MdeModulePkg/DxeNetLib: Add array range check in NetIp6IsNetEqual().

* The library API use array elements without any index range check, this
patch is to fix this issue to avoid null pointer reference.

V2
* Added an ASSERT check for the case PrefixLength equals to IP6_PREFIX_MAX.
* Synced some code descriptions to head file.

Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wang Fan <fan.wang@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
This commit is contained in:
Wang Fan 2018-01-11 18:09:24 +08:00 committed by Jiaxin Wu
parent 20737c2fe6
commit e0e26f9c1f
2 changed files with 52 additions and 6 deletions

View File

@ -2,7 +2,7 @@
This library is only intended to be used by UEFI network stack modules. This library is only intended to be used by UEFI network stack modules.
It provides basic functions for the UEFI network stack. It provides basic functions for the UEFI network stack.
Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at<BR> which accompanies this distribution. The full text of the license may be found at<BR>
@ -440,6 +440,8 @@ NetIp4IsUnicast (
/** /**
Check whether the incoming IPv6 address is a valid unicast address. Check whether the incoming IPv6 address is a valid unicast address.
ASSERT if Ip6 is NULL.
If the address is a multicast address has binary 0xFF at the start, it is not If the address is a multicast address has binary 0xFF at the start, it is not
a valid unicast address. If the address is unspecified ::, it is not a valid a valid unicast address. If the address is unspecified ::, it is not a valid
unicast address to be assigned to any node. If the address is loopback address unicast address to be assigned to any node. If the address is loopback address
@ -461,6 +463,8 @@ NetIp6IsValidUnicast (
/** /**
Check whether the incoming Ipv6 address is the unspecified address or not. Check whether the incoming Ipv6 address is the unspecified address or not.
ASSERT if Ip6 is NULL.
@param[in] Ip6 - Ip6 address, in network order. @param[in] Ip6 - Ip6 address, in network order.
@retval TRUE - Yes, incoming Ipv6 address is the unspecified address. @retval TRUE - Yes, incoming Ipv6 address is the unspecified address.
@ -476,6 +480,8 @@ NetIp6IsUnspecifiedAddr (
/** /**
Check whether the incoming Ipv6 address is a link-local address. Check whether the incoming Ipv6 address is a link-local address.
ASSERT if Ip6 is NULL.
@param[in] Ip6 - Ip6 address, in network order. @param[in] Ip6 - Ip6 address, in network order.
@retval TRUE - The incoming Ipv6 address is a link-local address. @retval TRUE - The incoming Ipv6 address is a link-local address.
@ -491,6 +497,9 @@ NetIp6IsLinkLocalAddr (
/** /**
Check whether the Ipv6 address1 and address2 are on the connected network. Check whether the Ipv6 address1 and address2 are on the connected network.
ASSERT if Ip1 or Ip2 is NULL.
ASSERT if PrefixLength exceeds or equals to IP6_PREFIX_MAX.
@param[in] Ip1 - Ip6 address1, in network order. @param[in] Ip1 - Ip6 address1, in network order.
@param[in] Ip2 - Ip6 address2, in network order. @param[in] Ip2 - Ip6 address2, in network order.
@param[in] PrefixLength - The prefix length of the checking net. @param[in] PrefixLength - The prefix length of the checking net.
@ -510,6 +519,8 @@ NetIp6IsNetEqual (
/** /**
Switches the endianess of an IPv6 address. Switches the endianess of an IPv6 address.
ASSERT if Ip6 is NULL.
This function swaps the bytes in a 128-bit IPv6 address to switch the value This function swaps the bytes in a 128-bit IPv6 address to switch the value
from little endian to big endian or vice versa. The byte swapped value is from little endian to big endian or vice versa. The byte swapped value is
returned. returned.
@ -544,6 +555,8 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr;
/** /**
Extract a UINT32 from a byte stream. Extract a UINT32 from a byte stream.
ASSERT if Buf is NULL.
This function copies a UINT32 from a byte stream, and then converts it from Network This function copies a UINT32 from a byte stream, and then converts it from Network
byte order to host byte order. Use this function to avoid alignment error. byte order to host byte order. Use this function to avoid alignment error.
@ -561,6 +574,8 @@ NetGetUint32 (
/** /**
Puts a UINT32 into the byte stream in network byte order. Puts a UINT32 into the byte stream in network byte order.
ASSERT if Buf is NULL.
Converts a UINT32 from host byte order to network byte order, then copies it to the Converts a UINT32 from host byte order to network byte order, then copies it to the
byte stream. byte stream.
@ -677,6 +692,8 @@ NetListRemoveTail (
/** /**
Insert a new node entry after a designated node entry of a doubly linked list. Insert a new node entry after a designated node entry of a doubly linked list.
ASSERT if PrevEntry or NewEntry is NULL.
Inserts a new node entry designated by NewEntry after the node entry designated by PrevEntry Inserts a new node entry designated by NewEntry after the node entry designated by PrevEntry
of the doubly linked list. of the doubly linked list.
@ -694,6 +711,8 @@ NetListInsertAfter (
/** /**
Insert a new node entry before a designated node entry of a doubly linked list. Insert a new node entry before a designated node entry of a doubly linked list.
ASSERT if PostEntry or NewEntry is NULL.
Inserts a new node entry designated by NewEntry before the node entry designated by PostEntry Inserts a new node entry designated by NewEntry before the node entry designated by PostEntry
of the doubly linked list. of the doubly linked list.
@ -839,7 +858,6 @@ NetMapClean (
If Map is NULL, then ASSERT(). If Map is NULL, then ASSERT().
@param[in] Map The net map to test. @param[in] Map The net map to test.
@return TRUE if the netmap is empty, otherwise FALSE. @return TRUE if the netmap is empty, otherwise FALSE.
@ -854,6 +872,8 @@ NetMapIsEmpty (
/** /**
Return the number of the <Key, Value> pairs in the netmap. Return the number of the <Key, Value> pairs in the netmap.
If Map is NULL, then ASSERT().
@param[in] Map The netmap to get the entry number. @param[in] Map The netmap to get the entry number.
@return The entry number in the netmap. @return The entry number in the netmap.
@ -873,6 +893,7 @@ NetMapGetCount (
pairs in the netmap increase by 1. pairs in the netmap increase by 1.
If Map is NULL, then ASSERT(). If Map is NULL, then ASSERT().
If Key is NULL, then ASSERT().
@param[in, out] Map The netmap to insert into. @param[in, out] Map The netmap to insert into.
@param[in] Key The user's key. @param[in] Key The user's key.
@ -898,6 +919,7 @@ NetMapInsertHead (
pairs in the netmap increase by 1. pairs in the netmap increase by 1.
If Map is NULL, then ASSERT(). If Map is NULL, then ASSERT().
If Key is NULL, then ASSERT().
@param[in, out] Map The netmap to insert into. @param[in, out] Map The netmap to insert into.
@param[in] Key The user's key. @param[in] Key The user's key.
@ -922,6 +944,7 @@ NetMapInsertTail (
item with the key to search. It returns the point to the item contains the Key if found. item with the key to search. It returns the point to the item contains the Key if found.
If Map is NULL, then ASSERT(). If Map is NULL, then ASSERT().
If Key is NULL, then ASSERT().
@param[in] Map The netmap to search within. @param[in] Map The netmap to search within.
@param[in] Key The key to search. @param[in] Key The key to search.
@ -1167,6 +1190,9 @@ NetLibGetVlanHandle (
/** /**
Get MAC address associated with the network service handle. Get MAC address associated with the network service handle.
If MacAddress is NULL, then ASSERT().
If AddressSize is NULL, then ASSERT().
There should be MNP Service Binding Protocol installed on the input ServiceHandle. There should be MNP Service Binding Protocol installed on the input ServiceHandle.
If SNP is installed on the ServiceHandle or its parent handle, MAC address will If SNP is installed on the ServiceHandle or its parent handle, MAC address will
be retrieved from SNP. If no SNP found, try to get SNP mode data use MNP. be retrieved from SNP. If no SNP found, try to get SNP mode data use MNP.
@ -1192,6 +1218,8 @@ NetLibGetMacAddress (
Convert MAC address of the NIC associated with specified Service Binding Handle Convert MAC address of the NIC associated with specified Service Binding Handle
to a unicode string. Callers are responsible for freeing the string storage. to a unicode string. Callers are responsible for freeing the string storage.
If MacString is NULL, then ASSERT().
Locate simple network protocol associated with the Service Binding Handle and Locate simple network protocol associated with the Service Binding Handle and
get the mac address from SNP. Then convert the mac address into a unicode get the mac address from SNP. Then convert the mac address into a unicode
string. It takes 2 unicode characters to represent a 1 byte binary buffer. string. It takes 2 unicode characters to represent a 1 byte binary buffer.
@ -1221,6 +1249,8 @@ NetLibGetMacString (
/** /**
Detect media status for specified network device. Detect media status for specified network device.
If MediaPresent is NULL, then ASSERT().
The underlying UNDI driver may or may not support reporting media status from The underlying UNDI driver may or may not support reporting media status from
GET_STATUS command (PXE_STATFLAGS_GET_STATUS_NO_MEDIA_SUPPORTED). This routine GET_STATUS command (PXE_STATFLAGS_GET_STATUS_NO_MEDIA_SUPPORTED). This routine
will try to invoke Snp->GetStatus() to get the media status. If media is already will try to invoke Snp->GetStatus() to get the media status. If media is already
@ -1254,7 +1284,6 @@ NetLibDetectMedia (
); );
/** /**
Detect media state for a network device. This routine will wait for a period of time at Detect media state for a network device. This routine will wait for a period of time at
a specified checking interval when a certain network is under connecting until connection a specified checking interval when a certain network is under connecting until connection
process finishes or timeout. If Aip protocol is supported by low layer drivers, three kinds process finishes or timeout. If Aip protocol is supported by low layer drivers, three kinds
@ -1290,6 +1319,8 @@ NetLibDetectMediaWaitTimeout (
/** /**
Create an IPv4 device path node. Create an IPv4 device path node.
If Node is NULL, then ASSERT().
The header type of IPv4 device path node is MESSAGING_DEVICE_PATH. The header type of IPv4 device path node is MESSAGING_DEVICE_PATH.
The header subtype of IPv4 device path node is MSG_IPv4_DP. The header subtype of IPv4 device path node is MSG_IPv4_DP.
The length of the IPv4 device path node in bytes is 19. The length of the IPv4 device path node in bytes is 19.
@ -1321,6 +1352,10 @@ NetLibCreateIPv4DPathNode (
/** /**
Create an IPv6 device path node. Create an IPv6 device path node.
If Node is NULL, then ASSERT().
If LocalIp is NULL, then ASSERT().
If RemoteIp is NULL, then ASSERT().
The header type of IPv6 device path node is MESSAGING_DEVICE_PATH. The header type of IPv6 device path node is MESSAGING_DEVICE_PATH.
The header subtype of IPv6 device path node is MSG_IPv6_DP. The header subtype of IPv6 device path node is MSG_IPv6_DP.
The length of the IPv6 device path node in bytes is 43. The length of the IPv6 device path node in bytes is 43.
@ -1351,6 +1386,8 @@ NetLibCreateIPv6DPathNode (
/** /**
Find the UNDI/SNP handle from controller and protocol GUID. Find the UNDI/SNP handle from controller and protocol GUID.
If ProtocolGuid is NULL, then ASSERT().
For example, IP will open an MNP child to transmit/receive For example, IP will open an MNP child to transmit/receive
packets. When MNP is stopped, IP should also be stopped. IP packets. When MNP is stopped, IP should also be stopped. IP
needs to find its own private data that is related the IP's needs to find its own private data that is related the IP's
@ -2194,6 +2231,8 @@ NetIpSecNetbufFree (
/** /**
This function obtains the system guid from the smbios table. This function obtains the system guid from the smbios table.
If SystemGuid is NULL, then ASSERT().
@param[out] SystemGuid The pointer of the returned system guid. @param[out] SystemGuid The pointer of the returned system guid.
@retval EFI_SUCCESS Successfully obtained the system guid. @retval EFI_SUCCESS Successfully obtained the system guid.
@ -2208,6 +2247,9 @@ NetLibGetSystemGuid (
/** /**
Create Dns QName according the queried domain name. Create Dns QName according the queried domain name.
If DomainName is NULL, then ASSERT().
QName is a domain name represented as a sequence of labels, QName is a domain name represented as a sequence of labels,
where each label consists of a length octet followed by that where each label consists of a length octet followed by that
number of octets. The QName terminates with the zero number of octets. The QName terminates with the zero

View File

@ -804,7 +804,7 @@ NetIp6IsLinkLocalAddr (
Check whether the Ipv6 address1 and address2 are on the connected network. Check whether the Ipv6 address1 and address2 are on the connected network.
ASSERT if Ip1 or Ip2 is NULL. ASSERT if Ip1 or Ip2 is NULL.
ASSERT if PrefixLength exceeds IP6_PREFIX_MAX. ASSERT if PrefixLength exceeds or equals to IP6_PREFIX_MAX.
@param[in] Ip1 - Ip6 address1, in network order. @param[in] Ip1 - Ip6 address1, in network order.
@param[in] Ip2 - Ip6 address2, in network order. @param[in] Ip2 - Ip6 address2, in network order.
@ -826,7 +826,7 @@ NetIp6IsNetEqual (
UINT8 Bit; UINT8 Bit;
UINT8 Mask; UINT8 Mask;
ASSERT ((Ip1 != NULL) && (Ip2 != NULL) && (PrefixLength <= IP6_PREFIX_MAX)); ASSERT ((Ip1 != NULL) && (Ip2 != NULL) && (PrefixLength < IP6_PREFIX_MAX));
if (PrefixLength == 0) { if (PrefixLength == 0) {
return TRUE; return TRUE;
@ -842,6 +842,10 @@ NetIp6IsNetEqual (
if (Bit > 0) { if (Bit > 0) {
Mask = (UINT8) (0xFF << (8 - Bit)); Mask = (UINT8) (0xFF << (8 - Bit));
ASSERT (Byte < 16);
if (Byte >= 16) {
return FALSE;
}
if ((Ip1->Addr[Byte] & Mask) != (Ip2->Addr[Byte] & Mask)) { if ((Ip1->Addr[Byte] & Mask) != (Ip2->Addr[Byte] & Mask)) {
return FALSE; return FALSE;
} }