summaryrefslogtreecommitdiffstats
path: root/NetworkPkg
diff options
context:
space:
mode:
authorydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524>2012-04-10 02:27:05 +0000
committerydong10 <ydong10@6f19259b-4bc3-4df7-8a09-765794883524>2012-04-10 02:27:05 +0000
commit7a49cd087506d3c9d3b290e749b3191988880bbb (patch)
tree49ae741d236adde4df3a082de73adec0fe51c538 /NetworkPkg
parent520204901774129b8525c976da37b12159d78684 (diff)
downloadedk2-7a49cd087506d3c9d3b290e749b3191988880bbb.tar.gz
edk2-7a49cd087506d3c9d3b290e749b3191988880bbb.tar.bz2
edk2-7a49cd087506d3c9d3b290e749b3191988880bbb.zip
Update code to avoid potential access violation.
Signed-off-by: Dong Eric <eric.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Ouyang Qian <Ouyang.qian@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13175 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'NetworkPkg')
-rw-r--r--NetworkPkg/Application/IpsecConfig/Helper.c3
-rw-r--r--NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c3
-rw-r--r--NetworkPkg/IScsiDxe/IScsiCHAP.c5
-rw-r--r--NetworkPkg/IScsiDxe/IScsiConfig.c3
-rw-r--r--NetworkPkg/IScsiDxe/IScsiProto.c50
-rw-r--r--NetworkPkg/Mtftp6Dxe/Mtftp6Rrq.c3
-rw-r--r--NetworkPkg/Mtftp6Dxe/Mtftp6Wrq.c3
7 files changed, 61 insertions, 9 deletions
diff --git a/NetworkPkg/Application/IpsecConfig/Helper.c b/NetworkPkg/Application/IpsecConfig/Helper.c
index 5013ad9b76..ae867ceee7 100644
--- a/NetworkPkg/Application/IpsecConfig/Helper.c
+++ b/NetworkPkg/Application/IpsecConfig/Helper.c
@@ -1,7 +1,7 @@
/** @file
The assistant function implementation for IpSecConfig application.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -93,6 +93,7 @@ GetNumber (
//
// Convert falied, so use String->Integer map.
//
+ ASSERT (Map != NULL);
Value64 = MapStringToInteger (ValueStr, Map);
if (Value64 == (UINT32) -1) {
//
diff --git a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
index 67209f6247..05df9fa919 100644
--- a/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
+++ b/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
@@ -1,7 +1,7 @@
/** @file
The implementation of policy entry operation function in IpSecConfig application.
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -784,6 +784,7 @@ CreateSadEntry (
if (ValueStr != NULL ) {
(*Data)->AlgoInfo.EspAlgoInfo.EncKeyLength = EncKeyLength;
AsciiStr = AllocateZeroPool (EncKeyLength + 1);
+ ASSERT (AsciiStr != NULL);
UnicodeStrToAsciiStr (ValueStr, AsciiStr);
CopyMem ((*Data)->AlgoInfo.EspAlgoInfo.EncKey, AsciiStr, EncKeyLength);
FreePool (AsciiStr);
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
index 4cfbba7b5c..fd31d4fb0c 100644
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
@@ -1,7 +1,7 @@
/** @file
This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration.
-Copyright (c) 2004 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -374,6 +374,9 @@ IScsiCHAPToSendReq (
Session = Conn->Session;
AuthData = &Session->AuthData.CHAP;
LoginReq = (ISCSI_LOGIN_REQUEST *) NetbufGetByte (Pdu, 0, 0);
+ if (LoginReq == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
Status = EFI_SUCCESS;
RspLen = 2 * ISCSI_CHAP_RSP_LEN + 3;
diff --git a/NetworkPkg/IScsiDxe/IScsiConfig.c b/NetworkPkg/IScsiDxe/IScsiConfig.c
index eea73a8ff1..2073f33191 100644
--- a/NetworkPkg/IScsiDxe/IScsiConfig.c
+++ b/NetworkPkg/IScsiDxe/IScsiConfig.c
@@ -1,7 +1,7 @@
/** @file
Helper functions for configuring or getting the parameters relating to iSCSI.
-Copyright (c) 2004 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -1397,6 +1397,7 @@ IScsiConfigDisplayOrderAttempts (
if (EFI_ERROR (Status)) {
return Status;
}
+ ASSERT (StartOpCodeHandle != NULL);
OptionsOpCodeHandle = NULL;
diff --git a/NetworkPkg/IScsiDxe/IScsiProto.c b/NetworkPkg/IScsiDxe/IScsiProto.c
index 2ab4da8cda..acb7876ab5 100644
--- a/NetworkPkg/IScsiDxe/IScsiProto.c
+++ b/NetworkPkg/IScsiDxe/IScsiProto.c
@@ -1,7 +1,7 @@
/** @file
The implementation of iSCSI protocol based on RFC3720.
-Copyright (c) 2004 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -514,6 +514,8 @@ IScsiReceiveLoginRsp (
if (EFI_ERROR (Status)) {
return Status;
}
+ ASSERT (Pdu != NULL);
+
//
// A Login Response is received; process it.
//
@@ -539,6 +541,7 @@ IScsiReceiveLoginRsp (
the correspondence length fields are updated.
@retval EFI_OUT_OF_RESOURCES There is not enough space in the PDU to add the key-value
pair.
+ @retval EFI_PROTOCOL_ERROR There is no such data in the net buffer.
**/
EFI_STATUS
IScsiAddKeyValuePair (
@@ -555,6 +558,9 @@ IScsiAddKeyValuePair (
CHAR8 *Data;
LoginReq = (ISCSI_LOGIN_REQUEST *) NetbufGetByte (Pdu, 0, NULL);
+ if (LoginReq == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
DataSegLen = NTOH24 (LoginReq->DataSegmentLength);
KeyLen = (UINT32) AsciiStrLen (Key);
@@ -741,6 +747,9 @@ IScsiProcessLoginRsp (
Session = Conn->Session;
LoginRsp = (ISCSI_LOGIN_RESPONSE *) NetbufGetByte (Pdu, 0, NULL);
+ if (LoginRsp == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
if (!ISCSI_CHECK_OPCODE (LoginRsp, ISCSI_OPCODE_LOGIN_RSP)) {
//
// It is not a Login Response.
@@ -2268,6 +2277,7 @@ IScsiGenerateDataOutPduSequence (
NET_BUF *DataOutPdu;
ISCSI_CONNECTION *Conn;
ISCSI_XFER_CONTEXT *XferContext;
+ UINT8 *DataOutPacket;
PduList = AllocatePool (sizeof (LIST_ENTRY));
if (PduList == NULL) {
@@ -2311,7 +2321,14 @@ IScsiGenerateDataOutPduSequence (
//
// Set the F bit for the last data out PDU in this sequence.
//
- ISCSI_SET_FLAG (NetbufGetByte (DataOutPdu, 0, NULL), ISCSI_BHS_FLAG_FINAL);
+ DataOutPacket = NetbufGetByte (DataOutPdu, 0, NULL);
+ if (DataOutPacket == NULL) {
+ IScsiFreeNbufList (PduList);
+ PduList = NULL;
+ goto ON_EXIT;
+ }
+
+ ISCSI_SET_FLAG (DataOutPacket, ISCSI_BHS_FLAG_FINAL);
ON_EXIT:
@@ -2396,6 +2413,9 @@ IScsiOnDataInRcvd (
EFI_STATUS Status;
DataInHdr = (ISCSI_SCSI_DATA_IN *) NetbufGetByte (Pdu, 0, NULL);
+ if (DataInHdr == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
DataInHdr->InitiatorTaskTag = NTOHL (DataInHdr->InitiatorTaskTag);
DataInHdr->ExpCmdSN = NTOHL (DataInHdr->ExpCmdSN);
@@ -2486,6 +2506,9 @@ IScsiOnR2TRcvd (
UINT8 *Data;
R2THdr = (ISCSI_READY_TO_TRANSFER *) NetbufGetByte (Pdu, 0, NULL);
+ if (R2THdr == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
R2THdr->InitiatorTaskTag = NTOHL (R2THdr->InitiatorTaskTag);
R2THdr->TargetTransferTag = NTOHL (R2THdr->TargetTransferTag);
@@ -2551,6 +2574,9 @@ IScsiOnScsiRspRcvd (
UINT32 DataSegLen;
ScsiRspHdr = (SCSI_RESPONSE *) NetbufGetByte (Pdu, 0, NULL);
+ if (ScsiRspHdr == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
ScsiRspHdr->InitiatorTaskTag = NTOHL (ScsiRspHdr->InitiatorTaskTag);
if (ScsiRspHdr->InitiatorTaskTag != Tcb->InitiatorTaskTag) {
@@ -2613,6 +2639,9 @@ IScsiOnScsiRspRcvd (
DataSegLen = ISCSI_GET_DATASEG_LEN (ScsiRspHdr);
if (DataSegLen != 0) {
SenseData = (ISCSI_SENSE_DATA *) NetbufGetByte (Pdu, sizeof (SCSI_RESPONSE), NULL);
+ if (SenseData == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
SenseData->Length = NTOHS (SenseData->Length);
@@ -2649,6 +2678,9 @@ IScsiOnNopInRcvd (
EFI_STATUS Status;
NopInHdr = (ISCSI_NOP_IN *) NetbufGetByte (Pdu, 0, NULL);
+ if (NopInHdr == NULL) {
+ return EFI_PROTOCOL_ERROR;
+ }
NopInHdr->StatSN = NTOHL (NopInHdr->StatSN);
NopInHdr->ExpCmdSN = NTOHL (NopInHdr->ExpCmdSN);
@@ -2684,6 +2716,7 @@ IScsiOnNopInRcvd (
the Packet.
@retval EFI_DEVICE_ERROR Session state was not as required.
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
+ @retval EFI_PROTOCOL_ERROR There is no such data in the net buffer.
@retval Others Other errors as indicated.
**/
@@ -2745,6 +2778,11 @@ IScsiExecuteScsiCommand (
XferContext = &Tcb->XferContext;
PduHdr = NetbufGetByte (Pdu, 0, NULL);
+ if (PduHdr == NULL) {
+ Status = EFI_PROTOCOL_ERROR;
+ NetbufFree (Pdu);
+ goto ON_EXIT;
+ }
XferContext->Offset = ISCSI_GET_DATASEG_LEN (PduHdr);
//
@@ -2803,7 +2841,13 @@ IScsiExecuteScsiCommand (
goto ON_EXIT;
}
- switch (ISCSI_GET_OPCODE (NetbufGetByte (Pdu, 0, NULL))) {
+ PduHdr = NetbufGetByte (Pdu, 0, NULL);
+ if (PduHdr == NULL) {
+ Status = EFI_PROTOCOL_ERROR;
+ NetbufFree (Pdu);
+ goto ON_EXIT;
+ }
+ switch (ISCSI_GET_OPCODE (PduHdr)) {
case ISCSI_OPCODE_SCSI_DATA_IN:
Status = IScsiOnDataInRcvd (Pdu, Tcb, Packet);
break;
diff --git a/NetworkPkg/Mtftp6Dxe/Mtftp6Rrq.c b/NetworkPkg/Mtftp6Dxe/Mtftp6Rrq.c
index 07a86d6a36..348a8f29c7 100644
--- a/NetworkPkg/Mtftp6Dxe/Mtftp6Rrq.c
+++ b/NetworkPkg/Mtftp6Dxe/Mtftp6Rrq.c
@@ -1,7 +1,7 @@
/** @file
Mtftp6 Rrq process functions implementation.
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -477,6 +477,7 @@ Mtftp6RrqHandleOack (
if (EFI_ERROR (Status)) {
return Status;
}
+ ASSERT (Options != NULL);
//
// Parse the extensive options in the packet.
diff --git a/NetworkPkg/Mtftp6Dxe/Mtftp6Wrq.c b/NetworkPkg/Mtftp6Dxe/Mtftp6Wrq.c
index 69ef4d2093..a6baaaba40 100644
--- a/NetworkPkg/Mtftp6Dxe/Mtftp6Wrq.c
+++ b/NetworkPkg/Mtftp6Dxe/Mtftp6Wrq.c
@@ -1,7 +1,7 @@
/** @file
Mtftp6 Wrq process functions implementation.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -315,6 +315,7 @@ Mtftp6WrqHandleOack (
if (EFI_ERROR (Status)) {
return Status;
}
+ ASSERT (Options != NULL);
Status = Mtftp6ParseExtensionOption (Options, Count, FALSE, &ExtInfo);