NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList - edk2 - Cross-platform firmware development environment

diff options

author	Laszlo Ersek <lersek@redhat.com>	2018-03-31 16:04:10 +0200
committer	Laszlo Ersek <lersek@redhat.com>	2018-04-13 14:06:09 +0200
commit	44eb974081ce6abb98fb82ec35b77d790f48dda3 (patch)
tree	b1522be5388d0023184fb5abd92717cac7cae7db /BaseTools/Source/Python/Workspace/WorkspaceCommon.py
parent	344d057a2b539cf34420e2afad2351b45c65178e (diff)
download	edk2-44eb974081ce6abb98fb82ec35b77d790f48dda3.tar.gz edk2-44eb974081ce6abb98fb82ec35b77d790f48dda3.tar.bz2 edk2-44eb974081ce6abb98fb82ec35b77d790f48dda3.zip

NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList

TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER element at the end of "Data": - Generally speaking, malformed input for a security API is best rejected explicitly. - Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If DataSize is 1 on input, then the initial check for (DataSize == 0) will fail, but then TlsSetCipherList() will be called with CipherNum=0. Return EFI_INVALID_PARAMETER from TlsSetSessionData() if "Data" doesn't contain a whole number of EFI_TLS_CIPHER elements. While at it, introduce the dedicated variable CipherCount. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/Workspace/WorkspaceCommon.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: