diff options
| author | Jiaxin Wu <jiaxin.wu@intel.com> | 2015-12-11 07:32:28 +0000 |
|---|---|---|
| committer | vanjeff <vanjeff@Edk2> | 2015-12-11 07:32:28 +0000 |
| commit | 754840385799645d6be1b589d8e3933471f7cb8a (patch) | |
| tree | eef5a0f444d92a5f929ec2b8e45628af9f2918ec /NetworkPkg | |
| parent | 8cdd99bb2f9628037ca339b273c273a7c7c4cdb5 (diff) | |
| download | edk2-754840385799645d6be1b589d8e3933471f7cb8a.tar.gz edk2-754840385799645d6be1b589d8e3933471f7cb8a.tar.bz2 edk2-754840385799645d6be1b589d8e3933471f7cb8a.zip | |
NetworkPkg: Fix the potential NULL pointer dereferenced issue
This patch is used to fix the potential NULL pointer dereferenced
in function 'ParseDnsResponse'.
(Sync patch r19178 from main trunk.)
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19220 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'NetworkPkg')
| -rw-r--r-- | NetworkPkg/DnsDxe/DnsImpl.c | 59 |
1 files changed, 41 insertions, 18 deletions
diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c index 42d51f0ed7..4f7320e403 100644 --- a/NetworkPkg/DnsDxe/DnsImpl.c +++ b/NetworkPkg/DnsDxe/DnsImpl.c @@ -1199,19 +1199,28 @@ ParseDnsResponse ( //
// Check the Query type, do some buffer allocations.
//
- if (QuerySection->Type == DNS_TYPE_A) {
- Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA));
- ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL);
- Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
- ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL);
- } else if (QuerySection->Type == DNS_TYPE_AAAA) {
- Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA));
- ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL);
- Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
- ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL);
+ if (Instance->Service->IpVersion == IP_VERSION_4) {
+ ASSERT (Dns4TokenEntry != NULL);
+ if (QuerySection->Type == DNS_TYPE_A) {
+ Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA));
+ ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL);
+ Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
+ ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL);
+ } else {
+ Status = EFI_UNSUPPORTED;
+ goto ON_EXIT;
+ }
} else {
- Status = EFI_UNSUPPORTED;
- goto ON_EXIT;
+ ASSERT (Dns6TokenEntry != NULL);
+ if (QuerySection->Type == DNS_TYPE_AAAA) {
+ Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA));
+ ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL);
+ Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
+ ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL);
+ } else {
+ Status = EFI_UNSUPPORTED;
+ goto ON_EXIT;
+ }
}
//
@@ -1240,7 +1249,7 @@ ParseDnsResponse ( //
// This is address entry, get Data.
//
- ASSERT (AnswerSection->DataLength == 4);
+ ASSERT (Dns4TokenEntry != NULL && AnswerSection->DataLength == 4);
HostAddr4 = Dns4TokenEntry->Token->RspData.H2AData->IpList;
AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection);
@@ -1282,7 +1291,7 @@ ParseDnsResponse ( //
// This is address entry, get Data.
//
- ASSERT (AnswerSection->DataLength == 16);
+ ASSERT (Dns6TokenEntry != NULL && AnswerSection->DataLength == 16);
HostAddr6 = Dns6TokenEntry->Token->RspData.H2AData->IpList;
AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection);
@@ -1333,16 +1342,29 @@ ParseDnsResponse ( AnswerSectionNum ++;
}
- if (QuerySection->Type == DNS_TYPE_A) {
- Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
- } else if (QuerySection->Type == DNS_TYPE_AAAA) {
- Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
+ if (Instance->Service->IpVersion == IP_VERSION_4) {
+ ASSERT (Dns4TokenEntry != NULL);
+ if (QuerySection->Type == DNS_TYPE_A) {
+ Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
+ } else {
+ Status = EFI_UNSUPPORTED;
+ goto ON_EXIT;
+ }
+ } else {
+ ASSERT (Dns6TokenEntry != NULL);
+ if (QuerySection->Type == DNS_TYPE_AAAA) {
+ Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
+ } else {
+ Status = EFI_UNSUPPORTED;
+ goto ON_EXIT;
+ }
}
//
// Parsing is complete, SignalEvent here.
//
if (Instance->Service->IpVersion == IP_VERSION_4) {
+ ASSERT (Dns4TokenEntry != NULL);
Dns4RemoveTokenEntry (&Instance->Dns4TxTokens, Dns4TokenEntry);
Dns4TokenEntry->Token->Status = EFI_SUCCESS;
if (Dns4TokenEntry->Token->Event != NULL) {
@@ -1350,6 +1372,7 @@ ParseDnsResponse ( DispatchDpc ();
}
} else {
+ ASSERT (Dns6TokenEntry != NULL);
Dns6RemoveTokenEntry (&Instance->Dns6TxTokens, Dns6TokenEntry);
Dns6TokenEntry->Token->Status = EFI_SUCCESS;
if (Dns6TokenEntry->Token->Event != NULL) {
|