tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add security check. 

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8680 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
vanjeff 2009-06-29 09:19:25 +00:00
parent f2a064736d
commit 894d038a8d
22 changed files with 90 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
MdeModulePkg/Library/DxeNetLib/DxeNetLib.c
View File

@ -1286,6 +1286,9 @@ NetLibDefaultAddressIsStatic (
// Construct config request string header
//
ConfigHdr = HiiConstructConfigHdr (&gEfiNicIp4ConfigVariableGuid, EFI_NIC_IP4_CONFIG_VARIABLE, Controller);
if (ConfigHdr == NULL) {
return TRUE;
}
Len = StrLen (ConfigHdr);
ConfigResp = AllocateZeroPool ((Len + NIC_ITEM_CONFIG_SIZE * 2 + 100) * sizeof (CHAR16));

4
MdeModulePkg/Library/DxeNetLib/NetBuffer.c
View File

@ -1,7 +1,7 @@
/** @file
Network library functions providing net buffer operation support.
Copyright (c) 2005 - 2006, Intel Corporation.<BR>
Copyright (c) 2005 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -1506,6 +1506,8 @@ NetbufQueCopy (
Cur += Nbuf->TotalSize;
}
ASSERT (Nbuf != NULL);
//
// Copy the data in the first buffer.
//

18
MdeModulePkg/Universal/Network/ArpDxe/ArpImpl.c
View File

@ -1,7 +1,7 @@
/** @file
The implementation of the ARP protocol.
Copyright (c) 2006 - 2008, Intel Corporation.<BR>
Copyright (c) 2006 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at<BR>
@ -1083,6 +1083,7 @@ ArpSendFrame (
Packet = AllocatePool (TotalLength);
if (Packet == NULL) {
DEBUG ((EFI_D_ERROR, "ArpSendFrame: Allocate memory for Packet failed.\n"));
ASSERT (Packet != NULL);
}
TmpPtr = Packet;
@ -1451,6 +1452,7 @@ ArpFindCacheEntry (
UINT32 FoundCount;
EFI_ARP_FIND_DATA *FindData;
LIST_ENTRY *CacheTable;
UINT32 FoundEntryLength;
ArpService = Instance->ArpService;
@ -1567,12 +1569,14 @@ ArpFindCacheEntry (
goto CLEAN_EXIT;
}
//
// Found the entry length, make sure its 8 bytes alignment.
//
FoundEntryLength = (((sizeof (EFI_ARP_FIND_DATA) + Instance->ConfigData.SwAddressLength +
ArpService->SnpMode.HwAddressSize) + 3) & ~(0x3));
if (EntryLength != NULL) {
//
// Return the entry length, make sure its 8 bytes alignment.
//
*EntryLength = (((sizeof (EFI_ARP_FIND_DATA) + Instance->ConfigData.SwAddressLength +
ArpService->SnpMode.HwAddressSize) + 3) & ~(0x3));
*EntryLength = FoundEntryLength;
}
if (EntryCount != NULL) {
@ -1589,7 +1593,7 @@ ArpFindCacheEntry (
//
// Allocate buffer to copy the found entries.
//
FindData = AllocatePool (FoundCount * (*EntryLength));
FindData = AllocatePool (FoundCount * FoundEntryLength);
if (FindData == NULL) {
DEBUG ((EFI_D_ERROR, "ArpFindCacheEntry: Failed to allocate memory.\n"));
Status = EFI_OUT_OF_RESOURCES;

5
MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Impl.c
View File

@ -1,7 +1,7 @@
/** @file
This file implement the EFI_DHCP4_PROTOCOL interface.
Copyright (c) 2006 - 2008, Intel Corporation.<BR>
Copyright (c) 2006 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -1313,12 +1313,13 @@ PxeDhcpInput (
//
Len = NET_ROUNDUP (sizeof (EFI_DHCP4_PACKET) + UdpPacket->TotalSize - sizeof (EFI_DHCP4_HEADER), 4);
Wrap = NetbufAlloc (Len);
if (Wrap == NULL) {
goto RESTART;
}
Packet = (EFI_DHCP4_PACKET *) NetbufAllocSpace (Wrap, Len, NET_BUF_TAIL);
ASSERT (Packet != NULL);
Packet->Size = Len;
Head = &Packet->Dhcp4.Header;
Packet->Length = NetbufCopy (UdpPacket, 0, UdpPacket->TotalSize, (UINT8 *) Head);

5
MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c
View File

@ -1,7 +1,7 @@
/** @file
Function to validate, parse, process the DHCP options.
Copyright (c) 2006 - 2008, Intel Corporation.<BR>
Copyright (c) 2006 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -668,8 +668,8 @@ DhcpValidateOptions (
}
AllOption = NULL;
Status = DhcpParseOption (Packet, &Count, &AllOption);
Status = DhcpParseOption (Packet, &Count, &AllOption);
if (EFI_ERROR (Status) || (Count == 0)) {
return Status;
}
@ -679,6 +679,7 @@ DhcpValidateOptions (
for (Index = 0; Index < Count; Index++) {
Option = &AllOption[Index];
ASSERT (Option != NULL);
//
// Find the format of the option then validate it.

5
MdeModulePkg/Universal/Network/IScsiDxe/IScsiCHAP.c
View File

@ -1,7 +1,7 @@
/** @file
This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration.
Copyright (c) 2004 - 2008, Intel Corporation.<BR>
Copyright (c) 2004 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -165,8 +165,7 @@ IScsiCHAPOnRspReceived (
//
KeyValueList = IScsiBuildKeyValueList ((CHAR8 *) Data, Len);
if (KeyValueList == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
return EFI_OUT_OF_RESOURCES;
}
Status = EFI_PROTOCOL_ERROR;

5
MdeModulePkg/Universal/Network/IScsiDxe/IScsiMisc.c
View File

@ -1,7 +1,7 @@
/** @file
Miscellaneous routines for iSCSI driver.
Copyright (c) 2004 - 2008, Intel Corporation.<BR>
Copyright (c) 2004 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -744,6 +744,9 @@ IScsiGetTcpConnDevicePath (
// Duplicate it.
//
DevicePath = DuplicateDevicePath (DevicePath);
if (DevicePath == NULL) {
return NULL;
}
DPathNode = (EFI_DEV_PATH *) DevicePath;

2
MdeModulePkg/Universal/Network/Ip4ConfigDxe/Ip4ConfigNv.c
View File

@ -736,6 +736,8 @@ Ip4FormCallback (
case KEY_SAVE_CHANGES:
Ip4ConfigInstance = Private->Current->Ip4ConfigInstance;
NicInfo = AllocateZeroPool (sizeof (NIC_IP4_CONFIG_INFO) + 2 * sizeof (EFI_IP4_ROUTE_TABLE));
ASSERT (NicInfo != NULL);
NicInfo->Ip4Info.RouteTable = (EFI_IP4_ROUTE_TABLE *) (NicInfo + 1);
if (!Private->Current->SessionConfigData.Enabled) {

4
MdeModulePkg/Universal/Network/Ip4Dxe/Ip4If.c
View File

@ -1,7 +1,7 @@
/** @file
Implement IP4 pesudo interface.
Copyright (c) 2005 - 2007, Intel Corporation.<BR>
Copyright (c) 2005 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -582,7 +582,7 @@ Ip4SetAddress (
Type = NetGetIpClass (IpAddr);
Len = NetGetMaskLength (SubnetMask);
Netmask = gIp4AllMasks[MIN (Len, Type << 3)];
Netmask = gIp4AllMasks[MIN ((Len - 1), Type << 3)];
Interface->NetBrdcast = (IpAddr | ~Netmask);
//

5
MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Igmp.c
View File

@ -1,7 +1,7 @@
/** @file
This file implements the RFC2236: IGMP v2.
Copyright (c) 2005 - 2006, Intel Corporation.<BR>
Copyright (c) 2005 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -192,6 +192,9 @@ Ip4SendIgmpMessage (
NetbufReserve (Packet, IP4_MAX_HEADLEN);
Igmp = (IGMP_HEAD *) NetbufAllocSpace (Packet, sizeof (IGMP_HEAD), FALSE);
if (Igmp == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Igmp->Type = Type;
Igmp->MaxRespTime = 0;

6
MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Impl.c
View File

@ -1,6 +1,6 @@
/** @file
Copyright (c) 2005 - 2007, Intel Corporation.<BR>
Copyright (c) 2005 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -1314,6 +1314,10 @@ Ip4Groups (
// host byte order
//
if (JoinFlag) {
//
// When JoinFlag is TRUE, GroupAddress shouldn't be NULL.
//
ASSERT (GroupAddress != NULL);
CopyMem (&Group, GroupAddress, sizeof (IP4_ADDR));
for (Index = 0; Index < IpInstance->GroupCount; Index++) {

6
MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c
View File

@ -1,7 +1,7 @@
/** @file
IP4 input process.
Copyright (c) 2005 - 2007, Intel Corporation.<BR>
Copyright (c) 2005 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -265,6 +265,10 @@ Ip4Reassemble (
InsertHeadList (&Table->Bucket[Index], &Assemble->Link);
}
//
// Assemble shouldn't be NULL here
//
ASSERT (Assemble != NULL);
//
// Find the point to insert the packet: before the first

4
MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Rrq.c
View File

@ -1,7 +1,7 @@
/** @file
Routines to process Rrq (download).
Copyright (c) 2006 - 2007, Intel Corporation<BR>
Copyright (c) 2006 - 2009, Intel Corporation<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -99,7 +99,6 @@ Mtftp4RrqSendAck (
NET_BUF *Packet;
Packet = NetbufAlloc (sizeof (EFI_MTFTP4_ACK_HEADER));
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@ -109,6 +108,7 @@ Mtftp4RrqSendAck (
sizeof (EFI_MTFTP4_ACK_HEADER),
FALSE
);
ASSERT (Ack != NULL);
Ack->Ack.OpCode = HTONS (EFI_MTFTP4_OPCODE_ACK);
Ack->Ack.Block[0] = HTONS (BlkNo);

7
MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Support.c
View File

@ -1,7 +1,7 @@
/** @file
Support routines for Mtftp.
Copyright (c) 2006 - 2007, Intel Corporation<BR>
Copyright (c) 2006 - 2009, Intel Corporation<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -291,6 +291,8 @@ Mtftp4SendRequest (
}
Packet = (EFI_MTFTP4_PACKET *) NetbufAllocSpace (Nbuf, Len, FALSE);
ASSERT (Packet != NULL);
Packet->OpCode = HTONS (Instance->Operation);
Cur = Packet->Rrq.Filename;
Cur = (UINT8 *) AsciiStrCpy ((CHAR8 *) Cur, (CHAR8 *) Token->Filename);
@ -335,12 +337,13 @@ Mtftp4SendError (
Len = (UINT32) (AsciiStrLen ((CHAR8 *) ErrInfo) + sizeof (EFI_MTFTP4_ERROR_HEADER));
Packet = NetbufAlloc (Len);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
}
TftpError = (EFI_MTFTP4_PACKET *) NetbufAllocSpace (Packet, Len, FALSE);
ASSERT (TftpError != NULL);
TftpError->OpCode = HTONS (EFI_MTFTP4_OPCODE_ERROR);
TftpError->Error.ErrorCode = HTONS (ErrCode);

3
MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Wrq.c
View File

@ -1,7 +1,7 @@
/** @file
Routines to process Wrq (upload).
Copyright (c) 2006, Intel Corporation<BR>
Copyright (c) 2006 - 2009, Intel Corporation<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -52,6 +52,7 @@ Mtftp4WrqSendBlock (
}
Packet = (EFI_MTFTP4_PACKET *) NetbufAllocSpace (UdpPacket, MTFTP4_DATA_HEAD_LEN, FALSE);
ASSERT (Packet != NULL);
Packet->Data.OpCode = HTONS (EFI_MTFTP4_OPCODE_DATA);
Packet->Data.Block = HTONS (BlockNum);

4
MdeModulePkg/Universal/Network/SnpDxe/Snp.c
View File

@ -1,5 +1,5 @@
/** @file
Implementation of driver entry point and driver binding protocol.
Implementation of driver entry point and driver binding protocol.
Copyright (c) 2004 - 2009, Intel Corporation. <BR>
All rights reserved. This program and the accompanying materials are licensed
@ -860,7 +860,7 @@ AddV2P (
}
*V2p = AllocatePool (sizeof (V2P));
if (*V2p != NULL) {
if (*V2p == NULL) {
return EFI_OUT_OF_RESOURCES;
}

7
MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Output.c
View File

@ -1,7 +1,7 @@
/** @file
TCP output process routines.
Copyright (c) 2005 - 2006, Intel Corporation<BR>
Copyright (c) 2005 - 2009, Intel Corporation<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -445,7 +445,9 @@ TcpGetSegmentSndQue (
}
}
ASSERT (Cur != Head);
ASSERT (Cur != Head);
ASSERT (Node != NULL);
ASSERT (Seg != NULL);
//
// Return the buffer if it can be returned without
@ -750,6 +752,7 @@ SEND_AGAIN:
Len = TcpDataToSend (Tcb, Force);
Seq = Tcb->SndNxt;
ASSERT ((Tcb->State) < (sizeof (mTcpOutFlag) / sizeof (mTcpOutFlag[0])));
Flag = mTcpOutFlag[Tcb->State];
if ((Flag & TCP_FLG_SYN) != 0) {

3
MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Impl.c
View File

@ -1,7 +1,7 @@
/** @file
The implementation of the Udp4 protocol.
Copyright (c) 2006 - 2008, Intel Corporation.<BR>
Copyright (c) 2006 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -1718,6 +1718,7 @@ Udp4SendPortUnreach (
// Allocate space for the IP4_ICMP_ERROR_HEAD.
//
IcmpErrHdr = (IP4_ICMP_ERROR_HEAD *) NetbufAllocSpace (Packet, Len, FALSE);
ASSERT (IcmpErrHdr != NULL);
//
// Set the required fields for the icmp port unreachable message.

4
MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Main.c
View File

@ -1,6 +1,6 @@
/** @file
Copyright (c) 2006 - 2007, Intel Corporation.<BR>
Copyright (c) 2006 - 2009, Intel Corporation.<BR>
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -576,6 +576,8 @@ Udp4Transmit (
*((UINTN *) &Packet->ProtoData[0]) = (UINTN) (Udp4Service->IpIo);
Udp4Header = (EFI_UDP4_HEADER *) NetbufAllocSpace (Packet, UDP4_HEADER_SIZE, TRUE);
ASSERT (Udp4Header != NULL);
ConfigData = &Instance->ConfigData;
//

14
MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcDhcp.c
View File

@ -274,6 +274,7 @@ PxeBcTryBinl (
PXEBC_CACHED_DHCP4_PACKET *CachedPacket;
EFI_DHCP4_PACKET *Reply;
ASSERT (Index < PXEBC_MAX_OFFER_NUM);
ASSERT (Private->Dhcp4Offers[Index].OfferType == DHCP4_PACKET_TYPE_BINL);
Offer = &Private->Dhcp4Offers[Index].Packet.Offer;
@ -560,6 +561,7 @@ PxeBcCacheDhcpOffer (
}
OfferType = CachedOffer->OfferType;
ASSERT (OfferType < DHCP4_PACKET_TYPE_MAX);
if (OfferType == DHCP4_PACKET_TYPE_BOOTP) {
@ -603,6 +605,7 @@ PxeBcCacheDhcpOffer (
//
// It's a dhcp offer with your address.
//
ASSERT (Private->ServerCount[OfferType] < PXEBC_MAX_OFFER_NUM);
Private->OfferIndex[OfferType][Private->ServerCount[OfferType]] = Private->NumOffers;
Private->ServerCount[OfferType]++;
}
@ -1119,6 +1122,7 @@ PxeBcDiscvBootService (
EFI_DHCP4_HEADER *DhcpHeader;
UINT32 Xid;
ASSERT (IsDiscv && (Layer != NULL));
Mode = Private->PxeBc.Mode;
Dhcp4 = Private->Dhcp4;
@ -1717,15 +1721,21 @@ PxeBcSelectBootMenu (
MenuSize = VendorOpt->BootMenuLen;
MenuItem = VendorOpt->BootMenu;
if (MenuSize == 0) {
return EFI_NOT_READY;
}
while (MenuSize > 0) {
MenuArray[Index] = MenuItem;
MenuSize = (UINT8) (MenuSize - (MenuItem->DescLen + 3));
MenuItem = (PXEBC_BOOT_MENU_ENTRY *) ((UINT8 *) MenuItem + MenuItem->DescLen + 3);
Index++;
if (Index++ > (PXEBC_MAX_MENU_NUM - 1)) {
break;
}
}
if (UseDefaultItem) {
CopyMem (Type, &MenuArray[0]->Type, sizeof (UINT16));
*Type = MenuArray[0]->Type;
*Type = NTOHS (*Type);
return EFI_SUCCESS;
}

13
MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcImpl.c
View File

@ -1432,6 +1432,8 @@ CheckIpByFilter (
return TRUE;
}
ASSERT (PxeBcMode->IpFilter.IpCnt < EFI_PXE_BASE_CODE_MAX_IPCNT);
for (Index = 0; Index < PxeBcMode->IpFilter.IpCnt; Index++) {
CopyMem (
&Ip4Address,
@ -1755,20 +1757,20 @@ EfiPxeBcSetIpFilter (
BOOLEAN PromiscuousNeed;
if (This == NULL) {
DEBUG ((EFI_D_ERROR, "BC *This pointer == NULL.\n"));
DEBUG ((EFI_D_ERROR, "This == NULL.\n"));
return EFI_INVALID_PARAMETER;
}
Private = PXEBC_PRIVATE_DATA_FROM_PXEBC (This);
Mode = Private->PxeBc.Mode;
if (Private == NULL) {
DEBUG ((EFI_D_ERROR, "PXEBC_PRIVATE_DATA poiner == NULL.\n"));
if (NewFilter == NULL) {
DEBUG ((EFI_D_ERROR, "NewFilter == NULL.\n"));
return EFI_INVALID_PARAMETER;
}
if (NewFilter == NULL) {
DEBUG ((EFI_D_ERROR, "IP Filter *NewFilter == NULL.\n"));
if (NewFilter->IpCnt > EFI_PXE_BASE_CODE_MAX_IPCNT) {
DEBUG ((EFI_D_ERROR, "NewFilter->IpCnt > %d.\n", EFI_PXE_BASE_CODE_MAX_IPCNT));
return EFI_INVALID_PARAMETER;
}
@ -1778,6 +1780,7 @@ EfiPxeBcSetIpFilter (
}
PromiscuousNeed = FALSE;
for (Index = 0; Index < NewFilter->IpCnt; ++Index) {
if (IP4_IS_LOCAL_BROADCAST (EFI_IP4 (NewFilter->IpList[Index].v4))) {
//

3
MdeModulePkg/Universal/Network/UefiPxeBcDxe/PxeBcSupport.c
View File

@ -250,9 +250,10 @@ CvtNum (
{
UINTN Remainder;
while (Length-- > 0) {
while (Length > 0) {
Remainder = Number % 10;
Number /= 10;
Length--;
Buffer[Length] = (UINT8) ('0' + Remainder);
}
}