diff options
Diffstat (limited to 'NetworkPkg/IpSecDxe/Ikev2/Utility.c')
| -rw-r--r-- | NetworkPkg/IpSecDxe/Ikev2/Utility.c | 151 |
1 files changed, 124 insertions, 27 deletions
diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c index aa3e440a0e..5b26ba1d02 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c @@ -2,7 +2,7 @@ The Common operations used by IKE Exchange Process.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
- Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -57,7 +57,9 @@ Ikev2SaSessionAlloc ( IKEV2_SA_SESSION *IkeSaSession;
IkeSaSession = AllocateZeroPool (sizeof (IKEV2_SA_SESSION));
- ASSERT (IkeSaSession != NULL);
+ if (IkeSaSession == NULL) {
+ return NULL;
+ }
//
// Initialize the fields of IkeSaSession and its SessionCommon.
@@ -908,9 +910,9 @@ Ikev2ChildSaSilentDelete ( SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
Selector = AllocateZeroPool (SelectorSize);
- ASSERT (Selector != NULL);
-
-
+ if (Selector == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
while (1) {
Status = EfiIpSecConfigGetNextSelector (
@@ -923,7 +925,11 @@ Ikev2ChildSaSilentDelete ( FreePool (Selector);
Selector = AllocateZeroPool (SelectorSize);
- ASSERT (Selector != NULL);
+ if (Selector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ break;
+ }
+
Status = EfiIpSecConfigGetNextSelector (
&Private->IpSecConfig,
IPsecConfigDataTypeSad,
@@ -943,7 +949,11 @@ Ikev2ChildSaSilentDelete ( //
IsRemoteFound = TRUE;
RemoteSelector = AllocateZeroPool (SelectorSize);
- ASSERT (RemoteSelector != NULL);
+ if (RemoteSelector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ break;
+ }
+
CopyMem (RemoteSelector, Selector, SelectorSize);
}
@@ -954,7 +964,11 @@ Ikev2ChildSaSilentDelete ( //
IsLocalFound = TRUE;
LocalSelector = AllocateZeroPool (SelectorSize);
- ASSERT (LocalSelector != NULL);
+ if (LocalSelector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ break;
+ }
+
CopyMem (LocalSelector, Selector, SelectorSize);
}
}
@@ -1270,7 +1284,11 @@ Ikev2InitializeSaData ( ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
- ASSERT (ProposalData->Spi != NULL);
+ if (ProposalData->Spi == NULL) {
+ FreePool (SaData);
+ return NULL;
+ }
+
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1338,7 +1356,12 @@ Ikev2InitializeSaData ( ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->NumTransforms = 3;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
- ASSERT (ProposalData->Spi != NULL);
+ if (ProposalData->Spi == NULL) {
+ FreePool (((IKEV2_PROPOSAL_DATA *) (SaData + 1))->Spi);
+ FreePool (SaData);
+ return NULL;
+ }
+
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1731,17 +1754,27 @@ Ikev2ResendNotify ( than the one in ChildSaSession->Spd, especially for the tunnel mode.
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
+
+ @retval EFI_SUCCESS The operation complete successfully.
+ @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
**/
-VOID
+EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate (
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession
)
{
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
if (ChildSaSession->Spd != NULL && ChildSaSession->Spd->Selector != NULL) {
if (ChildSaSession->SpdSelector == NULL) {
ChildSaSession->SpdSelector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR));
- ASSERT (ChildSaSession->SpdSelector != NULL);
+ if (ChildSaSession->SpdSelector == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
}
CopyMem (
ChildSaSession->SpdSelector,
@@ -1753,18 +1786,34 @@ Ikev2ChildSaSessionSpdSelectorCreate ( sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->RemoteAddress
);
+ if (ChildSaSession->SpdSelector->RemoteAddress == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+
+ FreePool (ChildSaSession->SpdSelector);
+
+ return Status;
+ }
+
ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool (
ChildSaSession->Spd->Selector->LocalAddressCount *
sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->LocalAddress
);
+ if (ChildSaSession->SpdSelector->LocalAddress == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+
+ FreePool (ChildSaSession->SpdSelector->RemoteAddress);
- ASSERT (ChildSaSession->SpdSelector->LocalAddress != NULL);
- ASSERT (ChildSaSession->SpdSelector->RemoteAddress != NULL);
+ FreePool (ChildSaSession->SpdSelector);
+
+ return Status;
+ }
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount;
ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount;
}
+
+ return Status;
}
/**
@@ -1789,7 +1838,9 @@ Ikev2ChildSaSessionCreate ( // Create a new ChildSaSession.Insert it into processing list and initiate the common parameters.
//
ChildSaSession = Ikev2ChildSaSessionAlloc (UdpService, IkeSaSession);
- ASSERT (ChildSaSession != NULL);
+ if (ChildSaSession == NULL) {
+ return NULL;
+ }
//
// Set the specific parameters.
@@ -1810,18 +1861,29 @@ Ikev2ChildSaSessionCreate ( // The ChildSaSession->SpdSelector might be changed after the traffic selector
// negoniation and it will be copied into the SAData after ChildSA established.
//
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);
+ if (EFI_ERROR (Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession))) {
+ Ikev2ChildSaSessionFree (ChildSaSession);
+ return NULL;
+ }
//
// Copy first NiBlock and NrBlock to ChildSa Session
//
ChildSaSession->NiBlock = AllocateZeroPool (IkeSaSession->NiBlkSize);
- ASSERT (ChildSaSession->NiBlock != NULL);
+ if (ChildSaSession->NiBlock == NULL) {
+ Ikev2ChildSaSessionFree (ChildSaSession);
+ return NULL;
+ }
+
ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize;
CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);
ChildSaSession->NrBlock = AllocateZeroPool (IkeSaSession->NrBlkSize);
- ASSERT (ChildSaSession->NrBlock != NULL);
+ if (ChildSaSession->NrBlock == NULL) {
+ Ikev2ChildSaSessionFree (ChildSaSession);
+ return NULL;
+ }
+
ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize;
CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
@@ -2194,7 +2256,10 @@ Ikev2SaParseSaPayload ( // Find the matched one.
//
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
+ if (IkeSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@@ -2209,7 +2274,10 @@ Ikev2SaParseSaPayload ( sizeof (IKEV2_PROPOSAL_DATA) +
sizeof (IKEV2_TRANSFORM_DATA) * 4;
IkeSaSession->SaData = AllocateZeroPool (SaDataSize);
- ASSERT (IkeSaSession->SaData != NULL);
+ if (IkeSaSession->SaData == NULL) {
+ FreePool (IkeSaSession->SessionCommon.SaParams);
+ return FALSE;
+ }
IkeSaSession->SaData->NumProposals = 1;
@@ -2225,6 +2293,7 @@ Ikev2SaParseSaPayload ( );
((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1;
+
return TRUE;
} else {
PreferEncryptAlgorithm = 0;
@@ -2300,7 +2369,10 @@ Ikev2SaParseSaPayload ( if (IsMatch) {
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
+ if (IkeSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@@ -2311,6 +2383,7 @@ Ikev2SaParseSaPayload ( return TRUE;
}
}
+
return FALSE;
}
@@ -2391,7 +2464,10 @@ Ikev2ChildSaParseSaPayload ( // Find the matched one.
//
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
+ if (ChildSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2405,7 +2481,10 @@ Ikev2ChildSaParseSaPayload ( sizeof (IKEV2_TRANSFORM_DATA) * 4;
ChildSaSession->SaData = AllocateZeroPool (SaDataSize);
- ASSERT (ChildSaSession->SaData != NULL);
+ if (ChildSaSession->SaData == NULL) {
+ FreePool (ChildSaSession->SessionCommon.SaParams);
+ return FALSE;
+ }
ChildSaSession->SaData->NumProposals = 1;
@@ -2426,7 +2505,14 @@ Ikev2ChildSaParseSaPayload ( sizeof (ChildSaSession->LocalPeerSpi),
&ChildSaSession->LocalPeerSpi
);
- ASSERT (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi != NULL);
+ if (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi == NULL) {
+ FreePool (ChildSaSession->SessionCommon.SaParams);
+
+ FreePool (ChildSaSession->SaData );
+
+ return FALSE;
+ }
+
return TRUE;
} else {
@@ -2496,7 +2582,10 @@ Ikev2ChildSaParseSaPayload ( ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);
if (IsMatch) {
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
- ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
+ if (ChildSaSession->SessionCommon.SaParams == NULL) {
+ return FALSE;
+ }
+
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2605,7 +2694,11 @@ Ikev2SaGenerateKey ( }
LocalFragments[1].Data = AllocateZeroPool (FragmentsSize);
- ASSERT (LocalFragments[1].Data != NULL);
+ if (LocalFragments[1].Data == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
LocalFragments[1].DataSize = FragmentsSize;
//
@@ -2631,7 +2724,11 @@ Ikev2SaGenerateKey ( // Allocate buffer for the first fragment
//
LocalFragments[0].Data = AllocateZeroPool (AuthKeyLength);
- ASSERT (LocalFragments[0].Data != NULL);
+ if (LocalFragments[0].Data == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Exit;
+ }
+
LocalFragments[0].DataSize = AuthKeyLength;
Round = (OutputKeyLength - 1) / AuthKeyLength + 1;
|