From ce8e582c06ef3d82b1df93a7de289ef7d9905c4a Mon Sep 17 00:00:00 2001
From: Hao Wu <hao.a.wu@intel.com>
Date: Wed, 16 Nov 2016 13:52:20 +0800
Subject: NetworkPkg/IpSecDxe: Add check to avoid possible divide by zero

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
---
 NetworkPkg/IpSecDxe/Ikev2/Utility.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'NetworkPkg/IpSecDxe')

diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
index c3655328c4..2ca7f3c63c 100644
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@@ -2,7 +2,7 @@
   The Common operations used by IKE Exchange Process.
 
   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-  Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
 
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
@@ -2627,6 +2627,8 @@ Ikev2ChildSaParseSaPayload (
 
   @retval EFI_SUCCESS            The operation complete successfully.
   @retval EFI_INVALID_PARAMETER  If NumFragments is zero.
+                                 If the authentication algorithm given by HashAlgId
+                                 cannot be found.
   @retval EFI_OUT_OF_RESOURCES   If the required resource can't be allocated.
   @retval Others                 The operation is failed.
 
@@ -2663,6 +2665,10 @@ Ikev2SaGenerateKey (
   LocalFragments[2].Data = NULL;
 
   AuthKeyLength = IpSecGetHmacDigestLength (HashAlgId);
+  if (AuthKeyLength == 0) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   DigestSize    = AuthKeyLength;
   Digest        = AllocateZeroPool (AuthKeyLength);
 
-- 
cgit v1.2.3