NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 Set the HostName by consuming TLS protocol to enable the host name check so as to avoid the potential Man-In-The-Middle attack. Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2019-09-27 11:44:41 +08:00 · 2019-09-27 11:44:41 +08:00 · e2fc508128
parent 703e7ab21f
commit e2fc508128
2 changed files with 18 additions and 4 deletions
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@ -82,6 +82,7 @@ typedef struct {
  EFI_TLS_VERSION               Version;
  EFI_TLS_CONNECTION_END        ConnectionEnd;
  EFI_TLS_VERIFY                VerifyMethod;
+  EFI_TLS_VERIFY_HOST           VerifyHost;
  EFI_TLS_SESSION_STATE         SessionState;
 } TLS_CONFIG_DATA;

--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@ -625,11 +625,14 @@ TlsConfigureSession (
  //
  HttpInstance->TlsConfigData.ConnectionEnd       = EfiTlsClient;
  HttpInstance->TlsConfigData.VerifyMethod        = EFI_TLS_VERIFY_PEER;
+  HttpInstance->TlsConfigData.VerifyHost.Flags    = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS;
+  HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
  HttpInstance->TlsConfigData.SessionState        = EfiTlsSessionNotStarted;

  //
  // EfiTlsConnectionEnd,
-  // EfiTlsVerifyMethod
+  // EfiTlsVerifyMethod,
+  // EfiTlsVerifyHost,
  // EfiTlsSessionState
  //
  Status = HttpInstance->Tls->SetSessionData (
@ -652,6 +655,16 @@ TlsConfigureSession (
    return Status;
  }

+  Status = HttpInstance->Tls->SetSessionData (
+                                HttpInstance->Tls,
+                                EfiTlsVerifyHost,
+                                &HttpInstance->TlsConfigData.VerifyHost,
+                                sizeof (EFI_TLS_VERIFY_HOST)
+                                );
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
  Status = HttpInstance->Tls->SetSessionData (
                                HttpInstance->Tls,
                                EfiTlsSessionState,