.../WifiConnectionMgrImpl.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)
FIX: https://bugzilla.tianocore.org/show_bug.cgi?id=4477
Tls connection fail over WiFi in AMT OCR flow due to invalid identity.
This was due to missing conversion between unicode and ascii
string which resulted in invalid strlen.
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Signed-off-by: Yi Li <yi1.li@intel.com>
---
.../WifiConnectionMgrImpl.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
index 2e596c1981..e1430251c8 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
@@ -572,7 +572,14 @@ WifiMgrConfigEap (
// Set Identity to Eap peer, Mandatory field for PEAP and TTLS
//
if (StrLen (Profile->EapIdentity) > 0) {
- IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1);
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
+ /* Max size of EapIdentity ::= sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::= 2 * EAP_IDENTITY_SIZE */
+ IdentitySize = sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile->EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1);
+ } else {
+ IdentitySize = sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1);
+ }
+
Identity = AllocateZeroPool (IdentitySize);
if (Identity == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -580,7 +587,10 @@ WifiMgrConfigEap (
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
if (!EFI_ERROR (Status)) {
- CopyMem (Identity, &Profile->EapIdentity, IdentitySize);
+ /* The size of Identity from Username may equal
+ to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=128 bytes),
+ so here only valid characters except NULL characters are copied. */
+ CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1);
} else {
UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize);
}
--
2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105691): https://edk2.groups.io/g/devel/message/105691
Mute This Topic: https://groups.io/mt/99335243/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-Hey Yi,
Review the below changes.
The protocol has changes since ADL from PlatSapmle to an advanced feature and the Protocol has shifted into EDK2, so the protocol name needs to be updated:
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
The locate protocol status check is enough and we do not need to add the NULL check too, we can remove that to keep it lighter.
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
Can we clean up the second locate protocol and bring the Identity allocate above the protocol check, and bring the two conditions for EapIdentity copied to Identity into the added protocol check condition.
Here is a view of what I am thinking for consolidation.
//
// Set Identity to Eap peer, Mandatory field for PEAP and TTLS
//
if (StrLen (Profile->EapIdentity) > 0) {
- IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1);
Identity = AllocateZeroPool (IdentitySize);
if (Identity == NULL) {
return EFI_OUT_OF_RESOURCES;
}
+ Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
if (!EFI_ERROR (Status)) {
+ // Max size of EapIdentity ::= sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::= 2 * EAP_IDENTITY_SIZE
+ IdentitySize = sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile->EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1);
+ //
+ // The size of Identity from Username may equal
+ // to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=128 bytes),
+ // so here only valid characters except NULL characters are copied.
+ //
+ CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1);
} else {
+ IdentitySize = sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1);
UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize);
}
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li, Yi
Sent: Sunday, June 4, 2023 11:30 PM
To: devel@edk2.groups.io
Cc: Li, Yi1 <yi1.li@intel.com>; Maciej Rabeda <maciej.rabeda@linux.intel.com>; Siyuan Fu <siyuan.fu@intel.com>
Subject: [edk2-devel] [PATCH] NetworkPkg: Correct the length of EAP Identity when in ASCII format
FIX: https://bugzilla.tianocore.org/show_bug.cgi?id=4477
Tls connection fail over WiFi in AMT OCR flow due to invalid identity.
This was due to missing conversion between unicode and ascii string which resulted in invalid strlen.
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com<mailto:maciej.rabeda@linux.intel.com>>
Cc: Siyuan Fu <siyuan.fu@intel.com<mailto:siyuan.fu@intel.com>>
Signed-off-by: Yi Li <yi1.li@intel.com<mailto:yi1.li@intel.com>>
---
.../WifiConnectionMgrImpl.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
index 2e596c1981..e1430251c8 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
@@ -572,7 +572,14 @@ WifiMgrConfigEap (
// Set Identity to Eap peer, Mandatory field for PEAP and TTLS
//
if (StrLen (Profile->EapIdentity) > 0) {
- IdentitySize = sizeof (CHAR8) * (StrLen (Profile->EapIdentity) + 1);
+ Status = gBS->LocateProtocol (&gWiFiProfileSyncProtocolGuid, NULL, (VOID **) &WiFiProfileSyncProtocol);
+ if (!EFI_ERROR (Status) && WiFiProfileSyncProtocol != NULL) {
+ /* Max size of EapIdentity ::= sizeof (CHAR16) * sizeof (Profile->EapIdentity) ::= 2 * EAP_IDENTITY_SIZE */
+ IdentitySize = sizeof (CHAR8) * (AsciiStrnLenS ((CHAR8 *) Profile->EapIdentity, sizeof (CHAR16) * sizeof (Profile->EapIdentity)) + 1);
+ } else {
+ IdentitySize = sizeof (CHAR8) * (StrLen(Profile->EapIdentity) + 1);
+ }
+
Identity = AllocateZeroPool (IdentitySize);
if (Identity == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -580,7 +587,10 @@ WifiMgrConfigEap (
Status = gBS->LocateProtocol (&gEdkiiWiFiProfileSyncProtocolGuid, NULL, (VOID **)&WiFiProfileSyncProtocol);
if (!EFI_ERROR (Status)) {
- CopyMem (Identity, &Profile->EapIdentity, IdentitySize);
+ /* The size of Identity from Username may equal
+ to the max size of EapIdentity(EAP_IDENTITY_SIZE*2=128 bytes),
+ so here only valid characters except NULL characters are copied. */
+ CopyMem (Identity, &Profile->EapIdentity, IdentitySize - 1);
} else {
UnicodeStrToAsciiStrS (Profile->EapIdentity, Identity, IdentitySize);
}
--
2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106153): https://edk2.groups.io/g/devel/message/106153
Mute This Topic: https://groups.io/mt/99335243/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.