Commit 1b31acb66c ("MdeModulePkg: Check received packet size before use
it.") introduced a chunk of code under the new "Resume" label, in function
UdpIoOnDgramRcvdDpc(). The new code is supposed to run only when the
received packet has zero-length payload, but a "return" statement was
forgotten, and the code is reached on the normal (nonzero-length payload)
path as well, after the packet has been processed (and possibly freed) by
RxToken->CallBack(). This is a logic bug, with the direct symptom being
use-after-free / General Protection Fault.
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Cc: "Subramanian, Sriram (EG Servers Platform SW)" <sriram-s@hpe.com>
Fixes: 1b31acb66c
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Arbitrary length of packet may be received from network, including the
packets with zero payload data or malformed protocol header. So the code
much check the actually received data size before using it. For example, in
current edk2 network stack, an zero payload UDP packet may cause the
platform ASSERT in NetbufFromExt() because of the zero fragment number.
This patch update the IpIoLib and UdpIoLib to check and discard the zero
payload data packet to avoid above assert. Some other network drivers are
also updated to check the packet size to guarantee the minimum length of
protocol header is received from upper layer driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
2. Retrieve the IP information after iSCSI TCPv6 connection established and fill it into iBFT table.
3. Generate a random IAID for each NIC port to require different IPv6 address in PXE driver.
4. Update function EfiMtftp6Configure() and Mtftp6RrqHandleOack() to allocate at most one UdpIo.
5. Fix a typo from “destory” to “destroy” in network code.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Ouyang Qian <qian.ouyang@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13859 6f19259b-4bc3-4df7-8a09-765794883524
2. Update Dhcp4 and Mtftp4 driver to adopt the combined UdpIo.
3. Clean up coding style problems in combined IpIoLib/NetLib. Update Tcp4 and Udp4 to adopt the changes.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9382 6f19259b-4bc3-4df7-8a09-765794883524
Move Application Platform Override Manager into Application directory.
Add comments in Network library class to say they are only intended to be used by UEFI network stack modules.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@7641 6f19259b-4bc3-4df7-8a09-765794883524
Fix function header
Fix return status issues
Fix in out issues
group functions source files reasonably to avoid duplicate functions declarations
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@7098 6f19259b-4bc3-4df7-8a09-765794883524
2. Add DpcDxe module and DxeDpcLib module in MdeModulePkg
3. Port network stack module to use DPC.
4. Use MIN, and MAX defined in MdePkg to replace NET_MIN and NET_MAX.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@4307 6f19259b-4bc3-4df7-8a09-765794883524
2. Add default branch to meet CYGWINGCC build in Tcp4Dispatcher.c.
3. Sync the latest network stack library.
4. Fixed one bug in Mtftp4Support.c, for AsciiStrCpy() return the pointer to head of string, not the tail of string.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@3741 6f19259b-4bc3-4df7-8a09-765794883524
Laszlo Ersek
Fu Siyuan
sfu5
hhtian
geekboy15a
vanjeff
tye
mdkinney
lgao4
ywu21
jgong5
jji4
jljusten