diff options
| author | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-10-08 02:55:30 +0000 |
|---|---|---|
| committer | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-10-08 02:55:30 +0000 |
| commit | 02a758cb0b5bc8775d95e0a52acc483f850124a1 (patch) | |
| tree | 97021cedc2e4bf82766ce9a5f74c4beaf345833d /NetworkPkg | |
| parent | 4bc6ad3935d7b57e5eacda5e6e70b32d786d43dd (diff) | |
| download | edk2-platforms-02a758cb0b5bc8775d95e0a52acc483f850124a1.tar.xz | |
Add pointer check for NULL before dereference it.
Signed-off-by: sfu5
Reviewed-by: xdu2
Reviewed-by: ydong10
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12514 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'NetworkPkg')
| -rw-r--r-- | NetworkPkg/Ip6Dxe/Ip6Nd.c | 48 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Payload.c | 36 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Sa.c | 137 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Utility.c | 4 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecConfigImpl.c | 12 | ||||
| -rw-r--r-- | NetworkPkg/IpSecDxe/IpSecImpl.c | 1 |
6 files changed, 204 insertions, 34 deletions
diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c index 47ef74be52..4bcf1a6d44 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c @@ -1497,13 +1497,16 @@ Ip6ProcessNeighborSolicit ( goto Exit;
} else {
OptionLen = (UINT16) (Head->PayloadLength - IP6_ND_LENGTH);
- Option = NetbufGetByte (Packet, IP6_ND_LENGTH, NULL);
+ if (OptionLen != 0) {
+ Option = NetbufGetByte (Packet, IP6_ND_LENGTH, NULL);
+ ASSERT (Option != NULL);
- //
- // All included options should have a length that is greater than zero.
- //
- if (!Ip6IsNDOptionValid (Option, OptionLen)) {
- goto Exit;
+ //
+ // All included options should have a length that is greater than zero.
+ //
+ if (!Ip6IsNDOptionValid (Option, OptionLen)) {
+ goto Exit;
+ }
}
}
@@ -1733,13 +1736,16 @@ Ip6ProcessNeighborAdvertise ( goto Exit;
} else {
OptionLen = (UINT16) (Head->PayloadLength - IP6_ND_LENGTH);
- Option = NetbufGetByte (Packet, IP6_ND_LENGTH, NULL);
+ if (OptionLen != 0) {
+ Option = NetbufGetByte (Packet, IP6_ND_LENGTH, NULL);
+ ASSERT (Option != NULL);
- //
- // All included options should have a length that is greater than zero.
- //
- if (!Ip6IsNDOptionValid (Option, OptionLen)) {
- goto Exit;
+ //
+ // All included options should have a length that is greater than zero.
+ //
+ if (!Ip6IsNDOptionValid (Option, OptionLen)) {
+ goto Exit;
+ }
}
}
@@ -1982,10 +1988,13 @@ Ip6ProcessRouterAdvertise ( // All included options have a length that is greater than zero.
//
OptionLen = (UINT16) (Head->PayloadLength - IP6_RA_LENGTH);
- Option = NetbufGetByte (Packet, IP6_RA_LENGTH, NULL);
+ if (OptionLen != 0) {
+ Option = NetbufGetByte (Packet, IP6_RA_LENGTH, NULL);
+ ASSERT (Option != NULL);
- if (!Ip6IsNDOptionValid (Option, OptionLen)) {
- goto Exit;
+ if (!Ip6IsNDOptionValid (Option, OptionLen)) {
+ goto Exit;
+ }
}
//
@@ -2428,10 +2437,13 @@ Ip6ProcessRedirect ( // All included options have a length that is greater than zero.
//
OptionLen = (UINT16) (Head->PayloadLength - IP6_REDITECT_LENGTH);
- Option = NetbufGetByte (Packet, IP6_REDITECT_LENGTH, NULL);
+ if (OptionLen != 0) {
+ Option = NetbufGetByte (Packet, IP6_REDITECT_LENGTH, NULL);
+ ASSERT (Option != NULL);
- if (!Ip6IsNDOptionValid (Option, OptionLen)) {
- goto Exit;
+ if (!Ip6IsNDOptionValid (Option, OptionLen)) {
+ goto Exit;
+ }
}
Target = (EFI_IPv6_ADDRESS *) (Icmp + 1);
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Payload.c b/NetworkPkg/IpSecDxe/Ikev2/Payload.c index 438b437aec..333074d260 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Payload.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Payload.c @@ -1,7 +1,7 @@ /** @file
The implementation of Payloads Creation.
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -311,6 +311,9 @@ Ikev2GenerateCertIdPayload ( &CertSubject,
&SubjectSize
);
+ if (SubjectSize != 0) {
+ ASSERT (CertSubject != NULL);
+ }
IdSize = sizeof (IKEV2_ID) + SubjectSize;
@@ -757,7 +760,7 @@ Ikev2CertGenerateAuthPayload ( &SigSize
);
- if (SigSize == 0) {
+ if (SigSize == 0 || Signature == NULL) {
goto EXIT;
}
}
@@ -1231,6 +1234,10 @@ Ikev2GenerateDeletePayload ( // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
SpiBufSize = (UINT16) (SpiSize * SpiNum);
+ if (SpiBufSize != 0 && SpiBuf == NULL) {
+ return NULL;
+ }
+
DelPayloadLen = (UINT16) (sizeof (IKEV2_DELETE) + SpiBufSize);
Del = AllocateZeroPool (DelPayloadLen);
@@ -1498,6 +1505,9 @@ Ikev2GenerateCertificatePayload ( Fragment[0].DataSize = PublicKeyLen;
HashDataSize = IpSecGetHmacDigestLength (IKE_AALG_SHA1HMAC);
HashData = AllocateZeroPool (HashDataSize);
+ if (HashData == NULL) {
+ goto ON_EXIT;
+ }
Status = IpSecCryptoIoHash (
IKE_AALG_SHA1HMAC,
@@ -2289,6 +2299,10 @@ Ikev2DecodePacket ( IkeSaSession = IKEV2_SA_SESSION_FROM_COMMON (SessionCommon);
if (SessionCommon->IsInitiator) {
IkeSaSession->RespPacket = AllocateZeroPool (IkePacket->Header->Length);
+ if (IkeSaSession->RespPacket == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->RespPacketSize = IkePacket->Header->Length;
CopyMem (IkeSaSession->RespPacket, IkeHeader, sizeof (IKE_HEADER));
CopyMem (
@@ -2298,6 +2312,10 @@ Ikev2DecodePacket ( );
} else {
IkeSaSession->InitPacket = AllocateZeroPool (IkePacket->Header->Length);
+ if (IkeSaSession->InitPacket == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->InitPacketSize = IkePacket->Header->Length;
CopyMem (IkeSaSession->InitPacket, IkeHeader, sizeof (IKE_HEADER));
CopyMem (
@@ -2766,6 +2784,8 @@ Ikev2EncryptPacket ( UINTN CryptKeyLength;
HASH_DATA_FRAGMENT Fragments[1];
+ Status = EFI_SUCCESS;
+
//
// Initial all buffers to NULL.
//
@@ -2827,6 +2847,10 @@ Ikev2EncryptPacket ( //
IvSize = CryptBlockSize;
IvBuffer = (UINT8 *) AllocateZeroPool (IvSize);
+ if (IvBuffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
//
// Generate IV
@@ -2892,6 +2916,10 @@ Ikev2EncryptPacket ( IkePacket->Header->NextPayload = IKEV2_PAYLOAD_TYPE_ENCRYPT;
IntegrityBuf = AllocateZeroPool (IkePacket->Header->Length);
+ if (IntegrityBuf == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
IntegrityBufSize = IkePacket->Header->Length;
IkeHdrHostToNet (IkePacket->Header);
@@ -2905,6 +2933,10 @@ Ikev2EncryptPacket ( Fragments[0].DataSize = EncryptPayloadSize + sizeof (IKE_HEADER) - CheckSumSize;
CheckSumData = AllocateZeroPool (CheckSumSize);
+ if (CheckSumData == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
if (SessionCommon->IsInitiator) {
IpSecCryptoIoHmac (
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Sa.c b/NetworkPkg/IpSecDxe/Ikev2/Sa.c index e32d2567ea..ae13e4d1b4 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Sa.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Sa.c @@ -1496,6 +1496,7 @@ Ikev2GenerateSaKeys ( Digest = NULL;
OutputKey = NULL;
KeyBuffer = NULL;
+ Status = EFI_SUCCESS;
//
// Generate Gxy
@@ -1581,6 +1582,10 @@ Ikev2GenerateSaKeys ( 2 * AuthAlgKeyLen +
2 * IntegrityAlgKeyLen;
OutputKey = AllocateZeroPool (OutputKeyLength);
+ if (OutputKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
//
// Generate Seven Keymates.
@@ -1603,6 +1608,10 @@ Ikev2GenerateSaKeys ( // First, SK_d
//
IkeSaSession->IkeKeys->SkdKey = AllocateZeroPool (PrfAlgKeyLen);
+ if (IkeSaSession->IkeKeys->SkdKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->IkeKeys->SkdKeySize = PrfAlgKeyLen;
CopyMem (IkeSaSession->IkeKeys->SkdKey, OutputKey, PrfAlgKeyLen);
@@ -1612,6 +1621,10 @@ Ikev2GenerateSaKeys ( // Second, Sk_ai
//
IkeSaSession->IkeKeys->SkAiKey = AllocateZeroPool (IntegrityAlgKeyLen);
+ if (IkeSaSession->IkeKeys->SkAiKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->IkeKeys->SkAiKeySize = IntegrityAlgKeyLen;
CopyMem (IkeSaSession->IkeKeys->SkAiKey, OutputKey + PrfAlgKeyLen, IntegrityAlgKeyLen);
@@ -1621,6 +1634,10 @@ Ikev2GenerateSaKeys ( // Third, Sk_ar
//
IkeSaSession->IkeKeys->SkArKey = AllocateZeroPool (IntegrityAlgKeyLen);
+ if (IkeSaSession->IkeKeys->SkArKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->IkeKeys->SkArKeySize = IntegrityAlgKeyLen;
CopyMem (
IkeSaSession->IkeKeys->SkArKey,
@@ -1634,6 +1651,10 @@ Ikev2GenerateSaKeys ( // Fourth, Sk_ei
//
IkeSaSession->IkeKeys->SkEiKey = AllocateZeroPool (EncryptAlgKeyLen);
+ if (IkeSaSession->IkeKeys->SkEiKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->IkeKeys->SkEiKeySize = EncryptAlgKeyLen;
CopyMem (
@@ -1651,6 +1672,10 @@ Ikev2GenerateSaKeys ( // Fifth, Sk_er
//
IkeSaSession->IkeKeys->SkErKey = AllocateZeroPool (EncryptAlgKeyLen);
+ if (IkeSaSession->IkeKeys->SkErKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->IkeKeys->SkErKeySize = EncryptAlgKeyLen;
CopyMem (
@@ -1668,6 +1693,10 @@ Ikev2GenerateSaKeys ( // Sixth, Sk_pi
//
IkeSaSession->IkeKeys->SkPiKey = AllocateZeroPool (AuthAlgKeyLen);
+ if (IkeSaSession->IkeKeys->SkPiKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->IkeKeys->SkPiKeySize = AuthAlgKeyLen;
CopyMem (
@@ -1685,6 +1714,10 @@ Ikev2GenerateSaKeys ( // Seventh, Sk_pr
//
IkeSaSession->IkeKeys->SkPrKey = AllocateZeroPool (AuthAlgKeyLen);
+ if (IkeSaSession->IkeKeys->SkPrKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
IkeSaSession->IkeKeys->SkPrKeySize = AuthAlgKeyLen;
CopyMem (
@@ -1709,6 +1742,31 @@ Exit: if (OutputKey != NULL) {
FreePool (OutputKey);
}
+
+ if (EFI_ERROR(Status)) {
+ if (IkeSaSession->IkeKeys->SkdKey != NULL) {
+ FreePool (IkeSaSession->IkeKeys->SkdKey);
+ }
+ if (IkeSaSession->IkeKeys->SkAiKey != NULL) {
+ FreePool (IkeSaSession->IkeKeys->SkAiKey);
+ }
+ if (IkeSaSession->IkeKeys->SkArKey != NULL) {
+ FreePool (IkeSaSession->IkeKeys->SkArKey);
+ }
+ if (IkeSaSession->IkeKeys->SkEiKey != NULL) {
+ FreePool (IkeSaSession->IkeKeys->SkEiKey);
+ }
+ if (IkeSaSession->IkeKeys->SkErKey != NULL) {
+ FreePool (IkeSaSession->IkeKeys->SkErKey);
+ }
+ if (IkeSaSession->IkeKeys->SkPiKey != NULL) {
+ FreePool (IkeSaSession->IkeKeys->SkPiKey);
+ }
+ if (IkeSaSession->IkeKeys->SkPrKey != NULL) {
+ FreePool (IkeSaSession->IkeKeys->SkPrKey);
+ }
+ }
+
return Status;
}
@@ -1737,6 +1795,9 @@ Ikev2GenerateChildSaKeys ( UINT8* OutputKey;
UINTN OutputKeyLength;
+ Status = EFI_SUCCESS;
+ OutputKey = NULL;
+
if (KePayload != NULL) {
//
// Generate Gxy
@@ -1760,7 +1821,8 @@ Ikev2GenerateChildSaKeys ( OutputKeyLength = 2 * EncryptAlgKeyLen + 2 * IntegrityAlgKeyLen;
if ((EncryptAlgKeyLen == 0) || (IntegrityAlgKeyLen == 0)) {
- return EFI_UNSUPPORTED;
+ Status = EFI_UNSUPPORTED;
+ goto Exit;
}
//
@@ -1769,6 +1831,10 @@ Ikev2GenerateChildSaKeys ( // otherwise, KEYMAT = prf+(SK_d, Ni | Nr )
//
OutputKey = AllocateZeroPool (OutputKeyLength);
+ if (OutputKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
//
// Derive Key from the SkdKey Buffer.
@@ -1784,8 +1850,7 @@ Ikev2GenerateChildSaKeys ( );
if (EFI_ERROR (Status)) {
- FreePool (OutputKey);
- return Status;
+ goto Exit;
}
//
@@ -1800,6 +1865,10 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,
@@ -1813,7 +1882,11 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);
-
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,
OutputKey + EncryptAlgKeyLen,
@@ -1826,7 +1899,11 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);
-
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -1839,6 +1916,10 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,
@@ -1852,7 +1933,11 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);
-
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,
OutputKey,
@@ -1865,7 +1950,11 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);
-
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,
OutputKey + EncryptAlgKeyLen,
@@ -1878,7 +1967,11 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);
-
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -1891,7 +1984,11 @@ Ikev2GenerateChildSaKeys ( ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);
-
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
CopyMem (
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,
OutputKey + 2 * EncryptAlgKeyLen + IntegrityAlgKeyLen,
@@ -1920,7 +2017,27 @@ Ikev2GenerateChildSaKeys ( IntegrityAlgKeyLen
);
- FreePool (OutputKey);
+
+
+Exit:
+ if (EFI_ERROR (Status)) {
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey != NULL) {
+ FreePool (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey);
+ }
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey != NULL) {
+ FreePool (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey);
+ }
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey != NULL) {
+ FreePool (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey);
+ }
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey != NULL) {
+ FreePool (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey);
+ }
+ }
+
+ if (OutputKey != NULL) {
+ FreePool (OutputKey);
+ }
return EFI_SUCCESS;
}
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c index 4c461b3742..80720ffb03 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c @@ -1,7 +1,7 @@ /** @file
The Common operations used by IKE Exchange Process.
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -947,6 +947,7 @@ Ikev2ChildSaSilentDelete ( //
IsRemoteFound = TRUE;
RemoteSelector = AllocateZeroPool (SelectorSize);
+ ASSERT (RemoteSelector != NULL);
CopyMem (RemoteSelector, Selector, SelectorSize);
}
@@ -957,6 +958,7 @@ Ikev2ChildSaSilentDelete ( //
IsLocalFound = TRUE;
LocalSelector = AllocateZeroPool (SelectorSize);
+ ASSERT (LocalSelector != NULL);
CopyMem (LocalSelector, Selector, SelectorSize);
}
}
diff --git a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c b/NetworkPkg/IpSecDxe/IpSecConfigImpl.c index 87f85e7ca6..6eabfe45de 100644 --- a/NetworkPkg/IpSecDxe/IpSecConfigImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecConfigImpl.c @@ -1,7 +1,7 @@ /** @file
The implementation of IPSEC_CONFIG_PROTOCOL.
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -2196,6 +2196,10 @@ IpSecGetVariable ( VariableNameISizeNew,
VariableNameI
);
+ if (VariableNameI == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ break;
+ }
VariableNameISize = VariableNameISizeNew;
Status = gRT->GetNextVariableName (
@@ -2272,7 +2276,9 @@ IpSecGetVariable ( }
ON_EXIT:
- FreePool (VariableNameI);
+ if (VariableNameI != NULL) {
+ FreePool (VariableNameI);
+ }
return Status;
}
@@ -2700,7 +2706,7 @@ IpSecCopyPolicyEntry ( Buffer->Capacity += EntrySize;
TempPoint = AllocatePool (Buffer->Capacity);
- if (Buffer->Ptr == NULL) {
+ if (TempPoint == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
diff --git a/NetworkPkg/IpSecDxe/IpSecImpl.c b/NetworkPkg/IpSecDxe/IpSecImpl.c index 4737257809..50cd4d8540 100644 --- a/NetworkPkg/IpSecDxe/IpSecImpl.c +++ b/NetworkPkg/IpSecDxe/IpSecImpl.c @@ -1237,6 +1237,7 @@ IpSecTunnelOutboundPacket ( );
} else {
InnerHead = AllocateZeroPool (sizeof (EFI_IP6_HEADER) + *OptionsLength);
+ ASSERT (InnerHead != NULL);
CopyMem (
InnerHead,
IpHead,
|