diff options
| author | qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-05-31 02:03:57 +0000 |
|---|---|---|
| committer | qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-05-31 02:03:57 +0000 |
| commit | 47b27101845c3ba525d1123fc87fa6cd5650ff77 (patch) | |
| tree | 96fdece5083a22f2425875e85ab49c3e303cb219 | |
| parent | b18e7050464b0809e0c8366219447e87c9124551 (diff) | |
| download | edk2-platforms-47b27101845c3ba525d1123fc87fa6cd5650ff77.tar.xz | |
Update the IPsec driver to check in invalid parameter of ProcessExt() according to UEFI Spec.
Signed-off-by: qianouyang
Reviewed-by: jjin9
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11714 6f19259b-4bc3-4df7-8a09-765794883524
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecImpl.c | 38 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecImpl.h | 18 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecMain.c | 9 |
3 files changed, 36 insertions, 29 deletions
diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.c b/NetworkPkg/IpSecDxe/IpSecImpl.c index 7ccbfa25ee..63abfa6ba6 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecImpl.c @@ -1,7 +1,7 @@ /** @file
The implementation of IPsec.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -1188,8 +1188,8 @@ IpSecTunnelInboundPacket ( @param[in] IpVersion The version of IP.
@param[in] SadData The related SAD data.
@param[in, out] LastHead The Last Header in IP header.
- @param[in] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in] OptionsLength Length of the options buffer. It is optional.
+ @param[in] OptionsBuffer Pointer to the options buffer.
+ @param[in] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
@@ -1360,8 +1360,8 @@ IpSecTunnelOutboundPacket ( to be trimed on input, and without ESP header
on return.
@param[out] LastHead The Last Header in IP header on return.
- @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in, out] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments in the form of IPsec
protected on input, and without IPsec protected
on return.
@@ -1382,8 +1382,8 @@ IpSecEspInboundPacket ( IN UINT8 IpVersion,
IN OUT VOID *IpHead,
OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer, OPTIONAL
- IN OUT UINT32 *OptionsLength, OPTIONAL
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount,
OUT EFI_IPSEC_SPD_SELECTOR **SpdSelector,
@@ -1647,8 +1647,8 @@ ON_EXIT: to be processed on input, and inserted ESP header
on return.
@param[in, out] LastHead The Last Header in IP header.
- @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in, out] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
@@ -1665,8 +1665,8 @@ IpSecEspOutboundPacket ( IN UINT8 IpVersion,
IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer, OPTIONAL
- IN OUT UINT32 *OptionsLength, OPTIONAL
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry,
@@ -2046,8 +2046,8 @@ ON_EXIT: to be trimed on input, and without ESP/AH header
on return.
@param[in, out] LastHead The Last Header in IP header on return.
- @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in, out] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
protected on input, and without IPsec protected
on return.
@@ -2064,8 +2064,8 @@ IpSecProtectInboundPacket ( IN UINT8 IpVersion,
IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer, OPTIONAL
- IN OUT UINT32 *OptionsLength, OPTIONAL
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount,
OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry,
@@ -2105,8 +2105,8 @@ IpSecProtectInboundPacket ( to be processed on input, and inserted ESP/AH header
on return.
@param[in, out] LastHead The Last Header in IP header.
- @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in, out] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
@@ -2123,8 +2123,8 @@ IpSecProtectOutboundPacket ( IN UINT8 IpVersion,
IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer, OPTIONAL
- IN OUT UINT32 *OptionsLength, OPTIONAL
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry,
diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.h b/NetworkPkg/IpSecDxe/IpSecImpl.h index 4237119d93..ff7a189395 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.h +++ b/NetworkPkg/IpSecDxe/IpSecImpl.h @@ -1,7 +1,7 @@ /** @file
The definitions related to IPsec protocol implementation.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -158,8 +158,8 @@ struct _IPSEC_PRIVATE_DATA { to be trimed on input, and without ESP/AH header
on return.
@param[in, out] LastHead The Last Header in IP header on return.
- @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in, out] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments in form of IPsec
protected on input, and without IPsec protected
on return.
@@ -176,8 +176,8 @@ IpSecProtectInboundPacket ( IN UINT8 IpVersion,
IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer, OPTIONAL
- IN OUT UINT32 *OptionsLength, OPTIONAL
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount,
OUT EFI_IPSEC_SPD_SELECTOR **SpdEntry,
@@ -196,8 +196,8 @@ IpSecProtectInboundPacket ( to be processed on input, and inserted ESP/AH header
on return.
@param[in, out] LastHead The Last Header in IP header.
- @param[in, out] OptionsBuffer Pointer to the options buffer. It is optional.
- @param[in, out] OptionsLength Length of the options buffer. It is optional.
+ @param[in, out] OptionsBuffer Pointer to the options buffer.
+ @param[in, out] OptionsLength Length of the options buffer.
@param[in, out] FragmentTable Pointer to a list of fragments to be protected by
IPsec on input, and with IPsec protected
on return.
@@ -214,8 +214,8 @@ IpSecProtectOutboundPacket ( IN UINT8 IpVersion,
IN OUT VOID *IpHead,
IN OUT UINT8 *LastHead,
- IN OUT VOID **OptionsBuffer, OPTIONAL
- IN OUT UINT32 *OptionsLength, OPTIONAL
+ IN OUT VOID **OptionsBuffer,
+ IN OUT UINT32 *OptionsLength,
IN OUT EFI_IPSEC_FRAGMENT_DATA **FragmentTable,
IN OUT UINT32 *FragmentCount,
IN IPSEC_SAD_ENTRY *SadEntry,
diff --git a/NetworkPkg/IpSecDxe/IpSecMain.c b/NetworkPkg/IpSecDxe/IpSecMain.c index f98f809ab8..a2fefa70d7 100644 --- a/NetworkPkg/IpSecDxe/IpSecMain.c +++ b/NetworkPkg/IpSecDxe/IpSecMain.c @@ -1,7 +1,7 @@ /** @file
The mian interface of IPsec Protocol.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -70,6 +70,13 @@ IpSecProcess ( UINT8 OldLastHead;
BOOLEAN IsOutbound;
+ if (OptionsBuffer == NULL ||
+ OptionsLength == NULL ||
+ FragmentTable == NULL ||
+ FragmentCount == NULL
+ ) {
+ return EFI_INVALID_PARAMETER;
+ }
Private = IPSEC_PRIVATE_DATA_FROM_IPSEC (This);
IpPayload = (*FragmentTable)[0].FragmentBuffer;
IsOutbound = (BOOLEAN) ((TrafficDirection == EfiIPsecOutBound) ? TRUE : FALSE);
|