From nobody Sun May 19 14:14:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+58045+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+58045+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1587719650; cv=none; d=zohomail.com; s=zohoarc; b=VAFoxpC0jvGRS9Hwzsu0gHFD7rvXtiGGvfs7JZAib/w19in9zsUX/tMQ8P9EtmwR8Je25drIh/HgjflVapqDWygebpOZYTB7/r37ichnYRGIsUJCaM4o4I13qv2+cw5moh0tMKaebo9nW3YC4jeRo6gKml34+XQZqFPbtTLyE14= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1587719650; h=Cc:Date:From:List-Id:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To; bh=accDmgMU14NTgwoC0RnSN+dzGDN1iTUTNchn/6uc7P8=; b=YWGwgLw/VrZR3FSu/wQi8P/QhnCSUNnyz2ook3fdKexNWaAFuJ1HwJMjkD8mcZmtJZU6DUrV0fXQtLzv9XvLRdTUqBIBhu5uMGkll+VHiIRoHLWnvUAkTFXmOJqC9587iOL54pKIQ4r41zo96WBQKbe2Ugm4riEbWLcOnd4v0Og= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+58045+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1587719650742878.5016503749852; Fri, 24 Apr 2020 02:14:10 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4frZYY1788612xfGW8awy2tT; Fri, 24 Apr 2020 02:14:10 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.2281.1587719649691120827 for ; Fri, 24 Apr 2020 02:14:09 -0700 IronPort-SDR: ODP+KWtd8NUu4eWgj79GgI2P5RQAK5bviWyKK0rBShCZZIPkuArQr4JAL1QVw7FGEaMROG7t1N nfQ7J1UptFvw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2020 02:14:08 -0700 IronPort-SDR: Yzq44xUe/iPRqhFDBQNujWBY1fUXmwTvdSlxrTEH/8brPdtUfMcl9g+HsArK/KjjEZcsSUa4U5 gxAFjXgOORJg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,311,1583222400"; d="scan'208";a="259753386" X-Received: from shenglei-dev.ccr.corp.intel.com ([10.239.158.52]) by orsmga006.jf.intel.com with ESMTP; 24 Apr 2020 02:14:07 -0700 From: "Zhang, Shenglei" To: devel@edk2.groups.io Cc: Maciej Rabeda , Jiaxin Wu , Siyuan Fu Subject: [edk2-devel] [PATCH] NetworkPkg/IScsiDxe: Enhance the check for array boundary Date: Fri, 24 Apr 2020 17:13:56 +0800 Message-Id: <20200424091356.157536-1-shenglei.zhang@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,shenglei.zhang@intel.com X-Gm-Message-State: y2r3OUG8G2ciMYuRb6WAYc1Ex1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1587719650; bh=3GMwSgXSzdYxVYMXzGsPSS80aOl9Iu3eFp0HT2N7dPk=; h=Cc:Date:From:Reply-To:Subject:To; b=n0BciTcdRpSs6x0kjH+6SYnzaIUaTc2lD/AdIgxYPedYbba9TWDG9zlf4eOmB4JNsGA gj079zb9if2mDFVC1u8LeooNA2XYp9YGnJLQSQ2ZhD/OKRLyngAMtUGHvHazRqVJyL0H1 hJehKFNcPspbPzHh+DZdmZ2CJWqdlfrGej0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Array 'TargetUrl' of size 255 may use index value(s) 255 and 256. So enhance the boundary check to ensure the index is valid. Cc: Maciej Rabeda Cc: Jiaxin Wu Cc: Siyuan Fu Signed-off-by: Shenglei Zhang Reviewed-by: Siyuan Fu --- NetworkPkg/IScsiDxe/IScsiDhcp.c | 2 +- NetworkPkg/IScsiDxe/IScsiDhcp6.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiDhcp.c b/NetworkPkg/IScsiDxe/IScsiDhc= p.c index 7ce9bf575012..afa8a86cd419 100644 --- a/NetworkPkg/IScsiDxe/IScsiDhcp.c +++ b/NetworkPkg/IScsiDxe/IScsiDhcp.c @@ -122,7 +122,7 @@ IScsiDhcpExtractRootPath ( // if ((!NET_IS_DIGIT (*(Field->Str))) && (*(Field->Str) !=3D '[')) { ConfigNvData->DnsMode =3D TRUE; - if (Field->Len > sizeof (ConfigNvData->TargetUrl)) { + if ((Field->Len + 2) > sizeof (ConfigNvData->TargetUrl)) { return EFI_INVALID_PARAMETER; } CopyMem (&ConfigNvData->TargetUrl, Field->Str, Field->Len); diff --git a/NetworkPkg/IScsiDxe/IScsiDhcp6.c b/NetworkPkg/IScsiDxe/IScsiDh= cp6.c index 86a872adeccc..691650b7334f 100644 --- a/NetworkPkg/IScsiDxe/IScsiDhcp6.c +++ b/NetworkPkg/IScsiDxe/IScsiDhcp6.c @@ -161,7 +161,7 @@ IScsiDhcp6ExtractRootPath ( // Server name is expressed as domain name, just save it. // if (ConfigNvData->DnsMode) { - if (Field->Len > sizeof (ConfigNvData->TargetUrl)) { + if ((Field->Len + 2) > sizeof (ConfigNvData->TargetUrl)) { return EFI_INVALID_PARAMETER; } CopyMem (&ConfigNvData->TargetUrl, Field->Str, Field->Len); --=20 2.18.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#58045): https://edk2.groups.io/g/devel/message/58045 Mute This Topic: https://groups.io/mt/73237833/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-