[in, out] LastHead The Last Header in IP header.
@param[in, out] OptionsBuffer Pointer to the options buffer. It is optional. @param[in, out] OptionsBuffer Pointer to the options buffer.
@param[in, out] OptionsLength Length of the options buffer. It is optional. @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by @param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected IPsec on input, and with IPsec protected
on return. on return.
@ -214,8 +214,8 @@ IpSecProtectOutboundPacket (
IN UINT8 IpVersion, IN UINT8 IpVersion,
IN OUT VOID *IpHead, IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead, IN OUT UINT8 *LastHead,
IN OUT VOID **OptionsBuffer, OPTIONAL IN OUT VOID **OptionsBuffer,
IN OUT UINT32 *OptionsLength, OPTIONAL IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable, IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount, IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry, IN IPSEC_SAD_ENTRY *SadEntry,

9
NetworkPkg/IpSecDxe/IpSecMain.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
The mian interface of IPsec Protocol. The mian interface of IPsec Protocol.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -70,6 +70,13 @@ IpSecProcess (
UINT8 OldLastHead; UINT8 OldLastHead;
BOOLEAN IsOutbound; BOOLEAN IsOutbound;
if (OptionsBuffer == NULL ||
OptionsLength == NULL ||
FragmentTable == NULL ||
FragmentCount == NULL
) {
return EFI_INVALID_PARAMETER;
}
Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (This); Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (This);
IpPayload = (*FragmentTable)[0].FragmentBuffer; IpPayload = (*FragmentTable)[0].FragmentBuffer;
IsOutbound = (BOOLEAN) ((TrafficDirection == EfiIPsecOutBound) ? TRUE : FALSE); IsOutbound = (BOOLEAN) ((TrafficDirection == EfiIPsecOutBound) ? TRUE : FALSE);