tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 16:14:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg: Avoid potential NULL pointer dereference

Browse Source 
The commit of 6b16c9e7 removes ASSERT and use error handling
in IpSecDxe driver, but may cause the potential NULL pointer
dereference. So, this patch is used to avoid NULL pointer
dereference.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Jiaxin Wu 2016-06-24 15:19:44 +08:00
parent 9252d67ab3
commit 6771c1d658
5 changed files with 195 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
NetworkPkg/IpSecDxe/IkePacket.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
IKE Packet related operation. IKE Packet related operation.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -195,6 +195,9 @@ IkeNetbufFromPacket (
LIST_ENTRY *PacketEntry; LIST_ENTRY *PacketEntry;
LIST_ENTRY *Entry; LIST_ENTRY *Entry;
IKE_PAYLOAD *IkePayload; IKE_PAYLOAD *IkePayload;
EFI_STATUS RetStatus;
RetStatus = EFI_SUCCESS;
if (!IkePacket->IsEncoded) { if (!IkePacket->IsEncoded) {
IkePacket->IsEncoded = TRUE; IkePacket->IsEncoded = TRUE;
@ -203,10 +206,14 @@ IkeNetbufFromPacket (
// Encryption payloads if needed // Encryption payloads if needed
// //
if (((IKEV2_SESSION_COMMON *) SessionCommon)->IkeVer == 2) { if (((IKEV2_SESSION_COMMON *) SessionCommon)->IkeVer == 2) {
Ikev2EncodePacket ((IKEV2_SESSION_COMMON *) SessionCommon, IkePacket, IkeType); RetStatus = Ikev2EncodePacket ((IKEV2_SESSION_COMMON *) SessionCommon, IkePacket, IkeType);
if (EFI_ERROR (RetStatus)) {
return NULL;
}
} else { } else {
// //
//If IKEv1 support, check it here. // If IKEv1 support, check it here.
// //
return NULL; return NULL;
} }

21
NetworkPkg/IpSecDxe/Ikev2/ChildSa.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
The operations for Child SA. The operations for Child SA.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -39,17 +39,20 @@ Ikev2CreateChildGenerator (
IKE_PACKET *IkePacket; IKE_PACKET *IkePacket;
IKE_PAYLOAD *NotifyPayload; IKE_PAYLOAD *NotifyPayload;
UINT32 *MessageId; UINT32 *MessageId;
NotifyPayload = NULL;
MessageId = NULL;
ChildSaSession = (IKEV2_CHILD_SA_SESSION *) SaSession; ChildSaSession = (IKEV2_CHILD_SA_SESSION *) SaSession;
IkePacket = IkePacketAlloc();
MessageId = NULL;
if (IkePacket == NULL) {
return NULL;
}
if (ChildSaSession == NULL) { if (ChildSaSession == NULL) {
return NULL; return NULL;
} }
IkePacket = IkePacketAlloc();
if (IkePacket == NULL) {
return NULL;
}
if (Context != NULL) { if (Context != NULL) {
MessageId = (UINT32 *) Context; MessageId = (UINT32 *) Context;
@ -113,6 +116,10 @@ Ikev2CreateChildGenerator (
NULL, NULL,
0 0
); );
if (NotifyPayload == NULL) {
IkePacketFree (IkePacket);
return NULL;
}
IKE_PACKET_APPEND_PAYLOAD (IkePacket, NotifyPayload); IKE_PACKET_APPEND_PAYLOAD (IkePacket, NotifyPayload);
// //

10
NetworkPkg/IpSecDxe/Ikev2/Exchange.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
The general interfaces of the IKEv2. The general interfaces of the IKEv2.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -495,6 +495,10 @@ Ikev2HandleSa (
IsListEmpty (&IkeSaSession->ChildSaEstablishSessionList)); IsListEmpty (&IkeSaSession->ChildSaEstablishSessionList));
ChildSaSession = Ikev2ChildSaSessionCreate (IkeSaSession, UdpService); ChildSaSession = Ikev2ChildSaSessionCreate (IkeSaSession, UdpService);
if (ChildSaSession == NULL) {
goto ON_ERROR;
}
ChildSaCommon = &ChildSaSession->SessionCommon; ChildSaCommon = &ChildSaSession->SessionCommon;
} }
@ -519,6 +523,10 @@ Ikev2HandleSa (
IsListEmpty (&IkeSaSession->ChildSaEstablishSessionList)); IsListEmpty (&IkeSaSession->ChildSaEstablishSessionList));
ChildSaSession = Ikev2ChildSaSessionCreate (IkeSaSession, UdpService); ChildSaSession = Ikev2ChildSaSessionCreate (IkeSaSession, UdpService);
if (ChildSaSession == NULL) {
goto ON_ERROR;
}
ChildSaCommon = &ChildSaSession->SessionCommon; ChildSaCommon = &ChildSaSession->SessionCommon;
// //

3
NetworkPkg/IpSecDxe/Ikev2/Payload.c
View File

@ -2558,6 +2558,9 @@ Ikev2EncodePacket (
// Encrypt all payload and transfer IKE packet header from Host order to Network order. // Encrypt all payload and transfer IKE packet header from Host order to Network order.
// //
Status = Ikev2EncryptPacket (SessionCommon, IkePacket); Status = Ikev2EncryptPacket (SessionCommon, IkePacket);
if (EFI_ERROR (Status)) {
return Status;
}
} else { } else {
// //
// Fill in the lenght into IkePacket header and transfer Host order to Network order. // Fill in the lenght into IkePacket header and transfer Host order to Network order.

163
NetworkPkg/IpSecDxe/Ikev2/Sa.c
View File

@ -445,6 +445,13 @@ Ikev2AuthPskGenerator (
IkeSaSession = (IKEV2_SA_SESSION *) SaSession; IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList)); ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));
IkePacket = NULL;
IdPayload = NULL;
AuthPayload = NULL;
SaPayload = NULL;
TsiPayload = NULL;
TsrPayload = NULL;
NotifyPayload = NULL;
CpPayload = NULL; CpPayload = NULL;
NotifyPayload = NULL; NotifyPayload = NULL;
@ -488,6 +495,9 @@ Ikev2AuthPskGenerator (
&IkeSaSession->SessionCommon, &IkeSaSession->SessionCommon,
IKEV2_PAYLOAD_TYPE_AUTH IKEV2_PAYLOAD_TYPE_AUTH
); );
if (IdPayload == NULL) {
goto CheckError;
}
// //
// 3. Generate Auth Payload // 3. Generate Auth Payload
@ -522,6 +532,14 @@ Ikev2AuthPskGenerator (
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS
); );
} }
if (CpPayload == NULL) {
goto CheckError;
}
}
if (AuthPayload == NULL) {
goto CheckError;
} }
// //
@ -532,6 +550,9 @@ Ikev2AuthPskGenerator (
IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_INIT,
IkeSessionTypeChildSa IkeSessionTypeChildSa
); );
if (SaPayload == NULL) {
goto CheckError;
}
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) { if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {
// //
@ -562,6 +583,9 @@ Ikev2AuthPskGenerator (
NULL, NULL,
0 0
); );
if (NotifyPayload == NULL) {
goto CheckError;
}
} else { } else {
// //
// Generate Tsr for Tunnel mode. // Generate Tsr for Tunnel mode.
@ -578,6 +602,10 @@ Ikev2AuthPskGenerator (
); );
} }
if (TsiPayload == NULL || TsrPayload == NULL) {
goto CheckError;
}
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload); IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);
IKE_PACKET_APPEND_PAYLOAD (IkePacket, AuthPayload); IKE_PACKET_APPEND_PAYLOAD (IkePacket, AuthPayload);
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTunnel) { if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {
@ -591,6 +619,41 @@ Ikev2AuthPskGenerator (
} }
return IkePacket; return IkePacket;
CheckError:
if (IkePacket != NULL) {
IkePacketFree (IkePacket);
}
if (IdPayload != NULL) {
IkePayloadFree (IdPayload);
}
if (AuthPayload != NULL) {
IkePayloadFree (AuthPayload);
}
if (CpPayload != NULL) {
IkePayloadFree (CpPayload);
}
if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
if (TsiPayload != NULL) {
IkePayloadFree (TsiPayload);
}
if (TsrPayload != NULL) {
IkePayloadFree (TsrPayload);
}
if (NotifyPayload != NULL) {
IkePayloadFree (NotifyPayload);
}
return NULL;
} }
/** /**
@ -800,7 +863,11 @@ Ikev2AuthPskParser (
// //
// 5. Generate keymats for IPsec protocol. // 5. Generate keymats for IPsec protocol.
// //
Ikev2GenerateChildSaKeys (ChildSaSession, NULL); Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);
if (EFI_ERROR (Status)) {
return Status;
}
if (IkeSaSession->SessionCommon.IsInitiator) { if (IkeSaSession->SessionCommon.IsInitiator) {
// //
// 6. Change the state of IkeSaSession // 6. Change the state of IkeSaSession
@ -934,7 +1001,13 @@ Ikev2AuthCertGenerator (
IkeSaSession = (IKEV2_SA_SESSION *) SaSession; IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList)); ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));
IkePacket = NULL;
IdPayload = NULL;
AuthPayload = NULL;
CpPayload = NULL; CpPayload = NULL;
SaPayload = NULL;
TsiPayload = NULL;
TsrPayload = NULL;
NotifyPayload = NULL; NotifyPayload = NULL;
CertPayload = NULL; CertPayload = NULL;
CertReqPayload = NULL; CertReqPayload = NULL;
@ -981,6 +1054,9 @@ Ikev2AuthCertGenerator (
(UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate), (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),
PcdGet32 (PcdIpsecUefiCertificateSize) PcdGet32 (PcdIpsecUefiCertificateSize)
); );
if (IdPayload == NULL) {
goto CheckError;
}
// //
// 3. Generate Certificate Payload // 3. Generate Certificate Payload
@ -993,6 +1069,10 @@ Ikev2AuthCertGenerator (
IKEV2_CERT_ENCODEING_X509_CERT_SIGN, IKEV2_CERT_ENCODEING_X509_CERT_SIGN,
FALSE FALSE
); );
if (CertPayload == NULL) {
goto CheckError;
}
if (IkeSaSession->SessionCommon.IsInitiator) { if (IkeSaSession->SessionCommon.IsInitiator) {
CertReqPayload = Ikev2GenerateCertificatePayload ( CertReqPayload = Ikev2GenerateCertificatePayload (
IkeSaSession, IkeSaSession,
@ -1002,6 +1082,9 @@ Ikev2AuthCertGenerator (
IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT, IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,
TRUE TRUE
); );
if (CertReqPayload == NULL) {
goto CheckError;
}
} }
// //
@ -1044,8 +1127,16 @@ Ikev2AuthCertGenerator (
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS
); );
} }
if (CpPayload == NULL) {
goto CheckError;
}
} }
if (AuthPayload == NULL) {
goto CheckError;
}
// //
// 5. Generate SA Payload according to the Sa Data in ChildSaSession // 5. Generate SA Payload according to the Sa Data in ChildSaSession
// //
@ -1054,6 +1145,9 @@ Ikev2AuthCertGenerator (
IKEV2_PAYLOAD_TYPE_TS_INIT, IKEV2_PAYLOAD_TYPE_TS_INIT,
IkeSessionTypeChildSa IkeSessionTypeChildSa
); );
if (SaPayload == NULL) {
goto CheckError;
}
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) { if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {
// //
@ -1084,6 +1178,9 @@ Ikev2AuthCertGenerator (
NULL, NULL,
0 0
); );
if (NotifyPayload == NULL) {
goto CheckError;
}
} else { } else {
// //
// Generate Tsr for Tunnel mode. // Generate Tsr for Tunnel mode.
@ -1100,6 +1197,10 @@ Ikev2AuthCertGenerator (
); );
} }
if (TsiPayload == NULL || TsrPayload == NULL) {
goto CheckError;
}
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload); IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);
IKE_PACKET_APPEND_PAYLOAD (IkePacket, CertPayload); IKE_PACKET_APPEND_PAYLOAD (IkePacket, CertPayload);
if (IkeSaSession->SessionCommon.IsInitiator) { if (IkeSaSession->SessionCommon.IsInitiator) {
@ -1117,6 +1218,49 @@ Ikev2AuthCertGenerator (
} }
return IkePacket; return IkePacket;
CheckError:
if (IkePacket != NULL) {
IkePacketFree (IkePacket);
}
if (IdPayload != NULL) {
IkePayloadFree (IdPayload);
}
if (CertPayload != NULL) {
IkePayloadFree (CertPayload);
}
if (CertReqPayload != NULL) {
IkePayloadFree (CertReqPayload);
}
if (AuthPayload != NULL) {
IkePayloadFree (AuthPayload);
}
if (CpPayload != NULL) {
IkePayloadFree (CpPayload);
}
if (SaPayload != NULL) {
IkePayloadFree (SaPayload);
}
if (TsiPayload != NULL) {
IkePayloadFree (TsiPayload);
}
if (TsrPayload != NULL) {
IkePayloadFree (TsrPayload);
}
if (NotifyPayload != NULL) {
IkePayloadFree (NotifyPayload);
}
return NULL;
} }
/** /**
@ -1340,7 +1484,11 @@ Ikev2AuthCertParser (
// //
// 5. Generat keymats for IPsec protocol. // 5. Generat keymats for IPsec protocol.
// //
Ikev2GenerateChildSaKeys (ChildSaSession, NULL); Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);
if (EFI_ERROR (Status)) {
goto Exit;
}
if (IkeSaSession->SessionCommon.IsInitiator) { if (IkeSaSession->SessionCommon.IsInitiator) {
// //
// 6. Change the state of IkeSaSession // 6. Change the state of IkeSaSession
@ -1541,7 +1689,10 @@ Ikev2GenerateSaKeys (
// //
// Generate Gxy // Generate Gxy
// //
Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload); Status = Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);
if (EFI_ERROR (Status)) {
goto Exit;
}
// //
// Get the key length of Authenticaion, Encryption, PRF, and Integrity. // Get the key length of Authenticaion, Encryption, PRF, and Integrity.
@ -1843,7 +1994,11 @@ Ikev2GenerateChildSaKeys (
// //
// Generate Gxy // Generate Gxy
// //
Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload); Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);
if (EFI_ERROR (Status)) {
goto Exit;
}
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer; Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize; Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;
} }