44eb974081
TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER element at the end of "Data": - Generally speaking, malformed input for a security API is best rejected explicitly. - Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If DataSize is 1 on input, then the initial check for (DataSize == 0) will fail, but then TlsSetCipherList() will be called with CipherNum=0. Return EFI_INVALID_PARAMETER from TlsSetSessionData() if "Data" doesn't contain a whole number of EFI_TLS_CIPHER elements. While at it, introduce the dedicated variable CipherCount. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>