tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4535

Bug Details:
PixieFail Bug #2
CVE-2023-45230
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

Changes Overview:
> -UINT8 *
> +EFI_STATUS
>  Dhcp6AppendOption (
> -  IN OUT UINT8   *Buf,
> -  IN     UINT16  OptType,
> -  IN     UINT16  OptLen,
> -  IN     UINT8   *Data
> +  IN OUT EFI_DHCP6_PACKET  *Packet,
> +  IN OUT UINT8             **PacketCursor,
> +  IN     UINT16            OptType,
> +  IN     UINT16            OptLen,
> +  IN     UINT8             *Data
>    );

Dhcp6AppendOption() and variants can return errors now.  All callsites
are adapted accordingly.

It gets passed in EFI_DHCP6_PACKET as additional parameter ...

> +  //
> +  // Verify the PacketCursor is within the packet
> +  //
> +  if (  (*PacketCursor < Packet->Dhcp6.Option)
> +     || (*PacketCursor >= Packet->Dhcp6.Option +
 (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
> +  {
> +    return EFI_INVALID_PARAMETER;
> +  }

... so it can look at Packet->Size when checking buffer space.
Also to allow Packet->Length updates.

Lots of checks added.

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
This commit is contained in:
Doug Flick via groups.io 2024-01-26 05:54:43 +08:00 committed by mergify[bot]
parent 959f71c801
commit f31453e8d6
4 changed files with 666 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
View File

@ -45,6 +45,49 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
#define DHCP6_SERVICE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'S')
#define DHCP6_INSTANCE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'I')
//
// For more information on DHCP options see RFC 8415, Section 21.1
//
// The format of DHCP options is:
//
// 0 1 2 3
// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// | option-code | option-len |
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// | option-data |
// | (option-len octets) |
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
#define DHCP6_SIZE_OF_OPT_CODE (sizeof(UINT16))
#define DHCP6_SIZE_OF_OPT_LEN (sizeof(UINT16))
//
// Combined size of Code and Length
//
#define DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN (DHCP6_SIZE_OF_OPT_CODE + \
DHCP6_SIZE_OF_OPT_LEN)
STATIC_ASSERT (
DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN == 4,
"Combined size of Code and Length must be 4 per RFC 8415"
);
//
// Offset to the length is just past the code
//
#define DHCP6_OPT_LEN_OFFSET(a) (a + DHCP6_SIZE_OF_OPT_CODE)
STATIC_ASSERT (
DHCP6_OPT_LEN_OFFSET (0) == 2,
"Offset of length is + 2 past start of option"
);
#define DHCP6_OPT_DATA_OFFSET(a) (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
STATIC_ASSERT (
DHCP6_OPT_DATA_OFFSET (0) == 4,
"Offset to option data should be +4 from start of option"
);
#define DHCP6_PACKET_ALL 0
#define DHCP6_PACKET_STATEFUL 1
#define DHCP6_PACKET_STATELESS 2

409
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
View File

@ -3,9 +3,9 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "Dhcp6Impl.h"
@ -930,7 +930,8 @@ Dhcp6SendSolicitMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
Status = EFI_OUT_OF_RESOURCES;
goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@ -944,54 +945,64 @@ Dhcp6SendSolicitMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendETOption (
Cursor,
Status = Dhcp6AppendETOption (
Packet,
&Cursor,
Instance,
&Elapsed
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendIaOption (
Cursor,
Status = Dhcp6AppendIaOption (
Packet,
&Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Append user-defined when configurate Dhcp6 service.
//
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
}
//
// Determine the size/length of packet.
//
Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendSolicit, &Packet);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
@ -1005,10 +1016,8 @@ Dhcp6SendSolicitMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
@ -1020,6 +1029,14 @@ Dhcp6SendSolicitMsg (
Elapsed,
Instance->Config->SolicitRetransmission
);
ON_ERROR:
if (Packet) {
FreePool (Packet);
}
return Status;
}
/**
@ -1110,7 +1127,8 @@ Dhcp6SendRequestMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
Status = EFI_OUT_OF_RESOURCES;
goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@ -1124,51 +1142,67 @@ Dhcp6SendRequestMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendETOption (
Cursor,
Status = Dhcp6AppendETOption (
Packet,
&Cursor,
Instance,
&Elapsed
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendIaOption (
Cursor,
Status = Dhcp6AppendIaOption (
Packet,
&Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Append user-defined when configurate Dhcp6 service.
//
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
}
//
// Determine the size/length of packet.
//
Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
@ -1177,8 +1211,7 @@ Dhcp6SendRequestMsg (
Status = Dhcp6CallbackUser (Instance, Dhcp6SendRequest, &Packet);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
@ -1194,14 +1227,21 @@ Dhcp6SendRequestMsg (
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
ON_ERROR:
if (Packet) {
FreePool (Packet);
}
return Status;
}
/**
@ -1266,7 +1306,8 @@ Dhcp6SendDeclineMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
Status = EFI_OUT_OF_RESOURCES;
goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE;
@ -1280,42 +1321,58 @@ Dhcp6SendDeclineMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendETOption (
Cursor,
Status = Dhcp6AppendETOption (
Packet,
&Cursor,
Instance,
&Elapsed
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendIaOption (Cursor, DecIa, 0, 0, Packet->Dhcp6.Header.MessageType);
Status = Dhcp6AppendIaOption (
Packet,
&Cursor,
DecIa,
0,
0,
Packet->Dhcp6.Header.MessageType
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Determine the size/length of packet.
//
Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendDecline, &Packet);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
@ -1329,16 +1386,22 @@ Dhcp6SendDeclineMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
ON_ERROR:
if (Packet) {
FreePool (Packet);
}
return Status;
}
/**
@ -1399,7 +1462,8 @@ Dhcp6SendReleaseMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
Status = EFI_OUT_OF_RESOURCES;
goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE;
@ -1413,45 +1477,61 @@ Dhcp6SendReleaseMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// ServerId is extracted from packet, it's network order.
//
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendETOption (
Cursor,
Status = Dhcp6AppendETOption (
Packet,
&Cursor,
Instance,
&Elapsed
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendIaOption (Cursor, RelIa, 0, 0, Packet->Dhcp6.Header.MessageType);
Status = Dhcp6AppendIaOption (
Packet,
&Cursor,
RelIa,
0,
0,
Packet->Dhcp6.Header.MessageType
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Determine the size/length of packet
//
Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendRelease, &Packet);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
@ -1461,16 +1541,22 @@ Dhcp6SendReleaseMsg (
Instance->IaCb.Ia->State = Dhcp6Releasing;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
ON_ERROR:
if (Packet) {
FreePool (Packet);
}
return Status;
}
/**
@ -1529,7 +1615,8 @@ Dhcp6SendRenewRebindMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
Status = EFI_OUT_OF_RESOURCES;
goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@ -1543,26 +1630,38 @@ Dhcp6SendRenewRebindMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendETOption (
Cursor,
Status = Dhcp6AppendETOption (
Packet,
&Cursor,
Instance,
&Elapsed
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendIaOption (
Cursor,
Status = Dhcp6AppendIaOption (
Packet,
&Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
if (!RebindRequest) {
//
@ -1578,18 +1677,22 @@ Dhcp6SendRenewRebindMsg (
Dhcp6OptServerId
);
if (Option == NULL) {
FreePool (Packet);
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto ON_ERROR;
}
ServerId = (EFI_DHCP6_DUID *)(Option + 2);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
}
//
@ -1597,18 +1700,18 @@ Dhcp6SendRenewRebindMsg (
//
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
}
//
// Determine the size/length of packet.
//
Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
@ -1618,10 +1721,8 @@ Dhcp6SendRenewRebindMsg (
Event = (RebindRequest) ? Dhcp6EnterRebinding : Dhcp6EnterRenewing;
Status = Dhcp6CallbackUser (Instance, Event, &Packet);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
@ -1638,16 +1739,22 @@ Dhcp6SendRenewRebindMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
ON_ERROR:
if (Packet) {
FreePool (Packet);
}
return Status;
}
/**
@ -1811,7 +1918,8 @@ Dhcp6SendInfoRequestMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
Status = EFI_OUT_OF_RESOURCES;
goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@ -1828,44 +1936,56 @@ Dhcp6SendInfoRequestMsg (
if (SendClientId) {
Length = HTONS (ClientId->Length);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
}
Cursor = Dhcp6AppendETOption (
Cursor,
Status = Dhcp6AppendETOption (
Packet,
&Cursor,
Instance,
&Elapsed
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
OptionRequest->OpCode,
OptionRequest->OpLen,
OptionRequest->Data
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Append user-defined when configurate Dhcp6 service.
//
for (Index = 0; Index < OptionCount; Index++) {
UserOpt = OptionList[Index];
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
}
//
// Determine the size/length of packet.
//
Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
@ -1877,16 +1997,22 @@ Dhcp6SendInfoRequestMsg (
// Send info-request packet with no state.
//
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, Retransmission);
ON_ERROR:
if (Packet) {
FreePool (Packet);
}
return Status;
}
/**
@ -1937,7 +2063,8 @@ Dhcp6SendConfirmMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
return EFI_OUT_OF_RESOURCES;
Status = EFI_OUT_OF_RESOURCES;
goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@ -1951,54 +2078,64 @@ Dhcp6SendConfirmMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendETOption (
Cursor,
Status = Dhcp6AppendETOption (
Packet,
&Cursor,
Instance,
&Elapsed
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
Cursor = Dhcp6AppendIaOption (
Cursor,
Status = Dhcp6AppendIaOption (
Packet,
&Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
//
// Append user-defined when configurate Dhcp6 service.
//
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
Cursor = Dhcp6AppendOption (
Cursor,
Status = Dhcp6AppendOption (
Packet,
&Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
if (EFI_ERROR (Status)) {
goto ON_ERROR;
}
}
//
// Determine the size/length of packet.
//
Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendConfirm, &Packet);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
@ -2012,16 +2149,22 @@ Dhcp6SendConfirmMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
FreePool (Packet);
return Status;
goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
ON_ERROR:
if (Packet) {
FreePool (Packet);
}
return Status;
}
/**

373
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
View File

@ -577,24 +577,33 @@ Dhcp6OnTransmitted (
}
/**
Append the option to Buf, and move Buf to the end.
Append the option to Buf, update the length of packet, and move Buf to the end.
@param[in, out] Buf The pointer to the buffer.
@param[in] OptType The option type.
@param[in] OptLen The length of option contents.
@param[in] Data The pointer to the option content.
@param[in, out] Packet A pointer to the packet, on success Packet->Length
will be updated.
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
will be moved to the end of the option.
@param[in] OptType The option type.
@param[in] OptLen The length of option contents.
@param[in] Data The pointer to the option content.
@return Buf The position to append the next option.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
UINT8 *
EFI_STATUS
Dhcp6AppendOption (
IN OUT UINT8 *Buf,
IN UINT16 OptType,
IN UINT16 OptLen,
IN UINT8 *Data
IN OUT EFI_DHCP6_PACKET *Packet,
IN OUT UINT8 **PacketCursor,
IN UINT16 OptType,
IN UINT16 OptLen,
IN UINT8 *Data
)
{
UINT32 Length;
UINT32 BytesNeeded;
//
// The format of Dhcp6 option:
//
@ -607,35 +616,95 @@ Dhcp6AppendOption (
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
ASSERT (OptLen != 0);
//
// Verify the arguments are valid
//
if (Packet == NULL) {
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buf, OptType);
Buf += 2;
WriteUnaligned16 ((UINT16 *)Buf, OptLen);
Buf += 2;
CopyMem (Buf, Data, NTOHS (OptLen));
Buf += NTOHS (OptLen);
if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
return EFI_INVALID_PARAMETER;
}
return Buf;
if (Data == NULL) {
return EFI_INVALID_PARAMETER;
}
if (OptLen == 0) {
return EFI_INVALID_PARAMETER;
}
//
// Verify the PacketCursor is within the packet
//
if ( (*PacketCursor < Packet->Dhcp6.Option)
|| (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
{
return EFI_INVALID_PARAMETER;
}
//
// Calculate the bytes needed for the option
//
BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + NTOHS (OptLen);
//
// Space remaining in the packet
//
Length = Packet->Size - Packet->Length;
if (Length < BytesNeeded) {
return EFI_BUFFER_TOO_SMALL;
}
//
// Verify the PacketCursor is within the packet
//
if ( (*PacketCursor < Packet->Dhcp6.Option)
|| (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
{
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)*PacketCursor, OptType);
*PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
WriteUnaligned16 ((UINT16 *)*PacketCursor, OptLen);
*PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
CopyMem (*PacketCursor, Data, NTOHS (OptLen));
*PacketCursor += NTOHS (OptLen);
// Update the packet length by the length of the option + 4 bytes
Packet->Length += BytesNeeded;
return EFI_SUCCESS;
}
/**
Append the appointed IA Address option to Buf, and move Buf to the end.
@param[in, out] Buf The pointer to the position to append.
@param[in, out] Packet A pointer to the packet, on success Packet->Length
will be updated.
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
will be moved to the end of the option.
@param[in] IaAddr The pointer to the IA Address.
@param[in] MessageType Message type of DHCP6 package.
@return Buf The position to append the next option.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
UINT8 *
EFI_STATUS
Dhcp6AppendIaAddrOption (
IN OUT UINT8 *Buf,
IN OUT EFI_DHCP6_PACKET *Packet,
IN OUT UINT8 **PacketCursor,
IN EFI_DHCP6_IA_ADDRESS *IaAddr,
IN UINT32 MessageType
)
{
UINT32 BytesNeeded;
UINT32 Length;
// The format of the IA Address option is:
//
// 0 1 2 3
@ -657,17 +726,60 @@ Dhcp6AppendIaAddrOption (
// . .
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
// Verify the arguments are valid
//
if (Packet == NULL) {
return EFI_INVALID_PARAMETER;
}
if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
return EFI_INVALID_PARAMETER;
}
if (IaAddr == NULL) {
return EFI_INVALID_PARAMETER;
}
//
// Verify the PacketCursor is within the packet
//
if ( (*PacketCursor < Packet->Dhcp6.Option)
|| (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
{
return EFI_INVALID_PARAMETER;
}
BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN;
BytesNeeded += sizeof (EFI_IPv6_ADDRESS);
//
// Even if the preferred-lifetime is 0, it still needs to store it.
//
BytesNeeded += sizeof (IaAddr->PreferredLifetime);
//
// Even if the valid-lifetime is 0, it still needs to store it.
//
BytesNeeded += sizeof (IaAddr->ValidLifetime);
//
// Space remaining in the packet
//
Length = Packet->Size - Packet->Length;
if (Length < BytesNeeded) {
return EFI_BUFFER_TOO_SMALL;
}
//
// Fill the value of Ia Address option type
//
WriteUnaligned16 ((UINT16 *)Buf, HTONS (Dhcp6OptIaAddr));
Buf += 2;
WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Dhcp6OptIaAddr));
*PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
WriteUnaligned16 ((UINT16 *)Buf, HTONS (sizeof (EFI_DHCP6_IA_ADDRESS)));
Buf += 2;
WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (sizeof (EFI_DHCP6_IA_ADDRESS)));
*PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
CopyMem (Buf, &IaAddr->IpAddress, sizeof (EFI_IPv6_ADDRESS));
Buf += sizeof (EFI_IPv6_ADDRESS);
CopyMem (*PacketCursor, &IaAddr->IpAddress, sizeof (EFI_IPv6_ADDRESS));
*PacketCursor += sizeof (EFI_IPv6_ADDRESS);
//
// Fill the value of preferred-lifetime and valid-lifetime.
@ -675,44 +787,58 @@ Dhcp6AppendIaAddrOption (
// should set to 0 when initiate a Confirm message.
//
if (MessageType != Dhcp6MsgConfirm) {
WriteUnaligned32 ((UINT32 *)Buf, HTONL (IaAddr->PreferredLifetime));
WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (IaAddr->PreferredLifetime));
}
Buf += 4;
*PacketCursor += sizeof (IaAddr->PreferredLifetime);
if (MessageType != Dhcp6MsgConfirm) {
WriteUnaligned32 ((UINT32 *)Buf, HTONL (IaAddr->ValidLifetime));
WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (IaAddr->ValidLifetime));
}
Buf += 4;
*PacketCursor += sizeof (IaAddr->ValidLifetime);
return Buf;
//
// Update the packet length
//
Packet->Length += BytesNeeded;
return EFI_SUCCESS;
}
/**
Append the appointed Ia option to Buf, and move Buf to the end.
@param[in, out] Buf The pointer to the position to append.
@param[in, out] Packet A pointer to the packet, on success Packet->Length
will be updated.
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
will be moved to the end of the option.
@param[in] Ia The pointer to the Ia.
@param[in] T1 The time of T1.
@param[in] T2 The time of T2.
@param[in] MessageType Message type of DHCP6 package.
@return Buf The position to append the next Ia option.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
UINT8 *
EFI_STATUS
Dhcp6AppendIaOption (
IN OUT UINT8 *Buf,
IN EFI_DHCP6_IA *Ia,
IN UINT32 T1,
IN UINT32 T2,
IN UINT32 MessageType
IN OUT EFI_DHCP6_PACKET *Packet,
IN OUT UINT8 **PacketCursor,
IN EFI_DHCP6_IA *Ia,
IN UINT32 T1,
IN UINT32 T2,
IN UINT32 MessageType
)
{
UINT8 *AddrOpt;
UINT16 *Len;
UINTN Index;
UINT8 *AddrOpt;
UINT16 *Len;
UINTN Index;
UINT32 BytesNeeded;
UINT32 Length;
EFI_STATUS Status;
//
// The format of IA_NA and IA_TA option:
@ -733,32 +859,74 @@ Dhcp6AppendIaOption (
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
//
// Verify the arguments are valid
//
if (Packet == NULL) {
return EFI_INVALID_PARAMETER;
}
if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
return EFI_INVALID_PARAMETER;
}
if (Ia == NULL) {
return EFI_INVALID_PARAMETER;
}
//
// Verify the PacketCursor is within the packet
//
if ( (*PacketCursor < Packet->Dhcp6.Option)
|| (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
{
return EFI_INVALID_PARAMETER;
}
BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN;
BytesNeeded += sizeof (Ia->Descriptor.IaId);
//
// + N for the IA_NA-options/IA_TA-options
// Dhcp6AppendIaAddrOption will need to check the length for each address
//
if (Ia->Descriptor.Type == Dhcp6OptIana) {
BytesNeeded += sizeof (T1) + sizeof (T2);
}
//
// Space remaining in the packet
//
Length = (UINT16)(Packet->Size - Packet->Length);
if (Length < BytesNeeded) {
return EFI_BUFFER_TOO_SMALL;
}
//
// Fill the value of Ia option type
//
WriteUnaligned16 ((UINT16 *)Buf, HTONS (Ia->Descriptor.Type));
Buf += 2;
WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Ia->Descriptor.Type));
*PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
//
// Fill the len of Ia option later, keep the pointer first
//
Len = (UINT16 *)Buf;
Buf += 2;
Len = (UINT16 *)*PacketCursor;
*PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
//
// Fill the value of iaid
//
WriteUnaligned32 ((UINT32 *)Buf, HTONL (Ia->Descriptor.IaId));
Buf += 4;
WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (Ia->Descriptor.IaId));
*PacketCursor += sizeof (Ia->Descriptor.IaId);
//
// Fill the value of t1 and t2 if iana, keep it 0xffffffff if no specified.
//
if (Ia->Descriptor.Type == Dhcp6OptIana) {
WriteUnaligned32 ((UINT32 *)Buf, HTONL ((T1 != 0) ? T1 : 0xffffffff));
Buf += 4;
WriteUnaligned32 ((UINT32 *)Buf, HTONL ((T2 != 0) ? T2 : 0xffffffff));
Buf += 4;
WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL ((T1 != 0) ? T1 : 0xffffffff));
*PacketCursor += sizeof (T1);
WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL ((T2 != 0) ? T2 : 0xffffffff));
*PacketCursor += sizeof (T2);
}
//
@ -766,35 +934,51 @@ Dhcp6AppendIaOption (
//
for (Index = 0; Index < Ia->IaAddressCount; Index++) {
AddrOpt = (UINT8 *)Ia->IaAddress + Index * sizeof (EFI_DHCP6_IA_ADDRESS);
Buf = Dhcp6AppendIaAddrOption (Buf, (EFI_DHCP6_IA_ADDRESS *)AddrOpt, MessageType);
Status = Dhcp6AppendIaAddrOption (Packet, PacketCursor, (EFI_DHCP6_IA_ADDRESS *)AddrOpt, MessageType);
if (EFI_ERROR (Status)) {
return Status;
}
}
//
// Fill the value of Ia option length
//
*Len = HTONS ((UINT16)(Buf - (UINT8 *)Len - 2));
*Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));
return Buf;
//
// Update the packet length
//
Packet->Length += BytesNeeded;
return EFI_SUCCESS;
}
/**
Append the appointed Elapsed time option to Buf, and move Buf to the end.
@param[in, out] Buf The pointer to the position to append.
@param[in, out] Packet A pointer to the packet, on success Packet->Length
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
will be moved to the end of the option.
@param[in] Instance The pointer to the Dhcp6 instance.
@param[out] Elapsed The pointer to the elapsed time value in
the generated packet.
the generated packet.
@return Buf The position to append the next Ia option.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
UINT8 *
EFI_STATUS
Dhcp6AppendETOption (
IN OUT UINT8 *Buf,
IN DHCP6_INSTANCE *Instance,
OUT UINT16 **Elapsed
IN OUT EFI_DHCP6_PACKET *Packet,
IN OUT UINT8 **PacketCursor,
IN DHCP6_INSTANCE *Instance,
OUT UINT16 **Elapsed
)
{
UINT32 BytesNeeded;
UINT32 Length;
//
// The format of elapsed time option:
//
@ -806,27 +990,70 @@ Dhcp6AppendETOption (
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
//
// Verify the arguments are valid
//
if (Packet == NULL) {
return EFI_INVALID_PARAMETER;
}
if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
return EFI_INVALID_PARAMETER;
}
if (Instance == NULL) {
return EFI_INVALID_PARAMETER;
}
if ((Elapsed == NULL)) {
return EFI_INVALID_PARAMETER;
}
//
// Verify the PacketCursor is within the packet
//
if ( (*PacketCursor < Packet->Dhcp6.Option)
|| (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
{
return EFI_INVALID_PARAMETER;
}
BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN;
//
// + 2 for elapsed-time
//
BytesNeeded += sizeof (UINT16);
//
// Space remaining in the packet
//
Length = Packet->Size - Packet->Length;
if (Length < BytesNeeded) {
return EFI_BUFFER_TOO_SMALL;
}
//
// Fill the value of elapsed-time option type.
//
WriteUnaligned16 ((UINT16 *)Buf, HTONS (Dhcp6OptElapsedTime));
Buf += 2;
WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Dhcp6OptElapsedTime));
*PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
//
// Fill the len of elapsed-time option, which is fixed.
//
WriteUnaligned16 ((UINT16 *)Buf, HTONS (2));
Buf += 2;
WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (2));
*PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
//
// Fill in elapsed time value with 0 value for now. The actual value is
// filled in later just before the packet is transmitted.
//
WriteUnaligned16 ((UINT16 *)Buf, HTONS (0));
*Elapsed = (UINT16 *)Buf;
Buf += 2;
WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (0));
*Elapsed = (UINT16 *)*PacketCursor;
*PacketCursor += sizeof (UINT16);
return Buf;
Packet->Length += BytesNeeded;
return EFI_SUCCESS;
}
/**

78
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
View File

@ -160,69 +160,85 @@ Dhcp6OnTransmitted (
);
/**
Append the appointed option to the buf, and move the buf to the end.
Append the option to Buf, update the length of packet, and move Buf to the end.
@param[in, out] Buf The pointer to buffer.
@param[in] OptType The option type.
@param[in] OptLen The length of option content.s
@param[in] Data The pointer to the option content.
@return Buf The position to append the next option.
@param[in, out] Packet A pointer to the packet, on success Packet->Length
will be updated.
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
will be moved to the end of the option.
@param[in] OptType The option type.
@param[in] OptLen The length of option contents.
@param[in] Data The pointer to the option content.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
UINT8 *
EFI_STATUS
Dhcp6AppendOption (
IN OUT UINT8 *Buf,
IN UINT16 OptType,
IN UINT16 OptLen,
IN UINT8 *Data
IN OUT EFI_DHCP6_PACKET *Packet,
IN OUT UINT8 **PacketCursor,
IN UINT16 OptType,
IN UINT16 OptLen,
IN UINT8 *Data
);
/**
Append the Ia option to Buf, and move Buf to the end.
@param[in, out] Buf The pointer to the position to append.
Append the appointed Ia option to Buf, update the Ia option length, and move Buf
to the end of the option.
@param[in, out] Packet A pointer to the packet, on success Packet->Length
will be updated.
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
will be moved to the end of the option.
@param[in] Ia The pointer to the Ia.
@param[in] T1 The time of T1.
@param[in] T2 The time of T2.
@param[in] MessageType Message type of DHCP6 package.
@return Buf The position to append the next Ia option.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
UINT8 *
EFI_STATUS
Dhcp6AppendIaOption (
IN OUT UINT8 *Buf,
IN EFI_DHCP6_IA *Ia,
IN UINT32 T1,
IN UINT32 T2,
IN UINT32 MessageType
IN OUT EFI_DHCP6_PACKET *Packet,
IN OUT UINT8 **PacketCursor,
IN EFI_DHCP6_IA *Ia,
IN UINT32 T1,
IN UINT32 T2,
IN UINT32 MessageType
);
/**
Append the appointed Elapsed time option to Buf, and move Buf to the end.
@param[in, out] Buf The pointer to the position to append.
@param[in, out] Packet A pointer to the packet, on success Packet->Length
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
will be moved to the end of the option.
@param[in] Instance The pointer to the Dhcp6 instance.
@param[out] Elapsed The pointer to the elapsed time value in
the generated packet.
@return Buf The position to append the next Ia option.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
UINT8 *
EFI_STATUS
Dhcp6AppendETOption (
IN OUT UINT8 *Buf,
IN DHCP6_INSTANCE *Instance,
OUT UINT16 **Elapsed
IN OUT EFI_DHCP6_PACKET *Packet,
IN OUT UINT8 **PacketCursor,
IN DHCP6_INSTANCE *Instance,
OUT UINT16 **Elapsed
);
/**
Set the elapsed time based on the given instance and the pointer to the
elapsed time option.
@param[in] Elapsed The pointer to the position to append.
@param[in] Instance The pointer to the Dhcp6 instance.
@retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
@retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
@retval EFI_SUCCESS The option is appended successfully.
**/
VOID
SetElapsedTime (