NetworkPkg: Check received packet size before use it.

Arbitrary length of packet may be received from network, including the
packets with zero payload data or malformed protocol header. So the code
much check the actually received data size before using it. For example, in
current edk2 network stack, an zero payload UDP packet may cause the
platform ASSERT in NetbufFromExt() because of the zero fragment number.
This patch update the IpIoLib and UdpIoLib to check and discard the zero
payload data packet to avoid above assert. Some other network drivers are
also updated to check the packet size to guarantee the minimum length of
protocol header is received from upper layer driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Sriram Subramanian <sriram-s@hpe.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>

1 files changed, 11 insertions, 7 deletions

diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
index 19184415e5..4f10e17cf3 100644
--- a/NetworkPkg/DnsDxe/DnsImpl.c
+++ b/NetworkPkg/DnsDxe/DnsImpl.c
@@ -1615,6 +1615,10 @@ DnsOnPacketReceived (
   }

 

   ASSERT (Packet != NULL);

+

+  if (Packet->TotalSize <= sizeof (DNS_HEADER)) {

+    goto ON_EXIT;

+  }

   

   RcvString = NetbufGetByte (Packet, 0, NULL);

   ASSERT (RcvString != NULL);

@@ -1624,15 +1628,15 @@ DnsOnPacketReceived (
   //

   ParseDnsResponse (Instance, RcvString, &Completed);

 

-  ON_EXIT:

+ON_EXIT:

 

-    if (Packet != NULL) {

-      NetbufFree (Packet);

-    }

+  if (Packet != NULL) {

+    NetbufFree (Packet);

+  }

 

-    if (!Completed) {

-      UdpIoRecvDatagram (Instance->UdpIo, DnsOnPacketReceived, Instance, 0);

-    }

+  if (!Completed) {

+    UdpIoRecvDatagram (Instance->UdpIo, DnsOnPacketReceived, Instance, 0);

+  }

 }

 

 /**