mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-27 07:34:06 +02:00
NetworkPkg/HttpDxe: Fix the potential NULL dereference
Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Hao A <hao.a.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Jiaxin Wu
parent
0e5e7996c9
commit
63f1d6a4c0
@ -591,10 +591,12 @@ EfiHttpRequest (
|
|||||||
|
|
||||||
Status = HttpGenRequestMessage (HttpMsg, FileUrl, &RequestMsg, &RequestMsgSize);
|
Status = HttpGenRequestMessage (HttpMsg, FileUrl, &RequestMsg, &RequestMsgSize);
|
||||||
|
|
||||||
if (EFI_ERROR (Status)) {
|
if (EFI_ERROR (Status) || NULL == RequestMsg) {
|
||||||
goto Error3;
|
goto Error3;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ASSERT (RequestMsg != NULL);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Every request we insert a TxToken and a response call would remove the TxToken.
|
// Every request we insert a TxToken and a response call would remove the TxToken.
|
||||||
// In cases of PUT/POST, after an initial request-response pair, we would do a
|
// In cases of PUT/POST, after an initial request-response pair, we would do a
|
||||||
|
|||||||
@ -1655,6 +1655,8 @@ HttpTcpTransmit (
|
|||||||
UINTN UrlSize;
|
UINTN UrlSize;
|
||||||
UINTN RequestMsgSize;
|
UINTN RequestMsgSize;
|
||||||
|
|
||||||
|
RequestMsg = NULL;
|
||||||
|
|
||||||
ValueInItem = (HTTP_TOKEN_WRAP *) Item->Value;
|
ValueInItem = (HTTP_TOKEN_WRAP *) Item->Value;
|
||||||
if (ValueInItem->TcpWrap.IsTxDone) {
|
if (ValueInItem->TcpWrap.IsTxDone) {
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
@ -1682,10 +1684,12 @@ HttpTcpTransmit (
|
|||||||
);
|
);
|
||||||
FreePool (Url);
|
FreePool (Url);
|
||||||
|
|
||||||
if (EFI_ERROR (Status)){
|
if (EFI_ERROR (Status) || NULL == RequestMsg){
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ASSERT (RequestMsg != NULL);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Transmit the request message.
|
// Transmit the request message.
|
||||||
//
|
//
|
||||||
|
|||||||
@ -401,33 +401,37 @@ TlsConfigCertificate (
|
|||||||
NULL
|
NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
if (Status == EFI_BUFFER_TOO_SMALL) {
|
if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
|
||||||
//
|
return Status;
|
||||||
// Allocate buffer and read the config variable.
|
|
||||||
//
|
|
||||||
CACert = AllocatePool (CACertSize);
|
|
||||||
if (CACert == NULL) {
|
|
||||||
return EFI_OUT_OF_RESOURCES;
|
|
||||||
}
|
|
||||||
|
|
||||||
Status = gRT->GetVariable (
|
|
||||||
EFI_TLS_CA_CERTIFICATE_VARIABLE,
|
|
||||||
&gEfiTlsCaCertificateGuid,
|
|
||||||
NULL,
|
|
||||||
&CACertSize,
|
|
||||||
CACert
|
|
||||||
);
|
|
||||||
if (EFI_ERROR (Status)) {
|
|
||||||
//
|
|
||||||
// GetVariable still error or the variable is corrupted.
|
|
||||||
// Fall back to the default value.
|
|
||||||
//
|
|
||||||
FreePool (CACert);
|
|
||||||
|
|
||||||
return EFI_NOT_FOUND;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Allocate buffer and read the config variable.
|
||||||
|
//
|
||||||
|
CACert = AllocatePool (CACertSize);
|
||||||
|
if (CACert == NULL) {
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
|
Status = gRT->GetVariable (
|
||||||
|
EFI_TLS_CA_CERTIFICATE_VARIABLE,
|
||||||
|
&gEfiTlsCaCertificateGuid,
|
||||||
|
NULL,
|
||||||
|
&CACertSize,
|
||||||
|
CACert
|
||||||
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
//
|
||||||
|
// GetVariable still error or the variable is corrupted.
|
||||||
|
// Fall back to the default value.
|
||||||
|
//
|
||||||
|
FreePool (CACert);
|
||||||
|
|
||||||
|
return EFI_NOT_FOUND;
|
||||||
|
}
|
||||||
|
|
||||||
|
ASSERT (CACert != NULL);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Enumerate all data and erasing the target item.
|
// Enumerate all data and erasing the target item.
|
||||||
//
|
//
|
||||||
@ -1037,6 +1041,11 @@ TlsConnectSession (
|
|||||||
//
|
//
|
||||||
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
||||||
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
||||||
|
if (DataOut == NULL) {
|
||||||
|
FreePool (BufferOut);
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
CopyMem (DataOut, BufferOut, BufferOutSize);
|
CopyMem (DataOut, BufferOut, BufferOutSize);
|
||||||
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
||||||
|
|
||||||
@ -1107,6 +1116,7 @@ TlsConnectSession (
|
|||||||
FreePool (BufferIn);
|
FreePool (BufferIn);
|
||||||
|
|
||||||
if (EFI_ERROR (Status)) {
|
if (EFI_ERROR (Status)) {
|
||||||
|
FreePool (BufferOut);
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1116,6 +1126,11 @@ TlsConnectSession (
|
|||||||
//
|
//
|
||||||
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
||||||
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
||||||
|
if (DataOut == NULL) {
|
||||||
|
FreePool (BufferOut);
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
CopyMem (DataOut, BufferOut, BufferOutSize);
|
CopyMem (DataOut, BufferOut, BufferOutSize);
|
||||||
|
|
||||||
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
||||||
@ -1267,6 +1282,11 @@ TlsCloseSession (
|
|||||||
|
|
||||||
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
||||||
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
||||||
|
if (DataOut == NULL) {
|
||||||
|
FreePool (BufferOut);
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
CopyMem (DataOut, BufferOut, BufferOutSize);
|
CopyMem (DataOut, BufferOut, BufferOutSize);
|
||||||
|
|
||||||
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
||||||
@ -1540,6 +1560,11 @@ HttpsReceive (
|
|||||||
if (BufferOutSize != 0) {
|
if (BufferOutSize != 0) {
|
||||||
PacketOut = NetbufAlloc ((UINT32)BufferOutSize);
|
PacketOut = NetbufAlloc ((UINT32)BufferOutSize);
|
||||||
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
||||||
|
if (DataOut == NULL) {
|
||||||
|
FreePool (BufferOut);
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
CopyMem (DataOut, BufferOut, BufferOutSize);
|
CopyMem (DataOut, BufferOut, BufferOutSize);
|
||||||
|
|
||||||
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
||||||
@ -1627,6 +1652,11 @@ HttpsReceive (
|
|||||||
if (BufferOutSize != 0) {
|
if (BufferOutSize != 0) {
|
||||||
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
|
||||||
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
|
||||||
|
if (DataOut == NULL) {
|
||||||
|
FreePool (BufferOut);
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
CopyMem (DataOut, BufferOut, BufferOutSize);
|
CopyMem (DataOut, BufferOut, BufferOutSize);
|
||||||
|
|
||||||
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
Status = TlsCommonTransmit (HttpInstance, PacketOut);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user