From 754840385799645d6be1b589d8e3933471f7cb8a Mon Sep 17 00:00:00 2001 From: Jiaxin Wu Date: Fri, 11 Dec 2015 07:32:28 +0000 Subject: NetworkPkg: Fix the potential NULL pointer dereferenced issue This patch is used to fix the potential NULL pointer dereferenced in function 'ParseDnsResponse'. (Sync patch r19178 from main trunk.) Cc: Fu Siyuan Cc: Zhang Lubo Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu Reviewed-by: Zhang Lubo Reviewed-by: Fu Siyuan git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19220 6f19259b-4bc3-4df7-8a09-765794883524 --- NetworkPkg/DnsDxe/DnsImpl.c | 59 +++++++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 18 deletions(-) (limited to 'NetworkPkg') diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c index 42d51f0ed7..4f7320e403 100644 --- a/NetworkPkg/DnsDxe/DnsImpl.c +++ b/NetworkPkg/DnsDxe/DnsImpl.c @@ -1199,19 +1199,28 @@ ParseDnsResponse ( // // Check the Query type, do some buffer allocations. // - if (QuerySection->Type == DNS_TYPE_A) { - Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA)); - ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL); - Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS)); - ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL); - } else if (QuerySection->Type == DNS_TYPE_AAAA) { - Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA)); - ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL); - Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS)); - ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL); + if (Instance->Service->IpVersion == IP_VERSION_4) { + ASSERT (Dns4TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_A) { + Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA)); + ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL); + Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS)); + ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL); + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } } else { - Status = EFI_UNSUPPORTED; - goto ON_EXIT; + ASSERT (Dns6TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_AAAA) { + Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA)); + ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL); + Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS)); + ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL); + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } } // @@ -1240,7 +1249,7 @@ ParseDnsResponse ( // // This is address entry, get Data. // - ASSERT (AnswerSection->DataLength == 4); + ASSERT (Dns4TokenEntry != NULL && AnswerSection->DataLength == 4); HostAddr4 = Dns4TokenEntry->Token->RspData.H2AData->IpList; AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection); @@ -1282,7 +1291,7 @@ ParseDnsResponse ( // // This is address entry, get Data. // - ASSERT (AnswerSection->DataLength == 16); + ASSERT (Dns6TokenEntry != NULL && AnswerSection->DataLength == 16); HostAddr6 = Dns6TokenEntry->Token->RspData.H2AData->IpList; AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection); @@ -1333,16 +1342,29 @@ ParseDnsResponse ( AnswerSectionNum ++; } - if (QuerySection->Type == DNS_TYPE_A) { - Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount; - } else if (QuerySection->Type == DNS_TYPE_AAAA) { - Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount; + if (Instance->Service->IpVersion == IP_VERSION_4) { + ASSERT (Dns4TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_A) { + Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount; + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } + } else { + ASSERT (Dns6TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_AAAA) { + Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount; + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } } // // Parsing is complete, SignalEvent here. // if (Instance->Service->IpVersion == IP_VERSION_4) { + ASSERT (Dns4TokenEntry != NULL); Dns4RemoveTokenEntry (&Instance->Dns4TxTokens, Dns4TokenEntry); Dns4TokenEntry->Token->Status = EFI_SUCCESS; if (Dns4TokenEntry->Token->Event != NULL) { @@ -1350,6 +1372,7 @@ ParseDnsResponse ( DispatchDpc (); } } else { + ASSERT (Dns6TokenEntry != NULL); Dns6RemoveTokenEntry (&Instance->Dns6TxTokens, Dns6TokenEntry); Dns6TokenEntry->Token->Status = EFI_SUCCESS; if (Dns6TokenEntry->Token->Event != NULL) { -- cgit v1.2.3