sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NetworkPkg: Fix the potential NULL pointer dereferenced issue

Browse Source 
This patch is used to fix the potential NULL pointer dereferenced
in function 'ParseDnsResponse'.

Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19178 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Jiaxin Wu 2015-12-10 01:44:56 +00:00 committed by jiaxinwu
parent c2788f1c2b
commit 00c0c3f24f
1 changed files with 41 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
NetworkPkg/DnsDxe/DnsImpl.c
View File

@ -1199,19 +1199,28 @@ ParseDnsResponse (
// //
// Check the Query type, do some buffer allocations. // Check the Query type, do some buffer allocations.
// //
if (QuerySection->Type == DNS_TYPE_A) { if (Instance->Service->IpVersion == IP_VERSION_4) {
Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA)); ASSERT (Dns4TokenEntry != NULL);
ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL); if (QuerySection->Type == DNS_TYPE_A) {
Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS)); Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA));
ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL); ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL);
} else if (QuerySection->Type == DNS_TYPE_AAAA) { Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA)); ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL);
ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL); } else {
Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS)); Status = EFI_UNSUPPORTED;
ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL); goto ON_EXIT;
}
} else { } else {
Status = EFI_UNSUPPORTED; ASSERT (Dns6TokenEntry != NULL);
goto ON_EXIT; if (QuerySection->Type == DNS_TYPE_AAAA) {
Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA));
ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL);
Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL);
} else {
Status = EFI_UNSUPPORTED;
goto ON_EXIT;
}
} }
// //
@ -1240,7 +1249,7 @@ ParseDnsResponse (
// //
// This is address entry, get Data. // This is address entry, get Data.
// //
ASSERT (AnswerSection->DataLength == 4); ASSERT (Dns4TokenEntry != NULL && AnswerSection->DataLength == 4);
HostAddr4 = Dns4TokenEntry->Token->RspData.H2AData->IpList; HostAddr4 = Dns4TokenEntry->Token->RspData.H2AData->IpList;
AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection); AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection);
@ -1282,7 +1291,7 @@ ParseDnsResponse (
// //
// This is address entry, get Data. // This is address entry, get Data.
// //
ASSERT (AnswerSection->DataLength == 16); ASSERT (Dns6TokenEntry != NULL && AnswerSection->DataLength == 16);
HostAddr6 = Dns6TokenEntry->Token->RspData.H2AData->IpList; HostAddr6 = Dns6TokenEntry->Token->RspData.H2AData->IpList;
AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection); AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection);
@ -1333,16 +1342,29 @@ ParseDnsResponse (
AnswerSectionNum ++; AnswerSectionNum ++;
} }
if (QuerySection->Type == DNS_TYPE_A) { if (Instance->Service->IpVersion == IP_VERSION_4) {
Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount; ASSERT (Dns4TokenEntry != NULL);
} else if (QuerySection->Type == DNS_TYPE_AAAA) { if (QuerySection->Type == DNS_TYPE_A) {
Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount; Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
} else {
Status = EFI_UNSUPPORTED;
goto ON_EXIT;
}
} else {
ASSERT (Dns6TokenEntry != NULL);
if (QuerySection->Type == DNS_TYPE_AAAA) {
Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
} else {
Status = EFI_UNSUPPORTED;
goto ON_EXIT;
}
} }
// //
// Parsing is complete, SignalEvent here. // Parsing is complete, SignalEvent here.
// //
if (Instance->Service->IpVersion == IP_VERSION_4) { if (Instance->Service->IpVersion == IP_VERSION_4) {
ASSERT (Dns4TokenEntry != NULL);
Dns4RemoveTokenEntry (&Instance->Dns4TxTokens, Dns4TokenEntry); Dns4RemoveTokenEntry (&Instance->Dns4TxTokens, Dns4TokenEntry);
Dns4TokenEntry->Token->Status = EFI_SUCCESS; Dns4TokenEntry->Token->Status = EFI_SUCCESS;
if (Dns4TokenEntry->Token->Event != NULL) { if (Dns4TokenEntry->Token->Event != NULL) {
@ -1350,6 +1372,7 @@ ParseDnsResponse (
DispatchDpc (); DispatchDpc ();
} }
} else { } else {
ASSERT (Dns6TokenEntry != NULL);
Dns6RemoveTokenEntry (&Instance->Dns6TxTokens, Dns6TokenEntry); Dns6RemoveTokenEntry (&Instance->Dns6TxTokens, Dns6TokenEntry);
Dns6TokenEntry->Token->Status = EFI_SUCCESS; Dns6TokenEntry->Token->Status = EFI_SUCCESS;
if (Dns6TokenEntry->Token->Event != NULL) { if (Dns6TokenEntry->Token->Event != NULL) {