NetworkPkg/HttpDxe: fix read memory access overflow in HTTPBoot. - edk2 - Cross-platform firmware development environment

diff options

author	Songpeng Li <songpeng.li@intel.com>	2018-09-28 11:02:34 +0800
committer	Fu Siyuan <siyuan.fu@intel.com>	2018-09-29 10:51:27 +0800
commit	2239ea71b65072ce3c76d56e7074d2ee60ba1762 (patch)
tree	888492f0da1d86f13710aed649f8dacb16c6704d /BaseTools/Source/Python/UPT/BuildVersion.py
parent	b9cee524e6c1941b77b6780e19bd57052e53249c (diff)
download	edk2-2239ea71b65072ce3c76d56e7074d2ee60ba1762.tar.gz edk2-2239ea71b65072ce3c76d56e7074d2ee60ba1762.tar.bz2 edk2-2239ea71b65072ce3c76d56e7074d2ee60ba1762.zip

NetworkPkg/HttpDxe: fix read memory access overflow in HTTPBoot.

The input param String of AsciiStrStr() requires a pointer to Null-terminated string, however in HttpTcpReceiveHeader(), the Buffersize before AllocateZeroPool() is equal to the size of TCP header, after the CopyMem(), it might not end with Null-terminator. It might cause memory access overflow. Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1204 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Songpeng Li <songpeng.li@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/UPT/BuildVersion.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: