From a35dc6499beb0b76c340379a06dff74a8d38095a Mon Sep 17 00:00:00 2001 From: Fu Siyuan Date: Fri, 16 Dec 2016 15:56:42 +0800 Subject: NetworkPkg: Replace ASSERT with error return code in PXE and HTTP boot driver. This patch remove the ASSERT when receive a DHCP packet large than the maximum cache buffer size. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan Reviewed-by: Ye Ting Reviewed-by: Wu Jiaxin --- NetworkPkg/HttpBootDxe/HttpBootDhcp4.c | 32 +++++++++++++++++++++++++++----- NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 29 +++++++++++++++++++++++------ 2 files changed, 50 insertions(+), 11 deletions(-) (limited to 'NetworkPkg/HttpBootDxe') diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c index a47a8f494f..fcea916225 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp4.c @@ -220,17 +220,24 @@ HttpBootParseDhcp4Options ( @param[in] Dst Pointer to the cache buffer for DHCPv4 packet. @param[in] Src Pointer to the DHCPv4 packet to be cached. + @retval EFI_SUCCESS Packet is copied. + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough to hold the packet. + **/ -VOID +EFI_STATUS HttpBootCacheDhcp4Packet ( IN EFI_DHCP4_PACKET *Dst, IN EFI_DHCP4_PACKET *Src ) { - ASSERT (Dst->Size >= Src->Length); + if (Dst->Size < Src->Length) { + return EFI_BUFFER_TOO_SMALL; + } CopyMem (&Dst->Dhcp4, &Src->Dhcp4, Src->Length); Dst->Length = Src->Length; + + return EFI_SUCCESS; } /** @@ -429,8 +436,10 @@ HttpBootParseDhcp4Packet ( @param[in] Private Pointer to HTTP boot driver private data. @param[in] RcvdOffer Pointer to the received offer packet. + @retval EFI_SUCCESS Cache and parse the packet successfully. + @retval Others Operation failed. **/ -VOID +EFI_STATUS HttpBootCacheDhcp4Offer ( IN HTTP_BOOT_PRIVATE_DATA *Private, IN EFI_DHCP4_PACKET *RcvdOffer @@ -439,6 +448,7 @@ HttpBootCacheDhcp4Offer ( HTTP_BOOT_DHCP4_PACKET_CACHE *Cache4; EFI_DHCP4_PACKET *Offer; HTTP_BOOT_OFFER_TYPE OfferType; + EFI_STATUS Status; ASSERT (Private->OfferNum < HTTP_BOOT_OFFER_MAX_NUM); Cache4 = &Private->OfferBuffer[Private->OfferNum].Dhcp4; @@ -447,13 +457,16 @@ HttpBootCacheDhcp4Offer ( // // Cache the content of DHCPv4 packet firstly. // - HttpBootCacheDhcp4Packet (Offer, RcvdOffer); + Status = HttpBootCacheDhcp4Packet (Offer, RcvdOffer); + if (EFI_ERROR (Status)) { + return Status; + } // // Validate the DHCPv4 packet, and parse the options and offer type. // if (EFI_ERROR (HttpBootParseDhcp4Packet (Cache4))) { - return; + return EFI_ABORTED; } // @@ -465,6 +478,8 @@ HttpBootCacheDhcp4Offer ( Private->OfferIndex[OfferType][Private->OfferCount[OfferType]] = Private->OfferNum; Private->OfferCount[OfferType]++; Private->OfferNum++; + + return EFI_SUCCESS; } /** @@ -618,10 +633,17 @@ HttpBootDhcp4CallBack ( switch (Dhcp4Event) { case Dhcp4RcvdOffer: Status = EFI_NOT_READY; + if (Packet->Length > HTTP_BOOT_DHCP4_PACKET_MAX_SIZE) { + // + // Ignore the incoming packets which exceed the maximum length. + // + break; + } if (Private->OfferNum < HTTP_BOOT_OFFER_MAX_NUM) { // // Cache the DHCPv4 offers to OfferBuffer[] for select later, and record // the OfferIndex and OfferCount. + // If error happens, just ignore this packet and continue to wait more offer. // HttpBootCacheDhcp4Offer (Private, Packet); } diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c index ca84f2ad9b..f2b81957b7 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c @@ -329,17 +329,24 @@ HttpBootParseDhcp6Packet ( @param[in] Dst The pointer to the cache buffer for DHCPv6 packet. @param[in] Src The pointer to the DHCPv6 packet to be cached. + @retval EFI_SUCCESS Packet is copied. + @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough to hold the packet. + **/ -VOID +EFI_STATUS HttpBootCacheDhcp6Packet ( IN EFI_DHCP6_PACKET *Dst, IN EFI_DHCP6_PACKET *Src ) { - ASSERT (Dst->Size >= Src->Length); + if (Dst->Size < Src->Length) { + return EFI_BUFFER_TOO_SMALL; + } CopyMem (&Dst->Dhcp6, &Src->Dhcp6, Src->Length); Dst->Length = Src->Length; + + return EFI_SUCCESS; } /** @@ -348,8 +355,11 @@ HttpBootCacheDhcp6Packet ( @param[in] Private The pointer to HTTP_BOOT_PRIVATE_DATA. @param[in] RcvdOffer The pointer to the received offer packet. + @retval EFI_SUCCESS Cache and parse the packet successfully. + @retval Others Operation failed. + **/ -VOID +EFI_STATUS HttpBootCacheDhcp6Offer ( IN HTTP_BOOT_PRIVATE_DATA *Private, IN EFI_DHCP6_PACKET *RcvdOffer @@ -358,6 +368,7 @@ HttpBootCacheDhcp6Offer ( HTTP_BOOT_DHCP6_PACKET_CACHE *Cache6; EFI_DHCP6_PACKET *Offer; HTTP_BOOT_OFFER_TYPE OfferType; + EFI_STATUS Status; Cache6 = &Private->OfferBuffer[Private->OfferNum].Dhcp6; Offer = &Cache6->Packet.Offer; @@ -365,13 +376,16 @@ HttpBootCacheDhcp6Offer ( // // Cache the content of DHCPv6 packet firstly. // - HttpBootCacheDhcp6Packet(Offer, RcvdOffer); + Status = HttpBootCacheDhcp6Packet(Offer, RcvdOffer); + if (EFI_ERROR (Status)) { + return Status; + } // // Validate the DHCPv6 packet, and parse the options and offer type. // if (EFI_ERROR (HttpBootParseDhcp6Packet (Cache6))) { - return ; + return EFI_ABORTED; } // @@ -382,7 +396,9 @@ HttpBootCacheDhcp6Offer ( ASSERT (Private->OfferCount[OfferType] < HTTP_BOOT_OFFER_MAX_NUM); Private->OfferIndex[OfferType][Private->OfferCount[OfferType]] = Private->OfferNum; Private->OfferCount[OfferType]++; - Private->OfferNum++; + Private->OfferNum++; + + return EFI_SUCCESS; } /** @@ -437,6 +453,7 @@ HttpBootDhcp6CallBack ( // // Cache the dhcp offers to OfferBuffer[] for select later, and record // the OfferIndex and OfferCount. + // If error happens, just ignore this packet and continue to wait more offer. // HttpBootCacheDhcp6Offer (Private, Packet); } -- cgit v1.2.3