diff options
| author | Jiaxin Wu <jiaxin.wu@intel.com> | 2016-06-24 15:19:44 +0800 |
|---|---|---|
| committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2016-06-27 10:11:46 +0800 |
| commit | 6771c1d65885d7e9a0dd0e5878a41b05df178420 (patch) | |
| tree | e4fb0146981f3e1387f909e4dbc05ab102c1cd1e /NetworkPkg/IpSecDxe/Ikev2/Sa.c | |
| parent | 9252d67ab3007601ddf983d1278cbe0e4a647f34 (diff) | |
| download | edk2-6771c1d65885d7e9a0dd0e5878a41b05df178420.tar.gz edk2-6771c1d65885d7e9a0dd0e5878a41b05df178420.tar.bz2 edk2-6771c1d65885d7e9a0dd0e5878a41b05df178420.zip | |
NetworkPkg: Avoid potential NULL pointer dereference
The commit of 6b16c9e7 removes ASSERT and use error handling
in IpSecDxe driver, but may cause the potential NULL pointer
dereference. So, this patch is used to avoid NULL pointer
dereference.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Diffstat (limited to 'NetworkPkg/IpSecDxe/Ikev2/Sa.c')
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Sa.c | 163 |
1 files changed, 159 insertions, 4 deletions
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Sa.c b/NetworkPkg/IpSecDxe/Ikev2/Sa.c index c83d45678b..74ef79c237 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Sa.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Sa.c @@ -445,6 +445,13 @@ Ikev2AuthPskGenerator ( IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));
+ IkePacket = NULL;
+ IdPayload = NULL;
+ AuthPayload = NULL;
+ SaPayload = NULL;
+ TsiPayload = NULL;
+ TsrPayload = NULL;
+ NotifyPayload = NULL;
CpPayload = NULL;
NotifyPayload = NULL;
@@ -488,6 +495,9 @@ Ikev2AuthPskGenerator ( &IkeSaSession->SessionCommon,
IKEV2_PAYLOAD_TYPE_AUTH
);
+ if (IdPayload == NULL) {
+ goto CheckError;
+ }
//
// 3. Generate Auth Payload
@@ -522,6 +532,14 @@ Ikev2AuthPskGenerator ( IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS
);
}
+
+ if (CpPayload == NULL) {
+ goto CheckError;
+ }
+ }
+
+ if (AuthPayload == NULL) {
+ goto CheckError;
}
//
@@ -532,6 +550,9 @@ Ikev2AuthPskGenerator ( IKEV2_PAYLOAD_TYPE_TS_INIT,
IkeSessionTypeChildSa
);
+ if (SaPayload == NULL) {
+ goto CheckError;
+ }
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {
//
@@ -562,6 +583,9 @@ Ikev2AuthPskGenerator ( NULL,
0
);
+ if (NotifyPayload == NULL) {
+ goto CheckError;
+ }
} else {
//
// Generate Tsr for Tunnel mode.
@@ -578,6 +602,10 @@ Ikev2AuthPskGenerator ( );
}
+ if (TsiPayload == NULL || TsrPayload == NULL) {
+ goto CheckError;
+ }
+
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);
IKE_PACKET_APPEND_PAYLOAD (IkePacket, AuthPayload);
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {
@@ -591,6 +619,41 @@ Ikev2AuthPskGenerator ( }
return IkePacket;
+
+CheckError:
+ if (IkePacket != NULL) {
+ IkePacketFree (IkePacket);
+ }
+
+ if (IdPayload != NULL) {
+ IkePayloadFree (IdPayload);
+ }
+
+ if (AuthPayload != NULL) {
+ IkePayloadFree (AuthPayload);
+ }
+
+ if (CpPayload != NULL) {
+ IkePayloadFree (CpPayload);
+ }
+
+ if (SaPayload != NULL) {
+ IkePayloadFree (SaPayload);
+ }
+
+ if (TsiPayload != NULL) {
+ IkePayloadFree (TsiPayload);
+ }
+
+ if (TsrPayload != NULL) {
+ IkePayloadFree (TsrPayload);
+ }
+
+ if (NotifyPayload != NULL) {
+ IkePayloadFree (NotifyPayload);
+ }
+
+ return NULL;
}
/**
@@ -800,7 +863,11 @@ Ikev2AuthPskParser ( //
// 5. Generate keymats for IPsec protocol.
//
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 6. Change the state of IkeSaSession
@@ -934,7 +1001,13 @@ Ikev2AuthCertGenerator ( IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));
+ IkePacket = NULL;
+ IdPayload = NULL;
+ AuthPayload = NULL;
CpPayload = NULL;
+ SaPayload = NULL;
+ TsiPayload = NULL;
+ TsrPayload = NULL;
NotifyPayload = NULL;
CertPayload = NULL;
CertReqPayload = NULL;
@@ -981,6 +1054,9 @@ Ikev2AuthCertGenerator ( (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),
PcdGet32 (PcdIpsecUefiCertificateSize)
);
+ if (IdPayload == NULL) {
+ goto CheckError;
+ }
//
// 3. Generate Certificate Payload
@@ -993,6 +1069,10 @@ Ikev2AuthCertGenerator ( IKEV2_CERT_ENCODEING_X509_CERT_SIGN,
FALSE
);
+ if (CertPayload == NULL) {
+ goto CheckError;
+ }
+
if (IkeSaSession->SessionCommon.IsInitiator) {
CertReqPayload = Ikev2GenerateCertificatePayload (
IkeSaSession,
@@ -1002,6 +1082,9 @@ Ikev2AuthCertGenerator ( IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,
TRUE
);
+ if (CertReqPayload == NULL) {
+ goto CheckError;
+ }
}
//
@@ -1044,8 +1127,16 @@ Ikev2AuthCertGenerator ( IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS
);
}
+
+ if (CpPayload == NULL) {
+ goto CheckError;
+ }
}
+ if (AuthPayload == NULL) {
+ goto CheckError;
+ }
+
//
// 5. Generate SA Payload according to the Sa Data in ChildSaSession
//
@@ -1054,6 +1145,9 @@ Ikev2AuthCertGenerator ( IKEV2_PAYLOAD_TYPE_TS_INIT,
IkeSessionTypeChildSa
);
+ if (SaPayload == NULL) {
+ goto CheckError;
+ }
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {
//
@@ -1084,6 +1178,9 @@ Ikev2AuthCertGenerator ( NULL,
0
);
+ if (NotifyPayload == NULL) {
+ goto CheckError;
+ }
} else {
//
// Generate Tsr for Tunnel mode.
@@ -1100,6 +1197,10 @@ Ikev2AuthCertGenerator ( );
}
+ if (TsiPayload == NULL || TsrPayload == NULL) {
+ goto CheckError;
+ }
+
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);
IKE_PACKET_APPEND_PAYLOAD (IkePacket, CertPayload);
if (IkeSaSession->SessionCommon.IsInitiator) {
@@ -1117,6 +1218,49 @@ Ikev2AuthCertGenerator ( }
return IkePacket;
+
+CheckError:
+ if (IkePacket != NULL) {
+ IkePacketFree (IkePacket);
+ }
+
+ if (IdPayload != NULL) {
+ IkePayloadFree (IdPayload);
+ }
+
+ if (CertPayload != NULL) {
+ IkePayloadFree (CertPayload);
+ }
+
+ if (CertReqPayload != NULL) {
+ IkePayloadFree (CertReqPayload);
+ }
+
+ if (AuthPayload != NULL) {
+ IkePayloadFree (AuthPayload);
+ }
+
+ if (CpPayload != NULL) {
+ IkePayloadFree (CpPayload);
+ }
+
+ if (SaPayload != NULL) {
+ IkePayloadFree (SaPayload);
+ }
+
+ if (TsiPayload != NULL) {
+ IkePayloadFree (TsiPayload);
+ }
+
+ if (TsrPayload != NULL) {
+ IkePayloadFree (TsrPayload);
+ }
+
+ if (NotifyPayload != NULL) {
+ IkePayloadFree (NotifyPayload);
+ }
+
+ return NULL;
}
/**
@@ -1340,7 +1484,11 @@ Ikev2AuthCertParser ( //
// 5. Generat keymats for IPsec protocol.
//
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);
+ if (EFI_ERROR (Status)) {
+ goto Exit;
+ }
+
if (IkeSaSession->SessionCommon.IsInitiator) {
//
// 6. Change the state of IkeSaSession
@@ -1541,7 +1689,10 @@ Ikev2GenerateSaKeys ( //
// Generate Gxy
//
- Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);
+ Status = Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);
+ if (EFI_ERROR (Status)) {
+ goto Exit;
+ }
//
// Get the key length of Authenticaion, Encryption, PRF, and Integrity.
@@ -1843,7 +1994,11 @@ Ikev2GenerateChildSaKeys ( //
// Generate Gxy
//
- Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);
+ Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);
+ if (EFI_ERROR (Status)) {
+ goto Exit;
+ }
+
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;
}
|