summaryrefslogtreecommitdiff
path: root/MdeModulePkg/Library
diff options
context:
space:
mode:
authorJiaxin Wu <jiaxin.wu@intel.com>2017-03-27 14:45:50 +0800
committerJiaxin Wu <jiaxin.wu@intel.com>2017-03-30 11:32:49 +0800
commitd3017dd96bf96521cbb87a26bb9dd09f8aa5811d (patch)
tree3d8aebb51d77be5bfe6c6d92fce618030c9cbb73 /MdeModulePkg/Library
parent7571a1c191e19b48d33a33c8b7763b49999700ee (diff)
downloadedk2-platforms-d3017dd96bf96521cbb87a26bb9dd09f8aa5811d.tar.xz
MdeModulePkg/DxeHttpLib: Fix the incorrect return status if URI port is invalid
Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Zhang Lubo <lubo.zhang@intel.com>
Diffstat (limited to 'MdeModulePkg/Library')
-rw-r--r--MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c15
-rw-r--r--MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h5
2 files changed, 19 insertions, 1 deletions
diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
index 2ff04ffad3..8e29213a4f 100644
--- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -692,6 +692,7 @@ HttpUrlGetPort (
{
CHAR8 *PortString;
EFI_STATUS Status;
+ UINTN Index;
UINTN Data;
UINT32 ResultLength;
HTTP_URL_PARSER *Parser;
@@ -700,6 +701,9 @@ HttpUrlGetPort (
return EFI_INVALID_PARAMETER;
}
+ *Port = 0;
+ Index = 0;
+
Parser = (HTTP_URL_PARSER*) UrlParser;
if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_PORT)) == 0) {
@@ -723,8 +727,19 @@ HttpUrlGetPort (
PortString[ResultLength] = '\0';
+ while (Index < ResultLength) {
+ if (!NET_IS_DIGIT (PortString[Index])) {
+ return EFI_INVALID_PARAMETER;
+ }
+ Index ++;
+ }
+
Status = AsciiStrDecimalToUintnS (Url + Parser->FieldData[HTTP_URI_FIELD_PORT].Offset, (CHAR8 **) NULL, &Data);
+ if (Data > HTTP_URI_PORT_MAX_NUM || Data < HTTP_URI_PORT_MIN_NUM) {
+ return EFI_INVALID_PARAMETER;
+ }
+
*Port = (UINT16) Data;
return Status;
}
diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h
index 0d0ad3d8ff..5ee0fdc619 100644
--- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h
+++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h
@@ -1,7 +1,7 @@
/** @file
Header file for HttpLib.
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
@@ -50,6 +50,9 @@ Header file for HttpLib.
#define HTTP_URI_FIELD_PORT 7
#define HTTP_URI_FIELD_MAX 8
+#define HTTP_URI_PORT_MIN_NUM 0
+#define HTTP_URI_PORT_MAX_NUM 65535
+
//
// Structure to store the parse result of a HTTP URL.
//