diff options
| author | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-01-06 11:53:57 +0800 |
|---|---|---|
| committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-01-23 10:25:29 +0800 |
| commit | 221463c2b337072532ed4ab8ffe3b566574724d8 (patch) | |
| tree | 63ffb4a63b9d2aa5ac7f8cd05352313df5d63af0 /NetworkPkg/HttpBootDxe/HttpBootSupport.c | |
| parent | 70420e31a04b56f99c1306e281434532a86bde70 (diff) | |
| download | edk2-221463c2b337072532ed4ab8ffe3b566574724d8.tar.gz edk2-221463c2b337072532ed4ab8ffe3b566574724d8.tar.bz2 edk2-221463c2b337072532ed4ab8ffe3b566574724d8.zip | |
NetworkPkg: Add PCD to enable the HTTP connections switch
v3:
* Correct the commits grammar
v2:
* Rename the PCD to PcdAllowHttpConnections.
* Refine the PCD descriptions.
If the value of PcdAllowHttpConnections is TRUE, HTTP connections are
allowed. Both the "https://" and "http://" URI schemes are permitted.
Otherwise, HTTP connections are denied. Only the "https://" URI scheme
is permitted.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Kinney Michael D <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Gary Lin <glin@suse.com>
Tested-by: Gary Lin <glin@suse.com>
Diffstat (limited to 'NetworkPkg/HttpBootDxe/HttpBootSupport.c')
| -rw-r--r-- | NetworkPkg/HttpBootDxe/HttpBootSupport.c | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/NetworkPkg/HttpBootDxe/HttpBootSupport.c b/NetworkPkg/HttpBootDxe/HttpBootSupport.c index bdb29ae9a0..69b129f9d2 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootSupport.c +++ b/NetworkPkg/HttpBootDxe/HttpBootSupport.c @@ -1,7 +1,7 @@ /** @file
Support functions implementation for UEFI HTTP boot driver.
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
@@ -989,6 +989,57 @@ HttpIoRecvResponse ( }
/**
+ This function checks the HTTP(S) URI scheme.
+
+ @param[in] Uri The pointer to the URI string.
+
+ @retval EFI_SUCCESS The URI scheme is valid.
+ @retval EFI_INVALID_PARAMETER The URI scheme is not HTTP or HTTPS.
+ @retval EFI_ACCESS_DENIED HTTP is disabled and the URI is HTTP.
+
+**/
+EFI_STATUS
+HttpBootCheckUriScheme (
+ IN CHAR8 *Uri
+ )
+{
+ UINTN Index;
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
+ //
+ // Convert the scheme to all lower case.
+ //
+ for (Index = 0; Index < AsciiStrLen (Uri); Index++) {
+ if (Uri[Index] == ':') {
+ break;
+ }
+ if (Uri[Index] >= 'A' && Uri[Index] <= 'Z') {
+ Uri[Index] -= (CHAR8)('A' - 'a');
+ }
+ }
+
+ //
+ // Return EFI_INVALID_PARAMETER if the URI is not HTTP or HTTPS.
+ //
+ if ((AsciiStrnCmp (Uri, "http://", 7) != 0) && (AsciiStrnCmp (Uri, "https://", 8) != 0)) {
+ DEBUG ((EFI_D_ERROR, "HttpBootCheckUriScheme: Invalid Uri.\n"));
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // HTTP is disabled, return EFI_ACCESS_DENIED if the URI is HTTP.
+ //
+ if (!PcdGetBool (PcdAllowHttpConnections) && (AsciiStrnCmp (Uri, "http://", 7) == 0)) {
+ DEBUG ((EFI_D_ERROR, "HttpBootCheckUriScheme: HTTP is disabled.\n"));
+ return EFI_ACCESS_DENIED;
+ }
+
+ return Status;
+}
+
+/**
Get the URI address string from the input device path.
Caller need to free the buffer in the UriAddress pointer.
|