diff options
| -rw-r--r-- | MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c | 38 | ||||
| -rw-r--r-- | NetworkPkg/Ip6Dxe/Ip6Input.c | 18 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecImpl.c | 2 |
3 files changed, 46 insertions, 12 deletions
diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c index cfa13e45cb..9cd1ae5cfc 100644 --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c @@ -1,7 +1,7 @@ /** @file
IP4 input process.
-Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -583,11 +583,21 @@ Ip4IpSecProcessPacket ( Ip4NtohHead (*Head);
if (EFI_ERROR (Status)) {
+ FreePool (OriginalFragmentTable);
goto ON_EXIT;
}
if (OriginalFragmentTable == FragmentTable && OriginalFragmentCount == FragmentCount) {
+ //
+ // For ByPass Packet
+ //
+ FreePool (FragmentTable);
goto ON_EXIT;
+ } else {
+ //
+ // Free the FragmentTable which allocated before calling the IPsec.
+ //
+ FreePool (OriginalFragmentTable);
}
if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
@@ -602,6 +612,11 @@ Ip4IpSecProcessPacket ( TxWrap
);
if (TxWrap->Packet == NULL) {
+ //
+ // Recover the TxWrap->Packet, if meet a error, and the caller will free
+ // the TxWrap.
+ //
+ TxWrap->Packet = *Netbuf;
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
@@ -617,6 +632,8 @@ Ip4IpSecProcessPacket ( IpSecWrap = AllocateZeroPool (sizeof (IP4_IPSEC_WRAP));
if (IpSecWrap == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ gBS->SignalEvent (RecycleEvent);
goto ON_EXIT;
}
@@ -632,6 +649,9 @@ Ip4IpSecProcessPacket ( );
if (Packet == NULL) {
+ Packet = IpSecWrap->Packet;
+ gBS->SignalEvent (RecycleEvent);
+ FreePool (IpSecWrap);
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
@@ -848,11 +868,11 @@ Ip4AccpetFrame ( // and no need consider any other ahead ext headers.
//
Status = Ip4IpSecProcessPacket (
- IpSb,
- &Head,
- &Packet,
+ IpSb,
+ &Head,
+ &Packet,
&Option,
- &OptionLen,
+ &OptionLen,
EfiIPsecInBound,
NULL
);
@@ -872,11 +892,11 @@ Ip4AccpetFrame ( //
Head = (IP4_HEAD *) NetbufGetByte (Packet, 0, NULL);
Status = Ip4PreProcessPacket (
- IpSb,
- &Packet,
- Head,
+ IpSb,
+ &Packet,
+ Head,
Option,
- OptionLen,
+ OptionLen,
Flag
);
if (EFI_ERROR (Status)) {
diff --git a/NetworkPkg/Ip6Dxe/Ip6Input.c b/NetworkPkg/Ip6Dxe/Ip6Input.c index 89cdc35542..3f0dce7343 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Input.c +++ b/NetworkPkg/Ip6Dxe/Ip6Input.c @@ -1,7 +1,7 @@ /** @file
IP6 internal functions to process the incoming packets.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -613,6 +613,7 @@ Ip6IpSecProcessPacket ( Ip6NtohHead (*Head);
if (EFI_ERROR (Status)) {
+ FreePool (OriginalFragmentTable);
goto ON_EXIT;
}
@@ -620,7 +621,13 @@ Ip6IpSecProcessPacket ( //
// For ByPass Packet
//
+ FreePool (FragmentTable);
goto ON_EXIT;
+ } else {
+ //
+ // Free the FragmentTable which allocated before calling the IPsec.
+ //
+ FreePool (OriginalFragmentTable);
}
if (Direction == EfiIPsecOutBound && TxWrap != NULL) {
@@ -634,6 +641,7 @@ Ip6IpSecProcessPacket ( TxWrap
);
if (TxWrap->Packet == NULL) {
+ TxWrap->Packet = *Netbuf;
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
@@ -652,6 +660,8 @@ Ip6IpSecProcessPacket ( IpSecWrap = AllocateZeroPool (sizeof (IP6_IPSEC_WRAP));
if (IpSecWrap == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ gBS->SignalEvent (RecycleEvent);
goto ON_EXIT;
}
@@ -667,6 +677,9 @@ Ip6IpSecProcessPacket ( );
if (Packet == NULL) {
+ Packet = IpSecWrap->Packet;
+ gBS->SignalEvent (RecycleEvent);
+ FreePool (IpSecWrap);
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
@@ -679,7 +692,8 @@ Ip6IpSecProcessPacket ( NET_BUF_HEAD
);
if (PacketHead == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
+ *Netbuf = Packet;
+ Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.c b/NetworkPkg/IpSecDxe/IpSecImpl.c index 63abfa6ba6..fe3a604ee4 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecImpl.c @@ -1596,7 +1596,7 @@ IpSecEspInboundPacket ( //
if (!SadData->Mode == EfiIPsecTunnel) {
if (IpVersion == IP_VERSION_4) {
- ((IP4_HEAD *) IpHead)->TotalLen = HTONS ((UINT16) (((IP4_HEAD *) IpHead)->HeadLen + PlainPayloadSize));
+ ((IP4_HEAD *) IpHead)->TotalLen = HTONS ((UINT16) ((((IP4_HEAD *) IpHead)->HeadLen << 2) + PlainPayloadSize));
} else {
IpSecHeadSize = IpSecGetPlainExtHeadSize (IpHead, LastHead);
((EFI_IP6_HEADER *) IpHead)->PayloadLength = HTONS ((UINT16)(IpSecHeadSize + PlainPayloadSize));
|