From 418373a1cd97abc0c0e3557f7a00105291829e6f Mon Sep 17 00:00:00 2001 From: Jiaxin Wu Date: Fri, 25 Nov 2016 14:14:23 +0800 Subject: MdeModulePkg/NetLib: Handle an invalid IPv6 address case Handle an invalid IPv6 address in NetLibAsciiStrToIp6(), like '2000:aaaa::1com'. Cc: Zhang Lubo Cc: Fu Siyuan Cc: Ye Ting Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Fu Siyuan Reviewed-by: Zhang Lubo --- MdeModulePkg/Include/Library/NetLib.h | 1 + MdeModulePkg/Library/DxeNetLib/DxeNetLib.c | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/MdeModulePkg/Include/Library/NetLib.h b/MdeModulePkg/Include/Library/NetLib.h index 26709af091..09ead09497 100644 --- a/MdeModulePkg/Include/Library/NetLib.h +++ b/MdeModulePkg/Include/Library/NetLib.h @@ -523,6 +523,7 @@ extern IP4_ADDR gIp4AllMasks[IP4_MASK_NUM]; extern EFI_IPv4_ADDRESS mZeroIp4Addr; #define NET_IS_DIGIT(Ch) (('0' <= (Ch)) && ((Ch) <= '9')) +#define NET_IS_HEX(Ch) ((('0' <= (Ch)) && ((Ch) <= '9')) || (('A' <= (Ch)) && ((Ch) <= 'F')) || (('a' <= (Ch)) && ((Ch) <= 'f'))) #define NET_ROUNDUP(size, unit) (((size) + (unit) - 1) & (~((unit) - 1))) #define NET_IS_LOWER_CASE_CHAR(Ch) (('a' <= (Ch)) && ((Ch) <= 'z')) #define NET_IS_UPPER_CASE_CHAR(Ch) (('A' <= (Ch)) && ((Ch) <= 'Z')) diff --git a/MdeModulePkg/Library/DxeNetLib/DxeNetLib.c b/MdeModulePkg/Library/DxeNetLib/DxeNetLib.c index 0804052fac..0a7117cf9d 100644 --- a/MdeModulePkg/Library/DxeNetLib/DxeNetLib.c +++ b/MdeModulePkg/Library/DxeNetLib/DxeNetLib.c @@ -2832,6 +2832,17 @@ NetLibAsciiStrToIp6 ( TempStr = Ip6Str; while ((*Ip6Str != '\0') && (*Ip6Str != ':')) { + if (Index != 14 && !NET_IS_HEX (*Ip6Str)) { + return EFI_INVALID_PARAMETER; + } + + // + // Allow the IPv6 with prefix case, e.g. 2000:aaaa::10/24 + // + if (Index == 14 && !NET_IS_HEX (*Ip6Str) && *Ip6Str != '/') { + return EFI_INVALID_PARAMETER; + } + Ip6Str++; } -- cgit v1.2.3