From nobody Sun May 19 05:50:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+97925+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97925+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1672822834; cv=none; d=zohomail.com; s=zohoarc; b=kJOE/GrqmfQc5mAYFP718rnLLCk5MzFvQGPZ/oWFMylDcH7vp1x1Epsrp2lNYg816Yn34GD8HkGNRrr/kF3qEy06nCqnFiHHy3rhehkR5nI/TYcl5NuubNV/el1Jvg0ptHu3MABGy6BveIZBk+MiV/5IQ9MnfMm3s+rIHDsd0fc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1672822834; h=Content-Type:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=zYsgtNg2k96o1bR9n54r6wgRE9UBqUtDDofaO9HOFFw=; b=IjCttfE/fP0iRfrXP+FASYDHZQSor3ZtvXlcB0YSgvM0MMhiYlW3Br0s4/hsXoRcwxkHr7KfKnP0mg02QDlEnlZyDR3YF35T/jjAu6qzP+nfmrtnu9zTztR6Oo1V/O5D9Ry5w5K7K27U+iS6qvxUjnvJtyjqUyyUx84HVmAsXWg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+97925+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1672822834283962.6689431746487; Wed, 4 Jan 2023 01:00:34 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8AT2YY1788612xcXuGzORuLQ; Wed, 04 Jan 2023 01:00:34 -0800 Subject: [edk2-devel] [PATCH] NetworkPkg/Dhcp6Dxe: Fix FORWARD_NULL Coverity issue To: devel@edk2.groups.io From: "Ranbir Singh via groups.io" X-Originating-Location: Bengaluru, Karnataka, IN (122.172.85.38) X-Originating-Platform: Windows Chrome 108 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Wed, 04 Jan 2023 01:00:33 -0800 Message-ID: Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,Ranbir.Singh3@Dell.com X-Gm-Message-State: nNJf3VfdO2uMAiO4VOWpcnRIx1787277AA= Content-Type: multipart/alternative; boundary="He0IO25CqVxbhhHiZpLN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1672822834; bh=nhK83hxfOM3J6UYcGRggfgLak6LocOMT3ZV5AenaMQE=; h=Content-Type:Date:From:Reply-To:Subject:To; b=fJxRbVOojUrQ5/2YU+HW2ObRzc5/YZMC+KIy6Sy+nXLA6y1YczGVOBN4tDtIdm3Zm4R nEED5bSP4irYEAzTqfuQXzwFjFeYVj4LOq2e+tYUy/fkcWZ7F1JJ7lCOFGZ5THVLHa3Xu 6fdYudEtVCYmjBjaIIPwrP4ZgGWmSxem1yk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1672822836448100002 --He0IO25CqVxbhhHiZpLN Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 The function Dhcp6HandleStateful checks if (Instance->Config =3D=3D NULL) { goto ON_CONTINUE; } At label ON_CONTINUE, UdpIoRecvDatagram function is called and if for whatever reasons its return value is not EFI_SUCCESS, then the check if (EFI_ERROR (Status)) at label ON_EXIT passes leading to invokation of Dhcp6CleanupSession function in which ASSERT (Instance->Config); will get hit in DEBUG mode and in RELEASE mode, the code continues to dereference Instance->Config in the check if (Instance->Config->IaInfoEvent !=3D NULL) { which will lead to CRASH as Instance->Config is NULL. Hence, for safety add Instance->Config NULL pointer check before calling Dhcp6CleanupSession. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4223 Signed-off-by: Ranbir Singh --- NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c index dcd01e6268..2c924d373f 100644 --- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c +++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c @@ -2636,7 +2636,7 @@ ON_CONTINUE: 0 ); ON_EXIT: -=C2=A0 if (EFI_ERROR (Status)) { +=C2=A0 if (EFI_ERROR (Status) && (Instance->Config !=3D NULL)) { Dhcp6CleanupSession (Instance, Status); } } -- 2.36.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97925): https://edk2.groups.io/g/devel/message/97925 Mute This Topic: https://groups.io/mt/96046909/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --He0IO25CqVxbhhHiZpLN Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable
The function Dhcp6HandleStateful checks
 
  if (Instance->Config =3D=3D NULL) {
    goto ON_CONTINUE;
  }
 
At label ON_CONTINUE, UdpIoRecvDatagram function is called and if for<= /div>
whatever reasons its return value is not EFI_SUCCESS, then the check
if (EFI_ERROR (Status)) at label ON_EXIT passes leading to invokation<= /div>
of Dhcp6CleanupSession function in which
 
  ASSERT (Instance->Config);
 
will get hit in DEBUG mode and in RELEASE mode, the code continues to<= /div>
dereference Instance->Config in the check
 
  if (Instance->Config->IaInfoEvent !=3D NULL) {
 
which will lead to CRASH as Instance->Config is NULL.
 
Hence, for safety add Instance->Config NULL pointer check before
calling Dhcp6CleanupSession.
 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4223
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
---
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6= Io.c
index dcd01e6268..2c924d373f 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
@@ -2636,7 +2636,7 @@ ON_CONTINUE:
              0
              );
 ON_EXIT:
-  if (EFI_ERROR (Status)) {
+  if (EFI_ERROR (Status) && (Instance->Config !=3D NU= LL)) {
     Dhcp6CleanupSession (Instance, Status);
   }
 }
--
2.36.1.windows.1
_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

= View/Reply Online (#97925) | =20 | Mute = This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [importer@patchew.org]

_._,_._,_
--He0IO25CqVxbhhHiZpLN--