summaryrefslogtreecommitdiff
path: root/NetworkPkg/IpSecDxe/Ikev2/Utility.c
diff options
context:
space:
mode:
authorJiaxin Wu <jiaxin.wu@intel.com>2016-06-17 11:59:47 +0800
committerHao Wu <hao.a.wu@intel.com>2016-07-07 15:00:49 +0800
commit8494eaf3091906401a0ff91f841962de41c9ebd7 (patch)
tree5f7769083c0001a20df4b446f1294b41c30658b1 /NetworkPkg/IpSecDxe/Ikev2/Utility.c
parentadccd38663ea5e21f348ab448e44d9ab0254775d (diff)
downloadedk2-platforms-8494eaf3091906401a0ff91f841962de41c9ebd7.tar.xz
NetworkPkg: Remove ASSERT and use error handling in IpSecDxe
This patch is used to refine the code by removing ASSERT and using error handling in IpSecDxe driver. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> (cherry picked from commit 6b16c9e7eaf0059352d39b64ffa542e38b1e8dcf)
Diffstat (limited to 'NetworkPkg/IpSecDxe/Ikev2/Utility.c')
-rw-r--r--NetworkPkg/IpSecDxe/Ikev2/Utility.c151
1 files changed, 124 insertions, 27 deletions
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
index 16be09e14a..4db7f3fbbe 100644
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@@ -2,7 +2,7 @@
The Common operations used by IKE Exchange Process.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -57,7 +57,9 @@ Ikev2SaSessionAlloc (
IKEV2_SA_SESSION *IkeSaSession;
IkeSaSession = AllocateZeroPool (sizeof (IKEV2_SA_SESSION));
- ASSERT (IkeSaSession != NULL);
+ if (IkeSaSession == NULL) {
+ return NULL;
+ }
//
// Initialize the fields of IkeSaSession and its SessionCommon.
@@ -910,9 +912,9 @@ Ikev2ChildSaSilentDelete (
SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
Selector = AllocateZeroPool (SelectorSize);
- ASSERT (Selector != NULL);
-
-
+ if (Selector == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
while (1) {
Status = EfiIpSecConfigGetNextSelector (
@@ -925,7 +927,11 @@ Ikev2ChildSaSilentDelete (
FreePool (Selector);
Selector = AllocateZeroPool (SelectorSize);
- ASSERT (Selector != NULL);
+ if (Selector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ break;
+ }
+
Status = EfiIpSecConfigGetNextSelector (
&Private->IpSecConfig,
IPsecConfigDataTypeSad,
@@ -945,7 +951,11 @@ Ikev2ChildSaSilentDelete (
//
IsRemoteFound = TRUE;
RemoteSelector = AllocateZeroPool (SelectorSize);
- ASSERT (RemoteSelector != NULL);
+ if (RemoteSelector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ break;
+ }
+
CopyMem (RemoteSelector, Selector, SelectorSize);
}
@@ -956,7 +966,11 @@ Ikev2ChildSaSilentDelete (
//
IsLocalFound = TRUE;
LocalSelector = AllocateZeroPool (SelectorSize);
- ASSERT (LocalSelector != NULL);
+ if (LocalSelector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ break;
+ }
+
CopyMem (LocalSelector, Selector, SelectorSize);
}
}
@@ -1272,7 +1286,11 @@ Ikev2InitializeSaData (
ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
- ASSERT (ProposalData->Spi != NULL);
+ if (ProposalData->Spi == NULL) {
+ FreePool (SaData);
+ return NULL;
+ }
+
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1340,7 +1358,12 @@ Ikev2InitializeSaData (
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->NumTransforms = 3;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
- ASSERT (ProposalData->Spi != NULL);
+ if (ProposalData->Spi == NULL) {
+ FreePool (((IKEV2_PROPOSAL_DATA *) (SaData + 1))->Spi);
+ FreePool (SaData);
+ return NULL;
+ }
+
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1733,17 +1756,27 @@ Ikev2ResendNotify (
than the one in ChildSaSession->Spd, especially for the tunnel mode.
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
+
+ @retval EFI_SUCCESS The operation complete successfully.
+ @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
**/
-VOID
+EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate (
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession
)
{
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
if (ChildSaSession->Spd != NULL && ChildSaSession->Spd->Selector != NULL) {
if (ChildSaSession->SpdSelector == NULL) {
ChildSaSession->SpdSelector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR));
- ASSERT (ChildSaSession->SpdSelector != NULL);
+ if (ChildSaSession->SpdSelector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
}
CopyMem (
ChildSaSession->SpdSelector,
@@ -1755,18 +1788,34 @@ Ikev2ChildSaSessionSpdSelectorCreate (
sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->RemoteAddress
);
+ if (ChildSaSession->SpdSelector->RemoteAddress == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+
+ FreePool (ChildSaSession->SpdSelector);
+
+ return Status;
+ }
+
ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool (
ChildSaSession->Spd->Selector->LocalAddressCount *
sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->LocalAddress
);
+ if (ChildSaSession->SpdSelector->LocalAddress == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+
+ FreePool (ChildSaSession->SpdSelector->RemoteAddress);
- ASSERT (ChildSaSession->SpdSelector->LocalAddress != NULL);
- ASSERT (ChildSaSession->SpdSelector->RemoteAddress != NULL);
+ FreePool (ChildSaSession->SpdSelector);
+
+ return Status;
+ }
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount;
ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount;
}
+
+ return Status;
}
/**
@@ -1791,7 +1840,9 @@ Ikev2ChildSaSessionCreate (
// Create a new ChildSaSession.Insert it into processing list and initiate the common parameters.
//
ChildSaSession = Ikev2ChildSaSessionAlloc (UdpService, IkeSaSession);
- ASSERT (ChildSaSession != NULL);
+ if (ChildSaSession == NULL) {
+ return NULL;
+ }
//
// Set the specific parameters.
@@ -1812,18 +1863,29 @@ Ikev2ChildSaSessionCreate (
// The ChildSaSession->SpdSelector might be changed after the traffic selector
// negoniation and it will be copied into the SAData after ChildSA established.
//
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);
+ if (EFI_ERROR (Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession))) {
+ Ikev2ChildSaSessionFree (ChildSaSession);
+ return NULL;
+ }
//
// Copy first NiBlock and NrBlock to ChildSa Session
//
ChildSaSession->NiBlock = AllocateZeroPool (IkeSaSession->NiBlkSize);
- ASSERT (ChildSaSession->NiBlock != NULL);
+ if (ChildSaSession->NiBlock == NULL) {
+ Ikev2ChildSaSessionFree (ChildSaSession);
+ return NULL;
+ }
+
ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize;
CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);
ChildSaSession->NrBlock = AllocateZeroPool (IkeSaSession->NrBlkSize);
- ASSERT (ChildSaSession->NrBlock != NULL);
+ if (ChildSaSession->NrBlock == NULL) {
+ Ikev2ChildSaSessionFree (ChildSaSession);
+ return NULL;
+ }
+
ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize;
CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
@@ -2196,7 +2258,10 @@ Ikev2SaParseSaPayload (
// Find the matched one.
//
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
+ if (IkeSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@@ -2211,7 +2276,10 @@ Ikev2SaParseSaPayload (
sizeof (IKEV2_PROPOSAL_DATA) +
sizeof (IKEV2_TRANSFORM_DATA) * 4;
IkeSaSession->SaData = AllocateZeroPool (SaDataSize);
- ASSERT (IkeSaSession->SaData != NULL);
+ if (IkeSaSession->SaData == NULL) {
+ FreePool (IkeSaSession->SessionCommon.SaParams);
+ return FALSE;
+ }
IkeSaSession->SaData->NumProposals = 1;
@@ -2227,6 +2295,7 @@ Ikev2SaParseSaPayload (
);
((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1;
+
return TRUE;
} else {
PreferEncryptAlgorithm = 0;
@@ -2302,7 +2371,10 @@ Ikev2SaParseSaPayload (
if (IsMatch) {
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
+ if (IkeSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@@ -2313,6 +2385,7 @@ Ikev2SaParseSaPayload (
return TRUE;
}
}
+
return FALSE;
}
@@ -2393,7 +2466,10 @@ Ikev2ChildSaParseSaPayload (
// Find the matched one.
//
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
+ if (ChildSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2407,7 +2483,10 @@ Ikev2ChildSaParseSaPayload (
sizeof (IKEV2_TRANSFORM_DATA) * 4;
ChildSaSession->SaData = AllocateZeroPool (SaDataSize);
- ASSERT (ChildSaSession->SaData != NULL);
+ if (ChildSaSession->SaData == NULL) {
+ FreePool (ChildSaSession->SessionCommon.SaParams);
+ return FALSE;
+ }
ChildSaSession->SaData->NumProposals = 1;
@@ -2428,7 +2507,14 @@ Ikev2ChildSaParseSaPayload (
sizeof (ChildSaSession->LocalPeerSpi),
&ChildSaSession->LocalPeerSpi
);
- ASSERT (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi != NULL);
+ if (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi == NULL) {
+ FreePool (ChildSaSession->SessionCommon.SaParams);
+
+ FreePool (ChildSaSession->SaData );
+
+ return FALSE;
+ }
+
return TRUE;
} else {
@@ -2498,7 +2584,10 @@ Ikev2ChildSaParseSaPayload (
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);
if (IsMatch) {
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
+ if (ChildSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2607,7 +2696,11 @@ Ikev2SaGenerateKey (
}
LocalFragments[1].Data = AllocateZeroPool (FragmentsSize);
- ASSERT (LocalFragments[1].Data != NULL);
+ if (LocalFragments[1].Data == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
LocalFragments[1].DataSize = FragmentsSize;
//
@@ -2633,7 +2726,11 @@ Ikev2SaGenerateKey (
// Allocate buffer for the first fragment
//
LocalFragments[0].Data = AllocateZeroPool (AuthKeyLength);
- ASSERT (LocalFragments[0].Data != NULL);
+ if (LocalFragments[0].Data == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
LocalFragments[0].DataSize = AuthKeyLength;
Round = (OutputKeyLength - 1) / AuthKeyLength + 1;