diff options
| author | Fu Siyuan <siyuan.fu@intel.com> | 2016-11-16 13:37:15 +0800 |
|---|---|---|
| committer | Fu Siyuan <siyuan.fu@intel.com> | 2016-11-18 16:30:50 +0800 |
| commit | 632dcfd6857b6211ce3fe9755d3c11e74ef5d447 (patch) | |
| tree | 03c5766d7efa36d127b45d5c716561115ee62dd6 /NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | |
| parent | 4f6b33b460226bc1a54d8af2c0f4fe195f2f04ce (diff) | |
| download | edk2-platforms-632dcfd6857b6211ce3fe9755d3c11e74ef5d447.tar.xz | |
NetworkPkg: Check for the max DHCP packet length before use it.
This patch updates the PXE and HTTP boot driver to drop the input DHCP packet
if it exceed the maximum length.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
Diffstat (limited to 'NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c')
| -rw-r--r-- | NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c index eba8e1d27b..6a08e9a2de 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c @@ -1919,6 +1919,14 @@ PxeBcDhcp6CallBack ( switch (Dhcp6Event) {
case Dhcp6SendSolicit:
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {
+ //
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.
+ //
+ Status = EFI_ABORTED;
+ break;
+ }
+
//
// Record the first Solicate msg time
//
@@ -1934,6 +1942,12 @@ PxeBcDhcp6CallBack ( case Dhcp6RcvdAdvertise:
Status = EFI_NOT_READY;
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {
+ //
+ // Ignore the incoming packets which exceed the maximum length.
+ //
+ break;
+ }
if (Private->OfferNum < PXEBC_OFFER_MAX_NUM) {
//
// Cache the dhcp offers to OfferBuffer[] for select later, and record
@@ -1944,6 +1958,14 @@ PxeBcDhcp6CallBack ( break;
case Dhcp6SendRequest:
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {
+ //
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.
+ //
+ Status = EFI_ABORTED;
+ break;
+ }
+
//
// Store the request packet as seed packet for discover.
//
@@ -1975,6 +1997,13 @@ PxeBcDhcp6CallBack ( break;
case Dhcp6RcvdReply:
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {
+ //
+ // Abort the DHCP if the Peply packet exceeds the maximum length.
+ //
+ Status = EFI_ABORTED;
+ break;
+ }
//
// Cache the dhcp ack to Private->Dhcp6Ack, but it's not the final ack in mode data
// without verification.
|