NetworkPkg/IpSecDxe: Add check to avoid possible divide by zero

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-11-16 13:52:20 +08:00 · 2016-11-16 13:52:20 +08:00 · ce8e582c06
parent 5af4388433
commit ce8e582c06
1 changed files with 7 additions and 1 deletions
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@ -2,7 +2,7 @@
  The Common operations used by IKE Exchange Process.

  (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-  Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>

  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
@ -2627,6 +2627,8 @@ Ikev2ChildSaParseSaPayload (

  @retval EFI_SUCCESS            The operation complete successfully.
  @retval EFI_INVALID_PARAMETER  If NumFragments is zero.
+                                 If the authentication algorithm given by HashAlgId
+                                 cannot be found.
  @retval EFI_OUT_OF_RESOURCES   If the required resource can't be allocated.
  @retval Others                 The operation is failed.

@ -2663,6 +2665,10 @@ Ikev2SaGenerateKey (
  LocalFragments[2].Data = NULL;

  AuthKeyLength = IpSecGetHmacDigestLength (HashAlgId);
+  if (AuthKeyLength == 0) {
+    return EFI_INVALID_PARAMETER;
+  }
+
  DigestSize    = AuthKeyLength;
  Digest        = AllocateZeroPool (AuthKeyLength);