From d76a00635f5061a96b6d17c1b68de9d2732fce55 Mon Sep 17 00:00:00 2001 From: Zhang Lubo Date: Mon, 30 Nov 2015 03:22:27 +0000 Subject: NetworkPkg:Fix NULL pointer dereference issues. Revise some errors that some Null pointers may be dereferenced. (Sync patch r18961 from main trunk.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo Reviewed-by: Fu Siyuan Reviewed-by: Ye Ting Reviewed-by: Wu Jiaxin git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2015@19025 6f19259b-4bc3-4df7-8a09-765794883524 --- NetworkPkg/HttpDxe/HttpImpl.c | 18 +++++++++++++-- NetworkPkg/HttpDxe/HttpImpl.h | 1 + NetworkPkg/HttpDxe/HttpProto.c | 52 +++++++++++++++++++----------------------- 3 files changed, 40 insertions(+), 31 deletions(-) (limited to 'NetworkPkg') diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c index ce28f07efa..f26d6f4f3f 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.c +++ b/NetworkPkg/HttpDxe/HttpImpl.c @@ -39,6 +39,7 @@ EFI_HTTP_PROTOCOL mEfiHttpTemplate = { This is NULL. HttpConfigData is NULL. HttpConfigData->AccessPoint is NULL. + @retval EFI_OUT_OF_RESOURCES Could not allocate enough system resources. @retval EFI_NOT_STARTED The HTTP instance is not configured. **/ @@ -70,6 +71,9 @@ EfiHttpGetModeData ( if (HttpInstance->LocalAddressIsIPv6) { Http6AccessPoint = AllocateZeroPool (sizeof (EFI_HTTPv6_ACCESS_POINT)); + if (Http6AccessPoint == NULL) { + return EFI_OUT_OF_RESOURCES; + } CopyMem ( Http6AccessPoint, &HttpInstance->Ipv6Node, @@ -78,6 +82,9 @@ EfiHttpGetModeData ( HttpConfigData->AccessPoint.IPv6Node = Http6AccessPoint; } else { Http4AccessPoint = AllocateZeroPool (sizeof (EFI_HTTPv4_ACCESS_POINT)); + if (Http4AccessPoint == NULL) { + return EFI_OUT_OF_RESOURCES; + } CopyMem ( Http4AccessPoint, &HttpInstance->IPv4Node, @@ -886,6 +893,8 @@ HttpResponseWorker ( goto Error; } + ASSERT (HttpHeaders != NULL); + // // Cache the part of body. // @@ -1288,14 +1297,19 @@ EfiHttpPoll ( HttpInstance = HTTP_INSTANCE_FROM_PROTOCOL (This); ASSERT (HttpInstance != NULL); - if (HttpInstance->State != HTTP_STATE_TCP_CONNECTED || (HttpInstance->Tcp4 == NULL && - HttpInstance->Tcp6 == NULL)) { + if (HttpInstance->State != HTTP_STATE_TCP_CONNECTED) { return EFI_NOT_STARTED; } if (HttpInstance->LocalAddressIsIPv6) { + if (HttpInstance->Tcp6 == NULL) { + return EFI_NOT_STARTED; + } Status = HttpInstance->Tcp6->Poll (HttpInstance->Tcp6); } else { + if (HttpInstance->Tcp4 == NULL) { + return EFI_NOT_STARTED; + } Status = HttpInstance->Tcp4->Poll (HttpInstance->Tcp4); } diff --git a/NetworkPkg/HttpDxe/HttpImpl.h b/NetworkPkg/HttpDxe/HttpImpl.h index 49c8af1b21..afbe982283 100644 --- a/NetworkPkg/HttpDxe/HttpImpl.h +++ b/NetworkPkg/HttpDxe/HttpImpl.h @@ -44,6 +44,7 @@ This is NULL. HttpConfigData is NULL. HttpConfigData->AccessPoint is NULL. + @retval EFI_OUT_OF_RESOURCES Could not allocate enough system resources. @retval EFI_NOT_STARTED The HTTP instance is not configured. **/ diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c index 22aed253cb..d4ab74f009 100644 --- a/NetworkPkg/HttpDxe/HttpProto.c +++ b/NetworkPkg/HttpDxe/HttpProto.c @@ -565,15 +565,14 @@ HttpCloseTcpRxEvent ( EFI_TCP4_IO_TOKEN *Rx4Token; EFI_TCP6_IO_TOKEN *Rx6Token; + ASSERT (Wrap != NULL); HttpInstance = Wrap->HttpInstance; Rx4Token = NULL; Rx6Token = NULL; if (HttpInstance->LocalAddressIsIPv6) { - if (Wrap != NULL) { - if (Wrap->TcpWrap.Rx6Token.CompletionToken.Event != NULL) { - gBS->CloseEvent (Wrap->TcpWrap.Rx6Token.CompletionToken.Event); - } + if (Wrap->TcpWrap.Rx6Token.CompletionToken.Event != NULL) { + gBS->CloseEvent (Wrap->TcpWrap.Rx6Token.CompletionToken.Event); } if (HttpInstance->Rx6Token.CompletionToken.Event != NULL) { @@ -581,10 +580,8 @@ HttpCloseTcpRxEvent ( HttpInstance->Rx6Token.CompletionToken.Event = NULL; } } else { - if (Wrap != NULL) { - if (Wrap->TcpWrap.Rx4Token.CompletionToken.Event != NULL) { - gBS->CloseEvent (Wrap->TcpWrap.Rx4Token.CompletionToken.Event); - } + if (Wrap->TcpWrap.Rx4Token.CompletionToken.Event != NULL) { + gBS->CloseEvent (Wrap->TcpWrap.Rx4Token.CompletionToken.Event); } if (HttpInstance->Rx4Token.CompletionToken.Event != NULL) { @@ -1893,23 +1890,22 @@ HttpTcpTokenCleanup ( EFI_TCP4_IO_TOKEN *Rx4Token; EFI_TCP6_IO_TOKEN *Rx6Token; + ASSERT (Wrap != NULL); HttpInstance = Wrap->HttpInstance; Rx4Token = NULL; Rx6Token = NULL; if (HttpInstance->LocalAddressIsIPv6) { - if (Wrap != NULL) { - if (Wrap->TcpWrap.Rx6Token.CompletionToken.Event != NULL) { - gBS->CloseEvent (Wrap->TcpWrap.Rx6Token.CompletionToken.Event); - } + if (Wrap->TcpWrap.Rx6Token.CompletionToken.Event != NULL) { + gBS->CloseEvent (Wrap->TcpWrap.Rx6Token.CompletionToken.Event); + } - Rx6Token = &Wrap->TcpWrap.Rx6Token; - if (Rx6Token->Packet.RxData->FragmentTable[0].FragmentBuffer != NULL) { - FreePool (Rx6Token->Packet.RxData->FragmentTable[0].FragmentBuffer); - Rx6Token->Packet.RxData->FragmentTable[0].FragmentBuffer = NULL; - } - FreePool (Wrap); + Rx6Token = &Wrap->TcpWrap.Rx6Token; + if (Rx6Token->Packet.RxData->FragmentTable[0].FragmentBuffer != NULL) { + FreePool (Rx6Token->Packet.RxData->FragmentTable[0].FragmentBuffer); + Rx6Token->Packet.RxData->FragmentTable[0].FragmentBuffer = NULL; } + FreePool (Wrap); if (HttpInstance->Rx6Token.CompletionToken.Event != NULL) { gBS->CloseEvent (HttpInstance->Rx6Token.CompletionToken.Event); @@ -1923,18 +1919,16 @@ HttpTcpTokenCleanup ( } } else { - if (Wrap != NULL) { - if (Wrap->TcpWrap.Rx4Token.CompletionToken.Event != NULL) { - gBS->CloseEvent (Wrap->TcpWrap.Rx4Token.CompletionToken.Event); - } - Rx4Token = &Wrap->TcpWrap.Rx4Token; - if (Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer != NULL) { - FreePool (Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer); - Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer = NULL; - } - FreePool (Wrap); + if (Wrap->TcpWrap.Rx4Token.CompletionToken.Event != NULL) { + gBS->CloseEvent (Wrap->TcpWrap.Rx4Token.CompletionToken.Event); } - + Rx4Token = &Wrap->TcpWrap.Rx4Token; + if (Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer != NULL) { + FreePool (Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer); + Rx4Token->Packet.RxData->FragmentTable[0].FragmentBuffer = NULL; + } + FreePool (Wrap); + if (HttpInstance->Rx4Token.CompletionToken.Event != NULL) { gBS->CloseEvent (HttpInstance->Rx4Token.CompletionToken.Event); HttpInstance->Rx4Token.CompletionToken.Event = NULL; -- cgit v1.2.3