1. In IPv4 and IPv6 driver, before calling IPsec, a new NET_FRAGMENT structure is allocated and then passed to IPsec, it should be released after it is done to avoid the memory leak.

2. In IPsec driver it wrongly use the HeadLen to calculate the IP header length after the IPsec process. Correct this mistake.

Signed-off-by: qianouyang
Reviewed-by: jjin9
Reviewed-by: ZhangCaoIntel

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11824 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
qianouyang 2011-06-14 09:45:59 +00:00
parent 08cd970203
commit 94b928ca59
3 changed files with 46 additions and 12 deletions

View File

@ -1,7 +1,7 @@
/** @file /** @file
IP4 input process. IP4 input process.
Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -583,11 +583,21 @@ Ip4IpSecProcessPacket (
Ip4NtohHead (*Head); Ip4NtohHead (*Head);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
FreePool (OriginalFragmentTable);
goto ON_EXIT; goto ON_EXIT;
} }
if (OriginalFragmentTable == FragmentTable && OriginalFragmentCount == FragmentCount) { if (OriginalFragmentTable == FragmentTable && OriginalFragmentCount == FragmentCount) {
//
// For ByPass Packet
//
FreePool (FragmentTable);
goto ON_EXIT; goto ON_EXIT;
} else {
//
// Free the FragmentTable which allocated before calling the IPsec.
//
FreePool (OriginalFragmentTable);
} }
if (Direction == EfiIPsecOutBound && TxWrap != NULL) { if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
@ -602,6 +612,11 @@ Ip4IpSecProcessPacket (
TxWrap TxWrap
); );
if (TxWrap->Packet == NULL) { if (TxWrap->Packet == NULL) {
//
// Recover the TxWrap->Packet, if meet a error, and the caller will free
// the TxWrap.
//
TxWrap->Packet = *Netbuf;
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT; goto ON_EXIT;
} }
@ -617,6 +632,8 @@ Ip4IpSecProcessPacket (
IpSecWrap = AllocateZeroPool (sizeof (IP4_IPSEC_WRAP)); IpSecWrap = AllocateZeroPool (sizeof (IP4_IPSEC_WRAP));
if (IpSecWrap == NULL) { if (IpSecWrap == NULL) {
Status = EFI_OUT_OF_RESOURCES;
gBS->SignalEvent (RecycleEvent);
goto ON_EXIT; goto ON_EXIT;
} }
@ -632,6 +649,9 @@ Ip4IpSecProcessPacket (
); );
if (Packet == NULL) { if (Packet == NULL) {
Packet = IpSecWrap->Packet;
gBS->SignalEvent (RecycleEvent);
FreePool (IpSecWrap);
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT; goto ON_EXIT;
} }

View File

@ -1,7 +1,7 @@
/** @file /** @file
IP6 internal functions to process the incoming packets. IP6 internal functions to process the incoming packets.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -613,6 +613,7 @@ Ip6IpSecProcessPacket (
Ip6NtohHead (*Head); Ip6NtohHead (*Head);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
FreePool (OriginalFragmentTable);
goto ON_EXIT; goto ON_EXIT;
} }
@ -620,7 +621,13 @@ Ip6IpSecProcessPacket (
// //
// For ByPass Packet // For ByPass Packet
// //
FreePool (FragmentTable);
goto ON_EXIT; goto ON_EXIT;
} else {
//
// Free the FragmentTable which allocated before calling the IPsec.
//
FreePool (OriginalFragmentTable);
} }
if (Direction == EfiIPsecOutBound && TxWrap != NULL) { if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
@ -634,6 +641,7 @@ Ip6IpSecProcessPacket (
TxWrap TxWrap
); );
if (TxWrap->Packet == NULL) { if (TxWrap->Packet == NULL) {
TxWrap->Packet = *Netbuf;
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT; goto ON_EXIT;
} }
@ -652,6 +660,8 @@ Ip6IpSecProcessPacket (
IpSecWrap = AllocateZeroPool (sizeof (IP6_IPSEC_WRAP)); IpSecWrap = AllocateZeroPool (sizeof (IP6_IPSEC_WRAP));
if (IpSecWrap == NULL) { if (IpSecWrap == NULL) {
Status = EFI_OUT_OF_RESOURCES;
gBS->SignalEvent (RecycleEvent);
goto ON_EXIT; goto ON_EXIT;
} }
@ -667,6 +677,9 @@ Ip6IpSecProcessPacket (
); );
if (Packet == NULL) { if (Packet == NULL) {
Packet = IpSecWrap->Packet;
gBS->SignalEvent (RecycleEvent);
FreePool (IpSecWrap);
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT; goto ON_EXIT;
} }
@ -679,6 +692,7 @@ Ip6IpSecProcessPacket (
NET_BUF_HEAD NET_BUF_HEAD
); );
if (PacketHead == NULL) { if (PacketHead == NULL) {
*Netbuf = Packet;
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT; goto ON_EXIT;
} }

View File

@ -1596,7 +1596,7 @@ IpSecEspInboundPacket (
// //
if (!SadData->Mode == EfiIPsecTunnel) { if (!SadData->Mode == EfiIPsecTunnel) {
if (IpVersion == IP_VERSION_4) { if (IpVersion == IP_VERSION_4) {
((IP4_HEAD *) IpHead)->TotalLen = HTONS ((UINT16) (((IP4_HEAD *) IpHead)->HeadLen + PlainPayloadSize)); ((IP4_HEAD *) IpHead)->TotalLen = HTONS ((UINT16) ((((IP4_HEAD *) IpHead)->HeadLen << 2) + PlainPayloadSize));
} else { } else {
IpSecHeadSize = IpSecGetPlainExtHeadSize (IpHead, LastHead); IpSecHeadSize = IpSecGetPlainExtHeadSize (IpHead, LastHead);
((EFI_IP6_HEADER *) IpHead)->PayloadLength = HTONS ((UINT16)(IpSecHeadSize + PlainPayloadSize)); ((EFI_IP6_HEADER *) IpHead)->PayloadLength = HTONS ((UINT16)(IpSecHeadSize + PlainPayloadSize));