From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76199+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76199+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154389; cv=none; d=zohomail.com; s=zohoarc; b=czf25z5mDR/ohUsQ1yOD0ps5q9kguHQoCF+zj0O3oI40iEbkgjS3takOC8tB7EPQxO+h7ZzdlNrFe3RF2dfPAsNzGi60l4MTqWGrshbyi25Db8wevP2lvvyN70BR5PUD9q0KnYmfvnij3INSC0JM07c543ZTH7tZSKAA1fmY2xA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154389; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YycfVKlDISV2q+AleVSKL8M7Vl1RavsC+bP5rNI54JY=; b=R6WKoNaRUowVUh+FP4024f1SRj8lQe/RBe2S53gi5Nxqt3FxXIACXTdBA8GoaGN49ymGSSPoslcJ9mXpxyn+Sh7QfZuf7f7Y85DgaFKnoLUlUSo/koIdnZ7bbbPD+ldvs9DtpYHeextRrZHb6NbMO96bmMPV7WxHaW86zFQ0rtM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76199+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154389832574.5375725612643; Tue, 8 Jun 2021 05:13:09 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xJCUYY1788612x4pbOJUHGAf; Tue, 08 Jun 2021 05:13:09 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.11403.1623154388095847461 for ; Tue, 08 Jun 2021 05:13:08 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-240-a_2uocLcONqwVF9F83sqFg-1; Tue, 08 Jun 2021 08:13:04 -0400 X-MC-Unique: a_2uocLcONqwVF9F83sqFg-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9D22D106BAA8; Tue, 8 Jun 2021 12:13:03 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 39CA5620DE; Tue, 8 Jun 2021 12:13:02 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters Date: Tue, 8 Jun 2021 14:12:50 +0200 Message-Id: <20210608121259.32451-2-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: kx02PuwPRcjfYFPL9AYGn6mXx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154389; bh=YycfVKlDISV2q+AleVSKL8M7Vl1RavsC+bP5rNI54JY=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=MwLPODOTPEwd79q1mrG2PbXM8UXqQtYL0q5uFXLFYwgCOjmNzyKjlNJmiK7a34cKvEc u1tbnvOPxxfwd1gAOlCsqlcKMhr/w82uHXlDK2svzterI7/a4yUjfz+XFFDAEspfgpsRN Qzcx1MhaZxwnpd+WMF+ucpqzjdGgBbP7zq4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Working with overlong lines is difficult for me; rewrap the CHAP-related source files in IScsiDxe to 80 characters width. No functional changes. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- NetworkPkg/IScsiDxe/IScsiCHAP.h | 3 +- NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++----- 2 files changed, 71 insertions(+), 22 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHA= P.h index 140bba0dcd76..5e59fb678bd7 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -72,31 +72,32 @@ typedef struct _ISCSI_CHAP_AUTH_DATA { =20 @retval EFI_SUCCESS The Login Response passed the CHAP validati= on. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. @retval Others Other errors as indicated. =20 **/ EFI_STATUS IScsiCHAPOnRspReceived ( IN ISCSI_CONNECTION *Conn ); /** This function fills the CHAP authentication information into the login P= DU during the security negotiation stage in the iSCSI connection login. =20 @param[in] Conn The iSCSI connection. @param[in, out] Pdu The PDU to send out. =20 @retval EFI_SUCCESS All check passed and the phase-related CHAP - authentication info is filled into the iSC= SI PDU. + authentication info is filled into the iSC= SI + PDU. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. =20 **/ EFI_STATUS IScsiCHAPToSendReq ( IN ISCSI_CONNECTION *Conn, IN OUT NET_BUF *Pdu ); =20 #endif diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHA= P.c index 355c6f129f68..cbbc56ae5b43 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -1,42 +1,45 @@ /** @file - This file is for Challenge-Handshake Authentication Protocol (CHAP) Conf= iguration. + This file is for Challenge-Handshake Authentication Protocol (CHAP) + Configuration. =20 Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 #include "IScsiImpl.h" =20 /** Initiator calculates its own expected hash value. =20 @param[in] ChapIdentifier iSCSI CHAP identifier sent by authentica= tor. @param[in] ChapSecret iSCSI CHAP secret of the authenticator. @param[in] SecretLength The length of iSCSI CHAP secret. @param[in] ChapChallenge The challenge message sent by authentica= tor. @param[in] ChallengeLength The length of iSCSI CHAP challenge messa= ge. @param[out] ChapResponse The calculation of the expected hash val= ue. =20 - @retval EFI_SUCCESS The expected hash value was calculatedly= successfully. - @retval EFI_PROTOCOL_ERROR The length of the secret should be at le= ast the - length of the hash value for the hashing= algorithm chosen. + @retval EFI_SUCCESS The expected hash value was calculatedly + successfully. + @retval EFI_PROTOCOL_ERROR The length of the secret should be at le= ast + the length of the hash value for the has= hing + algorithm chosen. @retval EFI_PROTOCOL_ERROR MD5 hash operation fail. @retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD= 5. =20 **/ EFI_STATUS IScsiCHAPCalculateResponse ( IN UINT32 ChapIdentifier, IN CHAR8 *ChapSecret, IN UINT32 SecretLength, IN UINT8 *ChapChallenge, IN UINT32 ChallengeLength, OUT UINT8 *ChapResponse ) { UINTN Md5ContextSize; VOID *Md5Ctx; CHAR8 IdByte[1]; EFI_STATUS Status; =20 @@ -78,40 +81,42 @@ IScsiCHAPCalculateResponse ( goto Exit; } =20 if (Md5Final (Md5Ctx, ChapResponse)) { Status =3D EFI_SUCCESS; } =20 Exit: FreePool (Md5Ctx); return Status; } =20 /** The initiator checks the CHAP response replied by target against its own calculation of the expected hash value. =20 @param[in] AuthData iSCSI CHAP authentication data. @param[in] TargetResponse The response from target. =20 - @retval EFI_SUCCESS The response from target passed authen= tication. - @retval EFI_SECURITY_VIOLATION The response from target was not expec= ted value. + @retval EFI_SUCCESS The response from target passed + authentication. + @retval EFI_SECURITY_VIOLATION The response from target was not expec= ted + value. @retval Others Other errors as indicated. =20 **/ EFI_STATUS IScsiCHAPAuthTarget ( IN ISCSI_CHAP_AUTH_DATA *AuthData, IN UINT8 *TargetResponse ) { EFI_STATUS Status; UINT32 SecretSize; UINT8 VerifyRsp[ISCSI_CHAP_RSP_LEN]; =20 Status =3D EFI_SUCCESS; =20 SecretSize =3D (UINT32) AsciiStrLen (AuthData->AuthConfig->ReverseCHAPS= ecret); Status =3D IScsiCHAPCalculateResponse ( AuthData->OutIdentifier, AuthData->AuthConfig->ReverseCHAPSecret, @@ -177,187 +182,211 @@ IScsiCHAPOnRspReceived ( // NetbufQueCopy (&Conn->RspQue, 0, Len, Data); =20 // // Build the key-value list from the data segment of the Login Response. // KeyValueList =3D IScsiBuildKeyValueList ((CHAR8 *) Data, Len); if (KeyValueList =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto ON_EXIT; } =20 Status =3D EFI_PROTOCOL_ERROR; =20 switch (Conn->AuthStep) { case ISCSI_AUTH_INITIAL: // // The first Login Response. // - Value =3D IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_P= ORTAL_GROUP_TAG); + Value =3D IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_TARGET_PORTAL_GROUP_TAG + ); if (Value =3D=3D NULL) { goto ON_EXIT; } =20 Result =3D IScsiNetNtoi (Value); if (Result > 0xFFFF) { goto ON_EXIT; } =20 Session->TargetPortalGroupTag =3D (UINT16) Result; =20 - Value =3D IScsiGetValueByKeyFromList (KeyValue= List, ISCSI_KEY_AUTH_METHOD); + Value =3D IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_AUTH_METHOD + ); if (Value =3D=3D NULL) { goto ON_EXIT; } // - // Initiator mandates CHAP authentication but target replies without "= CHAP", or - // initiator suggets "None" but target replies with some kind of auth = method. + // Initiator mandates CHAP authentication but target replies without + // "CHAP", or initiator suggets "None" but target replies with some ki= nd of + // auth method. // if (Session->AuthType =3D=3D ISCSI_AUTH_TYPE_NONE) { if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) !=3D 0) { goto ON_EXIT; } } else if (Session->AuthType =3D=3D ISCSI_AUTH_TYPE_CHAP) { if (AsciiStrCmp (Value, ISCSI_AUTH_METHOD_CHAP) !=3D 0) { goto ON_EXIT; } } else { goto ON_EXIT; } =20 // // Transit to CHAP step one. // Conn->AuthStep =3D ISCSI_CHAP_STEP_ONE; Status =3D EFI_SUCCESS; break; =20 case ISCSI_CHAP_STEP_TWO: // // The Target replies with CHAP_A=3D CHAP_I=3D CHAP_C=3D // - Value =3D IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALG= ORITHM); + Value =3D IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_ALGORITHM + ); if (Value =3D=3D NULL) { goto ON_EXIT; } =20 Algorithm =3D IScsiNetNtoi (Value); if (Algorithm !=3D ISCSI_CHAP_ALGORITHM_MD5) { // // Unsupported algorithm is chosen by target. // goto ON_EXIT; } =20 - Identifier =3D IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHA= P_IDENTIFIER); + Identifier =3D IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_IDENTIFIER + ); if (Identifier =3D=3D NULL) { goto ON_EXIT; } =20 - Challenge =3D IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP= _CHALLENGE); + Challenge =3D IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_CHALLENGE + ); if (Challenge =3D=3D NULL) { goto ON_EXIT; } // // Process the CHAP identifier and CHAP Challenge from Target. // Calculate Response value. // Result =3D IScsiNetNtoi (Identifier); if (Result > 0xFF) { goto ON_EXIT; } =20 AuthData->InIdentifier =3D (UINT32) Result; AuthData->InChallengeLength =3D ISCSI_CHAP_AUTH_MAX_LEN; - IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallenge= Length, Challenge); + IScsiHexToBin ( + (UINT8 *) AuthData->InChallenge, + &AuthData->InChallengeLength, + Challenge + ); Status =3D IScsiCHAPCalculateResponse ( AuthData->InIdentifier, AuthData->AuthConfig->CHAPSecret, (UINT32) AsciiStrLen (AuthData->AuthConfig->CHAPSecret), AuthData->InChallenge, AuthData->InChallengeLength, AuthData->CHAPResponse ); =20 // // Transit to next step. // Conn->AuthStep =3D ISCSI_CHAP_STEP_THREE; break; =20 case ISCSI_CHAP_STEP_THREE: // // One way CHAP authentication and the target would like to // authenticate us. // Status =3D EFI_SUCCESS; break; =20 case ISCSI_CHAP_STEP_FOUR: ASSERT (AuthData->AuthConfig->CHAPType =3D=3D ISCSI_CHAP_MUTUAL); // // The forth step, CHAP_N=3D CHAP_R=3D is received from Target. // Name =3D IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_NAME= ); if (Name =3D=3D NULL) { goto ON_EXIT; } =20 - Response =3D IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_= RESPONSE); + Response =3D IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_RESPONSE + ); if (Response =3D=3D NULL) { goto ON_EXIT; } =20 RspLen =3D ISCSI_CHAP_RSP_LEN; IScsiHexToBin (TargetRsp, &RspLen, Response); =20 // // Check the CHAP Name and Response replied by Target. // Status =3D IScsiCHAPAuthTarget (AuthData, TargetRsp); break; =20 default: break; } =20 ON_EXIT: =20 if (KeyValueList !=3D NULL) { IScsiFreeKeyValueList (KeyValueList); } =20 FreePool (Data); =20 return Status; } =20 =20 /** This function fills the CHAP authentication information into the login P= DU during the security negotiation stage in the iSCSI connection login. =20 @param[in] Conn The iSCSI connection. @param[in, out] Pdu The PDU to send out. =20 @retval EFI_SUCCESS All check passed and the phase-related CHAP - authentication info is filled into the iSC= SI PDU. + authentication info is filled into the iSC= SI + PDU. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. =20 **/ EFI_STATUS IScsiCHAPToSendReq ( IN ISCSI_CONNECTION *Conn, IN OUT NET_BUF *Pdu ) { EFI_STATUS Status; ISCSI_SESSION *Session; ISCSI_LOGIN_REQUEST *LoginReq; ISCSI_CHAP_AUTH_DATA *AuthData; CHAR8 *Value; CHAR8 ValueStr[256]; CHAR8 *Response; UINT32 RspLen; CHAR8 *Challenge; @@ -376,95 +405,114 @@ IScsiCHAPToSendReq ( RspLen =3D 2 * ISCSI_CHAP_RSP_LEN + 3; Response =3D AllocateZeroPool (RspLen); if (Response =3D=3D NULL) { return EFI_OUT_OF_RESOURCES; } =20 ChallengeLen =3D 2 * ISCSI_CHAP_RSP_LEN + 3; Challenge =3D AllocateZeroPool (ChallengeLen); if (Challenge =3D=3D NULL) { FreePool (Response); return EFI_OUT_OF_RESOURCES; } =20 switch (Conn->AuthStep) { case ISCSI_AUTH_INITIAL: // // It's the initial Login Request. Fill in the key=3Dvalue pairs manda= tory // for the initial Login Request. // - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->Initiat= orName); + IScsiAddKeyValuePair ( + Pdu, + ISCSI_KEY_INITIATOR_NAME, + mPrivate->InitiatorName + ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal"); IScsiAddKeyValuePair ( Pdu, ISCSI_KEY_TARGET_NAME, Session->ConfigData->SessionConfigData.TargetName ); =20 if (Session->AuthType =3D=3D ISCSI_AUTH_TYPE_NONE) { Value =3D ISCSI_KEY_VALUE_NONE; ISCSI_SET_FLAG (LoginReq, ISCSI_LOGIN_REQ_PDU_FLAG_TRANSIT); } else { Value =3D ISCSI_AUTH_METHOD_CHAP; } =20 IScsiAddKeyValuePair (Pdu, ISCSI_KEY_AUTH_METHOD, Value); =20 break; =20 case ISCSI_CHAP_STEP_ONE: // - // First step, send the Login Request with CHAP_A=3D key-val= ue pair. + // First step, send the Login Request with CHAP_A=3D key-val= ue + // pair. // AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_M= D5); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr); =20 Conn->AuthStep =3D ISCSI_CHAP_STEP_TWO; break; =20 case ISCSI_CHAP_STEP_THREE: // // Third step, send the Login Request with CHAP_N=3D CHAP_R=3D or // CHAP_N=3D CHAP_R=3D CHAP_I=3D CHAP_C=3D if target authe= ntication is // required too. // // CHAP_N=3D // - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->A= uthConfig->CHAPName); + IScsiAddKeyValuePair ( + Pdu, + ISCSI_KEY_CHAP_NAME, + (CHAR8 *) &AuthData->AuthConfig->CHAPName + ); // // CHAP_R=3D // - IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, R= esponse, &RspLen); + IScsiBinToHex ( + (UINT8 *) AuthData->CHAPResponse, + ISCSI_CHAP_RSP_LEN, + Response, + &RspLen + ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); =20 if (AuthData->AuthConfig->CHAPType =3D=3D ISCSI_CHAP_MUTUAL) { // // CHAP_I=3D // IScsiGenRandom ((UINT8 *) &AuthData->OutIdentifier, 1); AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentif= ier); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr); // // CHAP_C=3D // IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN= ); AuthData->OutChallengeLength =3D ISCSI_CHAP_RSP_LEN; - IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN,= Challenge, &ChallengeLen); + IScsiBinToHex ( + (UINT8 *) AuthData->OutChallenge, + ISCSI_CHAP_RSP_LEN, + Challenge, + &ChallengeLen + ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); =20 Conn->AuthStep =3D ISCSI_CHAP_STEP_FOUR; } // // Set the stage transition flag. // ISCSI_SET_FLAG (LoginReq, ISCSI_LOGIN_REQ_PDU_FLAG_TRANSIT); break; =20 default: Status =3D EFI_PROTOCOL_ERROR; break; } =20 FreePool (Response); FreePool (Challenge); =20 return Status; --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76199): https://edk2.groups.io/g/devel/message/76199 Mute This Topic: https://groups.io/mt/83394107/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76200+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76200+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154394; cv=none; d=zohomail.com; s=zohoarc; b=GuGMb0QOBX/5bLtstiAUd8xshoGr6ield7WTFsdQGXufwtNtIxfs16m2lJmR44aLfg2udbmq2rCzHelm9zHAaYc2dAc3Rz+qfAqzP78BoaC19ddpzlIG08UVbMDVxor3Tll1cOEc1u4Mim8rf3fP1dp1hTMuoYw5KCd9hdKj0o0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154394; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=n/kzYdIRz/CT4ClyXKRlUN6k5zSE46r8bb6njuG969g=; b=MdCgYFf9Bnh8MRwMPdYk170lNI/ZzyXzV7i4bE0IBYxejQkochabtmp2PYftHJ+WEXIzxQn6gzza33uILIovomafOKufW2NWsVMrSJ88odsUkQ3D1NjreGx1gRB8/zbBb0PljaMIz1SAmNFzlYa4KIZazZs/1OHYcDG3keIYhCU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76200+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16231543948581002.5282240471261; Tue, 8 Jun 2021 05:13:14 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ZcGBYY1788612xt1gwf58kOP; Tue, 08 Jun 2021 05:13:14 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web08.11304.1623154388421637847 for ; Tue, 08 Jun 2021 05:13:08 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-338-0v7XXF6IMviM9L0Bo1arMA-1; Tue, 08 Jun 2021 08:13:06 -0400 X-MC-Unique: 0v7XXF6IMviM9L0Bo1arMA-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 37BC5106BAAC; Tue, 8 Jun 2021 12:13:05 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id ED48D620DE; Tue, 8 Jun 2021 12:13:03 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 02/10] NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size Date: Tue, 8 Jun 2021 14:12:51 +0200 Message-Id: <20210608121259.32451-3-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: P7eVGHPakOW8uMEX4OMECVUBx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154394; bh=n/kzYdIRz/CT4ClyXKRlUN6k5zSE46r8bb6njuG969g=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=stnFz6iqdJpVPHhpkF1+8m8PRhgM/WlNMHMxeuQ4HewhyG625+/Dh3BKURBLmO17W31 DsUVVxi4BxaOmtZQlxnT3ALUXDSutLs5DiEVrz/oPw5FHGvQBjvISqOxKPKqDpogxYtHn DBzVPHlFWREd7ghFc4/t8WNMbyGhcum6YkA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The ISCSI_CHAP_AUTH_MAX_LEN macro is defined with value 1024. The usage of this macro currently involves a semantic (not functional) bug, which we're going to fix in a subsequent patch, eliminating ISCSI_CHAP_AUTH_MAX_LEN altogether. For now, remove the macro's usage from all "ISCSI_CHAP_AUTH_DATA.InChallenge" contexts. This is doable without duplicating open-coded constants. No changes in functionality. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Maciej Rabeda --- NetworkPkg/IScsiDxe/IScsiCHAP.h | 2 +- NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHA= P.h index 5e59fb678bd7..1fc1d96ea3f3 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -33,39 +33,39 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #pragma pack(1) =20 typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { UINT8 CHAPType; CHAR8 CHAPName[ISCSI_CHAP_NAME_STORAGE]; CHAR8 CHAPSecret[ISCSI_CHAP_SECRET_STORAGE]; CHAR8 ReverseCHAPName[ISCSI_CHAP_NAME_STORAGE]; CHAR8 ReverseCHAPSecret[ISCSI_CHAP_SECRET_STORAGE]; } ISCSI_CHAP_AUTH_CONFIG_NVDATA; =20 #pragma pack() =20 /// /// ISCSI CHAP Authentication Data /// typedef struct _ISCSI_CHAP_AUTH_DATA { ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; UINT32 InIdentifier; - UINT8 InChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; + UINT8 InChallenge[1024]; UINT32 InChallengeLength; // // Calculated CHAP Response (CHAP_R) value. // UINT8 CHAPResponse[ISCSI_CHAP_RSP_LEN]; =20 // // Auth-data to be sent out for mutual authentication. // UINT32 OutIdentifier; UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; UINT32 OutChallengeLength; } ISCSI_CHAP_AUTH_DATA; =20 /** This function checks the received iSCSI Login Response during the securi= ty negotiation stage. =20 @param[in] Conn The iSCSI connection. diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHA= P.c index cbbc56ae5b43..df3c2eb1200a 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -273,39 +273,39 @@ IScsiCHAPOnRspReceived ( } =20 Challenge =3D IScsiGetValueByKeyFromList ( KeyValueList, ISCSI_KEY_CHAP_CHALLENGE ); if (Challenge =3D=3D NULL) { goto ON_EXIT; } // // Process the CHAP identifier and CHAP Challenge from Target. // Calculate Response value. // Result =3D IScsiNetNtoi (Identifier); if (Result > 0xFF) { goto ON_EXIT; } =20 AuthData->InIdentifier =3D (UINT32) Result; - AuthData->InChallengeLength =3D ISCSI_CHAP_AUTH_MAX_LEN; + AuthData->InChallengeLength =3D (UINT32) sizeof (AuthData->InChallenge= ); IScsiHexToBin ( (UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge ); Status =3D IScsiCHAPCalculateResponse ( AuthData->InIdentifier, AuthData->AuthConfig->CHAPSecret, (UINT32) AsciiStrLen (AuthData->AuthConfig->CHAPSecret), AuthData->InChallenge, AuthData->InChallengeLength, AuthData->CHAPResponse ); =20 // // Transit to next step. // Conn->AuthStep =3D ISCSI_CHAP_STEP_THREE; break; --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76200): https://edk2.groups.io/g/devel/message/76200 Mute This Topic: https://groups.io/mt/83394108/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76201+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76201+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154396; cv=none; d=zohomail.com; s=zohoarc; b=UHA/CbRNKPUz9Dp/hRihfp5UZjnwo6+t2pAgIb+hx3tPBi/3cTEL+lMcDks8E8m6Bc8wvC7cvsg6iRvIH+cEbvce0mzYWASrh6MHe683+IVecnyPNRDbKxgb3u4NEI1ho4xJFIG/F09gIcs7DuPH4TdegxLtk9V41nLrXHYWB8I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154396; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Y7ZB++SHT7g6MrpzO4YNM416/+8q0uLgVJvFyEutf2k=; b=ba79t7dBUX2DKSAOynRoMLxAOgc/dXIg/cTgItqLyak/s5PGd/QN0ATdChPjKahqRbsv4FI4ucElESDP0G0iFMQwfGJFMmd5nxDOzD9UZUaQ1wJG4RnXK/40TiwDzRlXbjWqxht6Ck/OD8UFi+1/L/SOPK16U9amoUmJyo90rMA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76201+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154396205952.8517070275157; Tue, 8 Jun 2021 05:13:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id V19XYY1788612x1h7eErsxOG; Tue, 08 Jun 2021 05:13:15 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web09.11415.1623154390161129444 for ; Tue, 08 Jun 2021 05:13:10 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-163-Gsib74uSOP-CMhlCPEj2ug-1; Tue, 08 Jun 2021 08:13:08 -0400 X-MC-Unique: Gsib74uSOP-CMhlCPEj2ug-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BF8C2107ACE3; Tue, 8 Jun 2021 12:13:06 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 87A26197F9; Tue, 8 Jun 2021 12:13:05 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 03/10] NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" Date: Tue, 8 Jun 2021 14:12:52 +0200 Message-Id: <20210608121259.32451-4-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: QGF8oRhdWgeWxhgaj6uHsQisx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154395; bh=Y7ZB++SHT7g6MrpzO4YNM416/+8q0uLgVJvFyEutf2k=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=gsAc29pbhKXKpjmHDxQAq+pYOK96yX9EHC38rkNKr/hRU9wPieEa+A92EdzQIbu8mF6 v9qn+/P5l8X0Enink5ADaT4lg0kaTg3gEX22QxYlJaIp9SRvlS1WDETI4dUSwVcEYjIpw gfRoP0phXhqav2Wlreud2k2fyAWKOb4aPmo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The "ISCSI_CHAP_AUTH_DATA.OutChallenge" field is declared as a UINT8 array with ISCSI_CHAP_AUTH_MAX_LEN (1024) elements. However, when the challenge is generated and formatted, only ISCSI_CHAP_RSP_LEN (16) octets are used in the array. Change the array size to ISCSI_CHAP_RSP_LEN, and remove the (now unused) ISCSI_CHAP_AUTH_MAX_LEN macro. Remove the "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" field, which is superfluous too. Most importantly, explain in a new comment *why* tying the challenge size to the digest size (ISCSI_CHAP_RSP_LEN) has always made sense. (See also Linux kernel commit 19f5f88ed779, "scsi: target: iscsi: tie the challenge length to the hash digest size", 2019-11-06.) For sure, the motivation that the new comment now explains has always been there, and has always been the same, for IScsiDxe; it's just that now we spell it out too. No change in peer-visible behavior. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Maciej Rabeda --- NetworkPkg/IScsiDxe/IScsiCHAP.h | 9 ++++++--- NetworkPkg/IScsiDxe/IScsiCHAP.c | 3 +-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHA= P.h index 1fc1d96ea3f3..35d5d6ec29e3 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -3,39 +3,38 @@ =20 Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 #ifndef _ISCSI_CHAP_H_ #define _ISCSI_CHAP_H_ =20 #define ISCSI_AUTH_METHOD_CHAP "CHAP" =20 #define ISCSI_KEY_CHAP_ALGORITHM "CHAP_A" #define ISCSI_KEY_CHAP_IDENTIFIER "CHAP_I" #define ISCSI_KEY_CHAP_CHALLENGE "CHAP_C" #define ISCSI_KEY_CHAP_NAME "CHAP_N" #define ISCSI_KEY_CHAP_RESPONSE "CHAP_R" =20 #define ISCSI_CHAP_ALGORITHM_MD5 5 =20 -#define ISCSI_CHAP_AUTH_MAX_LEN 1024 /// /// MD5_HASHSIZE /// #define ISCSI_CHAP_RSP_LEN 16 =20 #define ISCSI_CHAP_STEP_ONE 1 #define ISCSI_CHAP_STEP_TWO 2 #define ISCSI_CHAP_STEP_THREE 3 #define ISCSI_CHAP_STEP_FOUR 4 =20 =20 #pragma pack(1) =20 typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { UINT8 CHAPType; CHAR8 CHAPName[ISCSI_CHAP_NAME_STORAGE]; CHAR8 CHAPSecret[ISCSI_CHAP_SECRET_STORAGE]; CHAR8 ReverseCHAPName[ISCSI_CHAP_NAME_STORAGE]; CHAR8 ReverseCHAPSecret[ISCSI_CHAP_SECRET_STORAGE]; @@ -43,41 +42,45 @@ typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { =20 #pragma pack() =20 /// /// ISCSI CHAP Authentication Data /// typedef struct _ISCSI_CHAP_AUTH_DATA { ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; UINT32 InIdentifier; UINT8 InChallenge[1024]; UINT32 InChallengeLength; // // Calculated CHAP Response (CHAP_R) value. // UINT8 CHAPResponse[ISCSI_CHAP_RSP_LEN]; =20 // // Auth-data to be sent out for mutual authentication. // + // While the challenge size is technically independent of the hashing + // algorithm, it is good practice to avoid hashing *fewer bytes* than the + // digest size. In other words, it's good practice to feed *at least as = many + // bytes* to the hashing algorithm as the hashing algorithm will output. + // UINT32 OutIdentifier; - UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; - UINT32 OutChallengeLength; + UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN]; } ISCSI_CHAP_AUTH_DATA; =20 /** This function checks the received iSCSI Login Response during the securi= ty negotiation stage. =20 @param[in] Conn The iSCSI connection. =20 @retval EFI_SUCCESS The Login Response passed the CHAP validati= on. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. @retval Others Other errors as indicated. =20 **/ EFI_STATUS IScsiCHAPOnRspReceived ( IN ISCSI_CONNECTION *Conn ); /** diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHA= P.c index df3c2eb1200a..9e192ce292e8 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -106,39 +106,39 @@ IScsiCHAPCalculateResponse ( **/ EFI_STATUS IScsiCHAPAuthTarget ( IN ISCSI_CHAP_AUTH_DATA *AuthData, IN UINT8 *TargetResponse ) { EFI_STATUS Status; UINT32 SecretSize; UINT8 VerifyRsp[ISCSI_CHAP_RSP_LEN]; =20 Status =3D EFI_SUCCESS; =20 SecretSize =3D (UINT32) AsciiStrLen (AuthData->AuthConfig->ReverseCHAPS= ecret); Status =3D IScsiCHAPCalculateResponse ( AuthData->OutIdentifier, AuthData->AuthConfig->ReverseCHAPSecret, SecretSize, AuthData->OutChallenge, - AuthData->OutChallengeLength, + ISCSI_CHAP_RSP_LEN, // ChallengeLength VerifyRsp ); =20 if (CompareMem (VerifyRsp, TargetResponse, ISCSI_CHAP_RSP_LEN) !=3D 0) { Status =3D EFI_SECURITY_VIOLATION; } =20 return Status; } =20 =20 /** This function checks the received iSCSI Login Response during the securi= ty negotiation stage. =20 @param[in] Conn The iSCSI connection. =20 @retval EFI_SUCCESS The Login Response passed the CHAP validati= on. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @@ -474,39 +474,38 @@ IScsiCHAPToSendReq ( IScsiBinToHex ( (UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); =20 if (AuthData->AuthConfig->CHAPType =3D=3D ISCSI_CHAP_MUTUAL) { // // CHAP_I=3D // IScsiGenRandom ((UINT8 *) &AuthData->OutIdentifier, 1); AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentif= ier); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr); // // CHAP_C=3D // IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN= ); - AuthData->OutChallengeLength =3D ISCSI_CHAP_RSP_LEN; IScsiBinToHex ( (UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); =20 Conn->AuthStep =3D ISCSI_CHAP_STEP_FOUR; } // // Set the stage transition flag. // ISCSI_SET_FLAG (LoginReq, ISCSI_LOGIN_REQ_PDU_FLAG_TRANSIT); break; =20 default: Status =3D EFI_PROTOCOL_ERROR; break; --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76201): https://edk2.groups.io/g/devel/message/76201 Mute This Topic: https://groups.io/mt/83394109/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76203+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76203+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154395; cv=none; d=zohomail.com; s=zohoarc; b=m5EiXTrJDcskD8KSvJW1nNIZb54odMS2bGd5Al8/leyXxfKwsN3grYWcVzZRdFySYfqEEju32yPsJceTN1B/U0QPf+jW2vFQllE2Ymctm6HWJidEjW5VO4HmPDuLaywSE4Gr+UY5zkIQUop5S81iOCS2X43io8eVYl0Wo6e4fvY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154395; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KFTWJ6lu1G4yjUklmOBkwI1UnL6zttgIfZSC7Xk1qm8=; b=OqfVPkefe7gV+N85+jEc2skOwqNjINBdiBRGpzkfCnMmoUkzRwU5XszUc691LRleziIoBUxoDfo8/tJd2fvSZaD73X1j5Lqw2xNRrYuen1IAWh0mCAjv/boa08XEPE6AAEURl76Nvg5ZQlva9QhF9N+7u+gKBsk3vFohUxClZFI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76203+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154395053406.1530273902698; Tue, 8 Jun 2021 05:13:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ub3yYY1788612xrHtedYqbd0; Tue, 08 Jun 2021 05:13:14 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web12.11302.1623154393564749252 for ; Tue, 08 Jun 2021 05:13:13 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-548-HJXzoRlPN26t7uU-r346yw-1; Tue, 08 Jun 2021 08:13:09 -0400 X-MC-Unique: HJXzoRlPN26t7uU-r346yw-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 57518BBEE1; Tue, 8 Jun 2021 12:13:08 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1D9AE1349A; Tue, 8 Jun 2021 12:13:06 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 04/10] NetworkPkg/IScsiDxe: clean up library class dependencies Date: Tue, 8 Jun 2021 14:12:53 +0200 Message-Id: <20210608121259.32451-5-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: b3rPQ9wqrnDOVIiDxBNL0NG6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154394; bh=KFTWJ6lu1G4yjUklmOBkwI1UnL6zttgIfZSC7Xk1qm8=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=NPUF3pqBjt+7IhUUMzHaVVYICwT9PSQ//w8rs3WQwdiBga4dfjsAwM3P2WsMIyZdmn1 QuBn+xq8D4H7ykX6SDnRUPvfIKaMIsh/0VoGCYS3STEZKQ2thdLmGt0fFlkrLochVcFQr Pj7UUAGYy0S+9ylDDDPx26DtrYfLgZ4PHcw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Sort the library class dependencies in the #include directives and in the INF file. Remove the DpcLib class from the #include directives -- it is not listed in the INF file, and IScsiDxe doesn't call either DpcLib API (QueueDpc(), DispatchDpc()). No functional changes. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Maciej Rabeda --- NetworkPkg/IScsiDxe/IScsiDxe.inf | 6 +++--- NetworkPkg/IScsiDxe/IScsiImpl.h | 17 ++++++++--------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDx= e.inf index 0ffb340ce05e..543c4083026a 100644 --- a/NetworkPkg/IScsiDxe/IScsiDxe.inf +++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf @@ -49,53 +49,53 @@ [Sources] IScsiDriver.c IScsiDriver.h IScsiExtScsiPassThru.c IScsiIbft.c IScsiIbft.h IScsiInitiatorName.c IScsiImpl.h IScsiMisc.c IScsiMisc.h IScsiProto.c IScsiProto.h =20 [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec CryptoPkg/CryptoPkg.dec NetworkPkg/NetworkPkg.dec =20 [LibraryClasses] + BaseCryptLib BaseLib BaseMemoryLib DebugLib DevicePathLib HiiLib MemoryAllocationLib NetLib - TcpIoLib PrintLib + TcpIoLib UefiBootServicesTableLib UefiDriverEntryPoint + UefiHiiServicesLib UefiLib UefiRuntimeServicesTableLib - UefiHiiServicesLib - BaseCryptLib =20 [Protocols] gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES ## S= ystemTable gEfiDriverBindingProtocolGuid ## SOMETIMES_PRODUCES gEfiPciIoProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp4ProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp6ProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp4ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp6ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDns4ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDns4ProtocolGuid ## SOMETIMES_CONSUMES gEfiDns6ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDns6ProtocolGuid ## SOMETIMES_CONSUMES gEfiIp4Config2ProtocolGuid ## SOMETIMES_CONSUMES gEfiIp6ConfigProtocolGuid ## SOMETIMES_CONSUMES gEfiTcp4ProtocolGuid ## TO_START gEfiTcp6ProtocolGuid ## TO_START gEfiTcp4ServiceBindingProtocolGuid ## TO_START gEfiTcp6ServiceBindingProtocolGuid ## TO_START diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImp= l.h index 387ab9765e9e..d895c7feb947 100644 --- a/NetworkPkg/IScsiDxe/IScsiImpl.h +++ b/NetworkPkg/IScsiDxe/IScsiImpl.h @@ -19,53 +19,52 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include =20 #include #include #include #include #include #include #include #include #include =20 #include #include #include #include #include =20 -#include -#include -#include -#include +#include #include #include +#include +#include +#include #include +#include #include +#include #include -#include +#include #include -#include -#include -#include -#include +#include =20 #include #include #include =20 #include "IScsiConfigNVDataStruc.h" #include "IScsiDriver.h" #include "IScsiProto.h" #include "IScsiCHAP.h" #include "IScsiDhcp.h" #include "IScsiDhcp6.h" =20 #include "IScsiIbft.h" #include "IScsiMisc.h" #include "IScsiDns.h" #include "IScsiConfig.h" =20 #define ISCSI_AUTH_INITIAL 0 =20 --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76203): https://edk2.groups.io/g/devel/message/76203 Mute This Topic: https://groups.io/mt/83394113/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76202+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76202+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154399; cv=none; d=zohomail.com; s=zohoarc; b=RSVbEMnRDtmO6A+/SeIx3hobfecwsrYfbK6Lq+zpqcCQPzrxTvdziKZS35HhhWlH3xKnvdxIFJ1WqVBXSRLrXqSIV/UB3+vGY7FkWBah6B7ssW9MReK5OL06mSKSEbjitQXbXyW4mUN//xjQxQhwoCNKggCj1mmtFUDvrM/kdss= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154399; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ZmYwaxy48vOkZH3oVyVDdSN/3ccL+NeY7UUAi/m7D5w=; b=B7XuTHNwXDAM79wMSTqlWwwpuVcDBpUygqEs8ffMvvd8ntGlo6t31TP/4hnrMZjObp4kPqbI0lKbDzfv6urXTNIRph2dUnYAa+vwQuyOtSBXjimMnTEwzArlLzzwmX3jI45nhAqSFDpNfqmD5p8EPU+ppgwtxC4ykMX8/QmHy6Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76202+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154399376184.58523209560474; Tue, 8 Jun 2021 05:13:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wJ91YY1788612xypRHwK5xYV; Tue, 08 Jun 2021 05:13:19 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web11.11512.1623154393335203769 for ; Tue, 08 Jun 2021 05:13:13 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-421-hSk-1E-TNKyQMdDo6VybIg-1; Tue, 08 Jun 2021 08:13:11 -0400 X-MC-Unique: hSk-1E-TNKyQMdDo6VybIg-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E50858030A0; Tue, 8 Jun 2021 12:13:09 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id AB197620DE; Tue, 8 Jun 2021 12:13:08 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 05/10] NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex() Date: Tue, 8 Jun 2021 14:12:54 +0200 Message-Id: <20210608121259.32451-6-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: Aq1awCbehaltrDPacBRhVygWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154399; bh=ZmYwaxy48vOkZH3oVyVDdSN/3ccL+NeY7UUAi/m7D5w=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=Lh1P74xDPwg78S7qFx0OEE1JKyJBWQA/pPppd3ki7QQiKqgZ7tT3ymIfgSTeq6g1UG7 VUm2oUNcPftZunsuhJyQlXycHDx2tdaJ7UBk44RXUW7r2YV90cjZEgE3R2Rkm+ucPvpmF Ay7+NEn81SCL1FOmiz6eTTy1hy5RCsT1q8k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Considering IScsiBinToHex(): > if (((*HexLength) - 3) < BinLength * 2) { > *HexLength =3D BinLength * 2 + 3; > } the following subexpressions are problematic: (*HexLength) - 3 BinLength * 2 BinLength * 2 + 3 The first one may wrap under zero, the latter two may wrap over MAX_UINT32. Rewrite the calculation using SafeIntLib. While at it, change the type of the "Index" variable from UINTN to UINT32. The largest "Index"-based value that we calculate is Index * 2 + 2 (with (Index =3D=3D BinLengt= h)) Because the patch makes BinLength * 2 + 3 safe to calculate in UINT32, using UINT32 for Index * 2 + 2 (with (Index =3D=3D BinLengt= h)) is safe too. Consistently using UINT32 improves readability. This patch is best reviewed with "git show -W". The integer overflows that this patch fixes are theoretical; a subsequent patch in the series will audit the IScsiBinToHex() call sites, and show that none of them can fail. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- NetworkPkg/IScsiDxe/IScsiDxe.inf | 1 + NetworkPkg/IScsiDxe/IScsiImpl.h | 1 + NetworkPkg/IScsiDxe/IScsiMisc.h | 1 + NetworkPkg/IScsiDxe/IScsiMisc.c | 19 +++++++++++++++---- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDx= e.inf index 543c4083026a..1dde56d00ca2 100644 --- a/NetworkPkg/IScsiDxe/IScsiDxe.inf +++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf @@ -58,38 +58,39 @@ [Sources] IScsiProto.c IScsiProto.h =20 [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec CryptoPkg/CryptoPkg.dec NetworkPkg/NetworkPkg.dec =20 [LibraryClasses] BaseCryptLib BaseLib BaseMemoryLib DebugLib DevicePathLib HiiLib MemoryAllocationLib NetLib PrintLib + SafeIntLib TcpIoLib UefiBootServicesTableLib UefiDriverEntryPoint UefiHiiServicesLib UefiLib UefiRuntimeServicesTableLib =20 [Protocols] gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES ## S= ystemTable gEfiDriverBindingProtocolGuid ## SOMETIMES_PRODUCES gEfiPciIoProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp4ProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp6ProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp4ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDhcp6ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDns4ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDns4ProtocolGuid ## SOMETIMES_CONSUMES gEfiDns6ServiceBindingProtocolGuid ## SOMETIMES_CONSUMES gEfiDns6ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImp= l.h index d895c7feb947..ac3a25730efb 100644 --- a/NetworkPkg/IScsiDxe/IScsiImpl.h +++ b/NetworkPkg/IScsiDxe/IScsiImpl.h @@ -28,38 +28,39 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include =20 #include #include #include #include #include =20 #include #include #include #include #include #include #include #include #include +#include #include #include #include #include #include =20 #include #include #include =20 #include "IScsiConfigNVDataStruc.h" #include "IScsiDriver.h" #include "IScsiProto.h" #include "IScsiCHAP.h" #include "IScsiDhcp.h" #include "IScsiDhcp6.h" =20 #include "IScsiIbft.h" #include "IScsiMisc.h" diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMis= c.h index 46c725aab3a4..231413993b08 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -134,38 +134,39 @@ IScsiMacAddrToStr ( **/ EFI_STATUS IScsiAsciiStrToIp ( IN CHAR8 *Str, IN UINT8 IpMode, OUT EFI_IP_ADDRESS *Ip ); =20 /** Convert the binary encoded buffer into a hexadecimal encoded string. =20 @param[in] BinBuffer The buffer containing the binary data. @param[in] BinLength Length of the binary buffer. @param[in, out] HexStr Pointer to the string. @param[in, out] HexLength The length of the string. =20 @retval EFI_SUCCESS The binary data is converted to the hexadec= imal string and the length of the string is updated. @retval EFI_BUFFER_TOO_SMALL The string is too small. + @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. @retval EFI_INVALID_PARAMETER The IP string is malformatted. =20 **/ EFI_STATUS IScsiBinToHex ( IN UINT8 *BinBuffer, IN UINT32 BinLength, IN OUT CHAR8 *HexStr, IN OUT UINT32 *HexLength ); =20 /** Convert the hexadecimal string into a binary encoded buffer. =20 @param[in, out] BinBuffer The binary buffer. @param[in, out] BinLength Length of the binary buffer. @param[in] HexStr The hexadecimal string. =20 @retval EFI_SUCCESS The hexadecimal string is converted into a = binary diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMis= c.c index b8fef3ff6f5a..42988e15cb06 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -300,61 +300,72 @@ IScsiMacAddrToStr ( String =3D &Str[3 * Index - 1] ; if (VlanId !=3D 0) { String +=3D UnicodeSPrint (String, 6 * sizeof (CHAR16), L"\\%04x", (UI= NTN) VlanId); } =20 *String =3D L'\0'; } =20 /** Convert the binary encoded buffer into a hexadecimal encoded string. =20 @param[in] BinBuffer The buffer containing the binary data. @param[in] BinLength Length of the binary buffer. @param[in, out] HexStr Pointer to the string. @param[in, out] HexLength The length of the string. =20 @retval EFI_SUCCESS The binary data is converted to the hexadec= imal string and the length of the string is updated. @retval EFI_BUFFER_TOO_SMALL The string is too small. + @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. @retval EFI_INVALID_PARAMETER The IP string is malformatted. =20 **/ EFI_STATUS IScsiBinToHex ( IN UINT8 *BinBuffer, IN UINT32 BinLength, IN OUT CHAR8 *HexStr, IN OUT UINT32 *HexLength ) { - UINTN Index; + UINT32 HexLengthMin; + UINT32 HexLengthProvided; + UINT32 Index; =20 if ((HexStr =3D=3D NULL) || (BinBuffer =3D=3D NULL) || (BinLength =3D=3D= 0)) { return EFI_INVALID_PARAMETER; } =20 - if (((*HexLength) - 3) < BinLength * 2) { - *HexLength =3D BinLength * 2 + 3; + // + // Safely calculate: HexLengthMin :=3D BinLength * 2 + 3. + // + if (RETURN_ERROR (SafeUint32Mult (BinLength, 2, &HexLengthMin)) || + RETURN_ERROR (SafeUint32Add (HexLengthMin, 3, &HexLengthMin))) { + return EFI_BAD_BUFFER_SIZE; + } + + HexLengthProvided =3D *HexLength; + *HexLength =3D HexLengthMin; + if (HexLengthProvided < HexLengthMin) { return EFI_BUFFER_TOO_SMALL; } =20 - *HexLength =3D BinLength * 2 + 3; // // Prefix for Hex String. // HexStr[0] =3D '0'; HexStr[1] =3D 'x'; =20 for (Index =3D 0; Index < BinLength; Index++) { HexStr[Index * 2 + 2] =3D IScsiHexString[BinBuffer[Index] >> 4]; HexStr[Index * 2 + 3] =3D IScsiHexString[BinBuffer[Index] & 0xf]; } =20 HexStr[Index * 2 + 2] =3D '\0'; =20 return EFI_SUCCESS; } =20 =20 /** Convert the hexadecimal string into a binary encoded buffer. --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76202): https://edk2.groups.io/g/devel/message/76202 Mute This Topic: https://groups.io/mt/83394112/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76205+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76205+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154408; cv=none; d=zohomail.com; s=zohoarc; b=bk+LQnKLoIIKJQS+05Sjsx9ORyHujfgEPS5jMlyb4T80u71uVujUsZ2GaUjkLuMMpMLlzEBIP+KuhRvszaQGXVKg53Ck1zemNgUla7u3rK3DZUBla71kewmMffm+v5HlLOfLwXK049Ceq5FgOoo+z8v8IliBOjU2ZRURSVsGaDE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154408; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=xX5XgbKJhGyrTNtkaEipf8esrWCSKsGgw2tvlOknzdc=; b=MzLTrKiiLWFTZ/JERVRL8nQy1Qtn3qU48azSpu/K32f/4e8+ZV9rLaeieQIwvyf5/RRiFVqF13xXjVupMxd6osUrvpUvN+BbmrF4OftNZHyj1CLHlgCfotTL8blyCQGMZDzbEmSiP/XQSxlWW+OsOXzdUZapjrdWXtj3ykxzuzw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76205+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154408220694.6459101740367; Tue, 8 Jun 2021 05:13:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id x8zZYY1788612xj3IRGvhlOv; Tue, 08 Jun 2021 05:13:22 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web09.11416.1623154396997963767 for ; Tue, 08 Jun 2021 05:13:17 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-127-DL52HgSDN4Cbbm_XlmNI9w-1; Tue, 08 Jun 2021 08:13:12 -0400 X-MC-Unique: DL52HgSDN4Cbbm_XlmNI9w-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8958E106BAA7; Tue, 8 Jun 2021 12:13:11 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D4CE620DE; Tue, 8 Jun 2021 12:13:10 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds Date: Tue, 8 Jun 2021 14:12:55 +0200 Message-Id: <20210608121259.32451-7-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: LbP3vClPg67LGzHugSLD2lUBx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154402; bh=xX5XgbKJhGyrTNtkaEipf8esrWCSKsGgw2tvlOknzdc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=LTirNoMnHQeVu6iOuda1OJCObwA0zJWyJXycRKvJBcmbKjY9oxf5a7Sfi1Z/1b3Kt9q 6a0K5bV0fql2u3Ne7y4yVhGxLRANx2+ZB9TnOC+oK9PZGHzTZr1FvRi36I6M7JzEle4re 3tupPJw4n8I+IYDyL9Ek61eW1wTsCXDmQjU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" IScsiBinToHex() is called for encoding: - the answer to the target's challenge; that is, CHAP_R; - the challenge for the target, in case mutual authentication is enabled; that is, CHAP_C. The initiator controls the size of both blobs, the sizes of their hex encodings are correctly calculated in "RspLen" and "ChallengeLen". Therefore the IScsiBinToHex() calls never fail; assert that. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Maciej Rabeda --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 27 +++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHA= P.c index 9e192ce292e8..dbe3c8ef46f9 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -375,38 +375,39 @@ IScsiCHAPOnRspReceived ( @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. =20 **/ EFI_STATUS IScsiCHAPToSendReq ( IN ISCSI_CONNECTION *Conn, IN OUT NET_BUF *Pdu ) { EFI_STATUS Status; ISCSI_SESSION *Session; ISCSI_LOGIN_REQUEST *LoginReq; ISCSI_CHAP_AUTH_DATA *AuthData; CHAR8 *Value; CHAR8 ValueStr[256]; CHAR8 *Response; UINT32 RspLen; CHAR8 *Challenge; UINT32 ChallengeLen; + EFI_STATUS BinToHexStatus; =20 ASSERT (Conn->CurrentStage =3D=3D ISCSI_SECURITY_NEGOTIATION); =20 Session =3D Conn->Session; AuthData =3D &Session->AuthData.CHAP; LoginReq =3D (ISCSI_LOGIN_REQUEST *) NetbufGetByte (Pdu, 0, 0); if (LoginReq =3D=3D NULL) { return EFI_PROTOCOL_ERROR; } Status =3D EFI_SUCCESS; =20 RspLen =3D 2 * ISCSI_CHAP_RSP_LEN + 3; Response =3D AllocateZeroPool (RspLen); if (Response =3D=3D NULL) { return EFI_OUT_OF_RESOURCES; } =20 ChallengeLen =3D 2 * ISCSI_CHAP_RSP_LEN + 3; Challenge =3D AllocateZeroPool (ChallengeLen); @@ -455,63 +456,65 @@ IScsiCHAPToSendReq ( Conn->AuthStep =3D ISCSI_CHAP_STEP_TWO; break; =20 case ISCSI_CHAP_STEP_THREE: // // Third step, send the Login Request with CHAP_N=3D CHAP_R=3D or // CHAP_N=3D CHAP_R=3D CHAP_I=3D CHAP_C=3D if target authe= ntication is // required too. // // CHAP_N=3D // IScsiAddKeyValuePair ( Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName ); // // CHAP_R=3D // - IScsiBinToHex ( - (UINT8 *) AuthData->CHAPResponse, - ISCSI_CHAP_RSP_LEN, - Response, - &RspLen - ); + BinToHexStatus =3D IScsiBinToHex ( + (UINT8 *) AuthData->CHAPResponse, + ISCSI_CHAP_RSP_LEN, + Response, + &RspLen + ); + ASSERT_EFI_ERROR (BinToHexStatus); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); =20 if (AuthData->AuthConfig->CHAPType =3D=3D ISCSI_CHAP_MUTUAL) { // // CHAP_I=3D // IScsiGenRandom ((UINT8 *) &AuthData->OutIdentifier, 1); AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentif= ier); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr); // // CHAP_C=3D // IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN= ); - IScsiBinToHex ( - (UINT8 *) AuthData->OutChallenge, - ISCSI_CHAP_RSP_LEN, - Challenge, - &ChallengeLen - ); + BinToHexStatus =3D IScsiBinToHex ( + (UINT8 *) AuthData->OutChallenge, + ISCSI_CHAP_RSP_LEN, + Challenge, + &ChallengeLen + ); + ASSERT_EFI_ERROR (BinToHexStatus); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); =20 Conn->AuthStep =3D ISCSI_CHAP_STEP_FOUR; } // // Set the stage transition flag. // ISCSI_SET_FLAG (LoginReq, ISCSI_LOGIN_REQ_PDU_FLAG_TRANSIT); break; =20 default: Status =3D EFI_PROTOCOL_ERROR; break; } =20 FreePool (Response); FreePool (Challenge); =20 return Status; --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76205): https://edk2.groups.io/g/devel/message/76205 Mute This Topic: https://groups.io/mt/83394117/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76204+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76204+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154402; cv=none; d=zohomail.com; s=zohoarc; b=JCoIHIIKtV0IodOKGU5DfcGG/szqegvOYEz7Dm/BLEQkwwZ3BouypVANDtyyRSqm1tlYV4g03GtyaUhuSDXNFhKR27MAwfXXnjOfic+G+gbV4y3IyNbX3C2cpM329v9oCtWvo0Q9h63mv0qIfOo4o7VHx6AAvhaEhJAtJMGM/Xo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154402; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=K69wt3lOPUKh8GZmVpkGKoSyl4Q9U4clfwM/RpSBvzw=; b=fKbE1jS7kh4zsiAqZc3C3ON/dHrGkgt++p8CVWcYfLHn/DkjuwlbtZ6FnXI7z+Ch2DnhCHCenirkhF2N4kPqWpskYiyXxJMo1NNLGhCnP7Yy/4RcDLNujNP67XobqzBaUJpV8XGpgo+0pvLIzrmqyVFfOZg9lZtzlVarQ9KqNOo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76204+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154402357654.6025727792309; Tue, 8 Jun 2021 05:13:22 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 85DxYY1788612xj1Qfqbh34y; Tue, 08 Jun 2021 05:13:21 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web12.11304.1623154396156153725 for ; Tue, 08 Jun 2021 05:13:16 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-54-0d83fWvCNViteToyYxOXuA-1; Tue, 08 Jun 2021 08:13:14 -0400 X-MC-Unique: 0d83fWvCNViteToyYxOXuA-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 210BB107ACC7; Tue, 8 Jun 2021 12:13:13 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id DB886620DE; Tue, 8 Jun 2021 12:13:11 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 07/10] NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block Date: Tue, 8 Jun 2021 14:12:56 +0200 Message-Id: <20210608121259.32451-8-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: JJKx4mtABG2CE2A8VpGbHrphx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154401; bh=K69wt3lOPUKh8GZmVpkGKoSyl4Q9U4clfwM/RpSBvzw=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=ZSQQzAMgVmXfMHnmpMEIP/ePphXkPO0mOuoQCz75CVGbgaLKIDd11GU8BxV9Dk9RYiK a2HNftB7lT683R9GJsyUnKytDBCpJQiww6NrklyMW7yIBY88GnNt/7XCw9QCWwCbzo1c2 t26owSdly8cbEWHrFPXaTDpzjtNRxxncxa4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" We'll need further return values for IScsiHexToBin() in a subsequent patch; make room for them in the leading comment block of the function. While at it, rewrap the comment block to 80 characters width. No functional changes. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- NetworkPkg/IScsiDxe/IScsiMisc.h | 14 +++++++------- NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMis= c.h index 231413993b08..28cf408cd5c5 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -149,46 +149,46 @@ IScsiAsciiStrToIp ( =20 @retval EFI_SUCCESS The binary data is converted to the hexadec= imal string and the length of the string is updated. @retval EFI_BUFFER_TOO_SMALL The string is too small. @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. @retval EFI_INVALID_PARAMETER The IP string is malformatted. =20 **/ EFI_STATUS IScsiBinToHex ( IN UINT8 *BinBuffer, IN UINT32 BinLength, IN OUT CHAR8 *HexStr, IN OUT UINT32 *HexLength ); =20 /** Convert the hexadecimal string into a binary encoded buffer. =20 - @param[in, out] BinBuffer The binary buffer. - @param[in, out] BinLength Length of the binary buffer. - @param[in] HexStr The hexadecimal string. - - @retval EFI_SUCCESS The hexadecimal string is converted into a = binary - encoded buffer. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the = converted data. + @param[in, out] BinBuffer The binary buffer. + @param[in, out] BinLength Length of the binary buffer. + @param[in] HexStr The hexadecimal string. =20 + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. **/ EFI_STATUS IScsiHexToBin ( IN OUT UINT8 *BinBuffer, IN OUT UINT32 *BinLength, IN CHAR8 *HexStr ); =20 =20 /** Convert the decimal-constant string or hex-constant string into a numeri= cal value. =20 @param[in] Str String in decimal or hex. =20 @return The numerical value. =20 **/ UINTN IScsiNetNtoi ( diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMis= c.c index 42988e15cb06..014700e87a5f 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -354,46 +354,46 @@ IScsiBinToHex ( // Prefix for Hex String. // HexStr[0] =3D '0'; HexStr[1] =3D 'x'; =20 for (Index =3D 0; Index < BinLength; Index++) { HexStr[Index * 2 + 2] =3D IScsiHexString[BinBuffer[Index] >> 4]; HexStr[Index * 2 + 3] =3D IScsiHexString[BinBuffer[Index] & 0xf]; } =20 HexStr[Index * 2 + 2] =3D '\0'; =20 return EFI_SUCCESS; } =20 =20 /** Convert the hexadecimal string into a binary encoded buffer. =20 - @param[in, out] BinBuffer The binary buffer. - @param[in, out] BinLength Length of the binary buffer. - @param[in] HexStr The hexadecimal string. - - @retval EFI_SUCCESS The hexadecimal string is converted into a = binary - encoded buffer. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the = converted data. + @param[in, out] BinBuffer The binary buffer. + @param[in, out] BinLength Length of the binary buffer. + @param[in] HexStr The hexadecimal string. =20 + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. **/ EFI_STATUS IScsiHexToBin ( IN OUT UINT8 *BinBuffer, IN OUT UINT32 *BinLength, IN CHAR8 *HexStr ) { UINTN Index; UINTN Length; UINT8 Digit; CHAR8 TemStr[2]; =20 ZeroMem (TemStr, sizeof (TemStr)); =20 // // Find out how many hex characters the string has. // if ((HexStr[0] =3D=3D '0') && ((HexStr[1] =3D=3D 'x') || (HexStr[1] =3D= =3D 'X'))) { --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76204): https://edk2.groups.io/g/devel/message/76204 Mute This Topic: https://groups.io/mt/83394115/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76206+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76206+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154408; cv=none; d=zohomail.com; s=zohoarc; b=dQ2rRMrAXykoCE6XlWeR8PIws+lrR7JWCCRD+f301oLTmf+UAWDf1LHOwSLptindr52Jtdr1WvkZCqxt4YyqkbbQ6hM4M8Ps2k/OY/2EU3yl1hRmOM/X++ldtDkl6v8zsROo2ZXrpx9FCwSjFTDXMt9JXk95p//zdpckiYZpz5A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154408; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=EuYhRwTqqVjf7YHAK8Qeur+PThqG/rB8MtVJB2oRJ2Q=; b=BAN1f5GTrYXaAV8paId0Q0hlTuIqTBfNPnqnH8/Sm/7+q2ARJI9TFeL+mOBfdegQ9I6j+2YhTA6D/ybFr4yEP7qrbzYpEiRusOT8J8+VZAXFP3Kh1tIoyfUk5P35cQfa/FEs3GcUrDYFWJ5Y/fEK43JLKGw8WeNF/NH1V60KcN4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76206+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154408857293.44105146529444; Tue, 8 Jun 2021 05:13:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vO5MYY1788612x8mJZImumfm; Tue, 08 Jun 2021 05:13:28 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web11.11514.1623154400169553379 for ; Tue, 08 Jun 2021 05:13:20 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-257--Tz5uiQlOh2fZGwz1dCsdg-1; Tue, 08 Jun 2021 08:13:15 -0400 X-MC-Unique: -Tz5uiQlOh2fZGwz1dCsdg-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A7BCB107ACF2; Tue, 8 Jun 2021 12:13:14 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7087E197F9; Tue, 8 Jun 2021 12:13:13 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 08/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing Date: Tue, 8 Jun 2021 14:12:57 +0200 Message-Id: <20210608121259.32451-9-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: 4NNZE8NdHTF2rDOyBAj26Zmax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154408; bh=EuYhRwTqqVjf7YHAK8Qeur+PThqG/rB8MtVJB2oRJ2Q=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=PsiuSkHzI9BmCJ1EW1yGdIzwo8BO0lef3uQT3C5Tq8WKzYZSm9g5qHkrUN5QUepyVY1 G1JMIzbFico6cr0zXTkpwTl2/Ax+ykGM8+QQcgcoGPuS3TGWyj6sH3xv317O+z2n9/aEh RxWz5vrorTGSfjFXPNv65h0mqP46+9sYpXk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The IScsiHexToBin() function has the following parser issues: (1) If the *subject sequence* in "HexStr" is empty, the function returns EFI_SUCCESS (with "BinLength" set to 0 on output). Such inputs should be rejected. (2) The function mis-handles a "HexStr" that ends with a stray nibble. For example, if "HexStr" is "0xABC", the function decodes it to the bytes {0xAB, 0x0C}, sets "BinLength" to 2 on output, and returns EFI_SUCCESS. Such inputs should be rejected. (3) If an invalid hex char is found in "HexStr", the function treats it as end-of-hex-string, and returns EFI_SUCCESS. Such inputs should be rejected. All of the above cases are remotely triggerable, as shown in a subsequent patch, which adds error checking to the IScsiHexToBin() call sites. While the initiator is not immediately compromised, incorrectly parsing CHAP_R from the target, in case of mutual authentication, is not great. Extend the interface contract of IScsiHexToBin() with EFI_INVALID_PARAMETER, for reporting issues (1) through (3), and implement the new checks. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- NetworkPkg/IScsiDxe/IScsiMisc.h | 1 + NetworkPkg/IScsiDxe/IScsiMisc.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMis= c.h index 28cf408cd5c5..404a482e57f3 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -155,38 +155,39 @@ IScsiAsciiStrToIp ( =20 **/ EFI_STATUS IScsiBinToHex ( IN UINT8 *BinBuffer, IN UINT32 BinLength, IN OUT CHAR8 *HexStr, IN OUT UINT32 *HexLength ); =20 /** Convert the hexadecimal string into a binary encoded buffer. =20 @param[in, out] BinBuffer The binary buffer. @param[in, out] BinLength Length of the binary buffer. @param[in] HexStr The hexadecimal string. =20 @retval EFI_SUCCESS The hexadecimal string is converted into a binary encoded buffer. + @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. **/ EFI_STATUS IScsiHexToBin ( IN OUT UINT8 *BinBuffer, IN OUT UINT32 *BinLength, IN CHAR8 *HexStr ); =20 =20 /** Convert the decimal-constant string or hex-constant string into a numeri= cal value. =20 @param[in] Str String in decimal or hex. =20 @return The numerical value. =20 **/ diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMis= c.c index 014700e87a5f..f0f4992b07c7 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -360,72 +360,80 @@ IScsiBinToHex ( HexStr[Index * 2 + 2] =3D IScsiHexString[BinBuffer[Index] >> 4]; HexStr[Index * 2 + 3] =3D IScsiHexString[BinBuffer[Index] & 0xf]; } =20 HexStr[Index * 2 + 2] =3D '\0'; =20 return EFI_SUCCESS; } =20 =20 /** Convert the hexadecimal string into a binary encoded buffer. =20 @param[in, out] BinBuffer The binary buffer. @param[in, out] BinLength Length of the binary buffer. @param[in] HexStr The hexadecimal string. =20 @retval EFI_SUCCESS The hexadecimal string is converted into a binary encoded buffer. + @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. **/ EFI_STATUS IScsiHexToBin ( IN OUT UINT8 *BinBuffer, IN OUT UINT32 *BinLength, IN CHAR8 *HexStr ) { UINTN Index; UINTN Length; UINT8 Digit; CHAR8 TemStr[2]; =20 ZeroMem (TemStr, sizeof (TemStr)); =20 // // Find out how many hex characters the string has. // if ((HexStr[0] =3D=3D '0') && ((HexStr[1] =3D=3D 'x') || (HexStr[1] =3D= =3D 'X'))) { HexStr +=3D 2; } =20 Length =3D AsciiStrLen (HexStr); =20 + // + // Reject an empty hex string; reject a stray nibble. + // + if (Length =3D=3D 0 || Length % 2 !=3D 0) { + return EFI_INVALID_PARAMETER; + } + for (Index =3D 0; Index < Length; Index ++) { TemStr[0] =3D HexStr[Index]; Digit =3D (UINT8) AsciiStrHexToUint64 (TemStr); if (Digit =3D=3D 0 && TemStr[0] !=3D '0') { // - // Invalid Lun Char. + // Invalid Hex Char. // - break; + return EFI_INVALID_PARAMETER; } if ((Index & 1) =3D=3D 0) { BinBuffer [Index/2] =3D Digit; } else { BinBuffer [Index/2] =3D (UINT8) ((BinBuffer [Index/2] << 4) + Digit); } } =20 *BinLength =3D (UINT32) ((Index + 1)/2); =20 return EFI_SUCCESS; } =20 =20 /** Convert the decimal-constant string or hex-constant string into a numeri= cal value. =20 @param[in] Str String in decimal or hex. =20 --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76206): https://edk2.groups.io/g/devel/message/76206 Mute This Topic: https://groups.io/mt/83394118/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76207+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76207+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154409; cv=none; d=zohomail.com; s=zohoarc; b=IOUw3aqxyDqphVo6tx5QSzj7lmWXvNMZHAtIA0q748yIPJg/XhBTXiGl1R9b8/U4DRzriXwpj8N8+kttbeu/TV4BVNEn3tHd+lH60Qt5MGFzuhXIHmSRvhJQ7ouZIKrJEUWCuYQkbihX/n+owvmFj6+FSmM7EEDx1Q6xXeUW7UI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154409; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=msIiGDqngfoL7QtCwwSWl+rP7f3dpdWjSCQOWa0tD7o=; b=g9lf9IHcdzjH8dGP+vakVCKGPZ1E++PSPzsrS/lYCHBQhjnKH5bMEPEzyXJ2CdZosxjhZEU7UTa46it3zng9FTiIL7jsG/pga2juPmpu0VFSuv7jRKEP6xnup5vc9jrWr//PNM1yoAr95oLhxDYbwzFJc/3IyaOEB+S9ERsx3JM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76207+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154409342880.9597673855789; Tue, 8 Jun 2021 05:13:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ZBweYY1788612xENLxrc8qVW; Tue, 08 Jun 2021 05:13:28 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web09.11417.1623154401391319116 for ; Tue, 08 Jun 2021 05:13:21 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-592-ncjdOmQrPrGPmg0_gArunw-1; Tue, 08 Jun 2021 08:13:17 -0400 X-MC-Unique: ncjdOmQrPrGPmg0_gArunw-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3ACDC8030A0; Tue, 8 Jun 2021 12:13:16 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 044486A83C; Tue, 8 Jun 2021 12:13:14 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 09/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow Date: Tue, 8 Jun 2021 14:12:58 +0200 Message-Id: <20210608121259.32451-10-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: uhwRd6TKmaMp4HkyCN3FGdLxx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154408; bh=msIiGDqngfoL7QtCwwSWl+rP7f3dpdWjSCQOWa0tD7o=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=NrPw1qNPY8nusHazcKhGiQwjsp/RTaov5/EVuV7vz7Tdr0U2QvUvOFAfFKUWiIJvZ4Y YGxgyCPmxSa7W9HYJ588Y5kUfvNVtK3jtg9Wit0dp9jNRAOT6LQKIHNJw0yMAXSVWRs8h uyzUbTU1z1wFe8lAC9ADDioFSaS/QlxSPjM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" The IScsiHexToBin() function documents the EFI_BUFFER_TOO_SMALL return condition, but never actually checks whether the decoded buffer fits into the caller-provided room (i.e., the input value of "BinLength"), and EFI_BUFFER_TOO_SMALL is never returned. The decoding of "HexStr" can overflow "BinBuffer". This is remotely exploitable, as shown in a subsequent patch, which adds error checking to the IScsiHexToBin() call sites. This issue allows the target to compromise the initiator. Introduce EFI_BAD_BUFFER_SIZE, in addition to the existent EFI_BUFFER_TOO_SMALL, for reporting a special case of the buffer overflow, plus actually catch the buffer overflow. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- NetworkPkg/IScsiDxe/IScsiMisc.h | 3 +++ NetworkPkg/IScsiDxe/IScsiMisc.c | 20 +++++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMis= c.h index 404a482e57f3..fddef4f466dc 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -156,38 +156,41 @@ IScsiAsciiStrToIp ( **/ EFI_STATUS IScsiBinToHex ( IN UINT8 *BinBuffer, IN UINT32 BinLength, IN OUT CHAR8 *HexStr, IN OUT UINT32 *HexLength ); =20 /** Convert the hexadecimal string into a binary encoded buffer. =20 @param[in, out] BinBuffer The binary buffer. @param[in, out] BinLength Length of the binary buffer. @param[in] HexStr The hexadecimal string. =20 @retval EFI_SUCCESS The hexadecimal string is converted into a binary encoded buffer. @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. + @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for deco= ding: + the decoded size cannot be expressed in + BinLength on output. @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. **/ EFI_STATUS IScsiHexToBin ( IN OUT UINT8 *BinBuffer, IN OUT UINT32 *BinLength, IN CHAR8 *HexStr ); =20 =20 /** Convert the decimal-constant string or hex-constant string into a numeri= cal value. =20 @param[in] Str String in decimal or hex. =20 @return The numerical value. =20 **/ diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMis= c.c index f0f4992b07c7..406954786751 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -361,89 +361,103 @@ IScsiBinToHex ( HexStr[Index * 2 + 3] =3D IScsiHexString[BinBuffer[Index] & 0xf]; } =20 HexStr[Index * 2 + 2] =3D '\0'; =20 return EFI_SUCCESS; } =20 =20 /** Convert the hexadecimal string into a binary encoded buffer. =20 @param[in, out] BinBuffer The binary buffer. @param[in, out] BinLength Length of the binary buffer. @param[in] HexStr The hexadecimal string. =20 @retval EFI_SUCCESS The hexadecimal string is converted into a binary encoded buffer. @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. + @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for deco= ding: + the decoded size cannot be expressed in + BinLength on output. @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. **/ EFI_STATUS IScsiHexToBin ( IN OUT UINT8 *BinBuffer, IN OUT UINT32 *BinLength, IN CHAR8 *HexStr ) { + UINTN BinLengthMin; + UINT32 BinLengthProvided; UINTN Index; UINTN Length; UINT8 Digit; CHAR8 TemStr[2]; =20 ZeroMem (TemStr, sizeof (TemStr)); =20 // // Find out how many hex characters the string has. // if ((HexStr[0] =3D=3D '0') && ((HexStr[1] =3D=3D 'x') || (HexStr[1] =3D= =3D 'X'))) { HexStr +=3D 2; } =20 Length =3D AsciiStrLen (HexStr); =20 // // Reject an empty hex string; reject a stray nibble. // if (Length =3D=3D 0 || Length % 2 !=3D 0) { return EFI_INVALID_PARAMETER; } + // + // Check if the caller provides enough room for the decoded blob. + // + BinLengthMin =3D Length / 2; + if (BinLengthMin > MAX_UINT32) { + return EFI_BAD_BUFFER_SIZE; + } + BinLengthProvided =3D *BinLength; + *BinLength =3D (UINT32)BinLengthMin; + if (BinLengthProvided < BinLengthMin) { + return EFI_BUFFER_TOO_SMALL; + } =20 for (Index =3D 0; Index < Length; Index ++) { TemStr[0] =3D HexStr[Index]; Digit =3D (UINT8) AsciiStrHexToUint64 (TemStr); if (Digit =3D=3D 0 && TemStr[0] !=3D '0') { // // Invalid Hex Char. // return EFI_INVALID_PARAMETER; } if ((Index & 1) =3D=3D 0) { BinBuffer [Index/2] =3D Digit; } else { BinBuffer [Index/2] =3D (UINT8) ((BinBuffer [Index/2] << 4) + Digit); } } - - *BinLength =3D (UINT32) ((Index + 1)/2); - return EFI_SUCCESS; } =20 =20 /** Convert the decimal-constant string or hex-constant string into a numeri= cal value. =20 @param[in] Str String in decimal or hex. =20 @return The numerical value. =20 **/ UINTN IScsiNetNtoi ( IN CHAR8 *Str ) { if ((Str[0] =3D=3D '0') && ((Str[1] =3D=3D 'x') || (Str[1] =3D=3D 'X')))= { Str +=3D 2; --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76207): https://edk2.groups.io/g/devel/message/76207 Mute This Topic: https://groups.io/mt/83394119/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 15:36:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+76208+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76208+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623154409; cv=none; d=zohomail.com; s=zohoarc; b=Zi1tG+GDSafoHcqj864vm8Qpg33x8GfQax6ecwd7/WkuThIiNyPq5OBN2woER6WiG7jaMfApVTTLhIR+GVaw83ulRj6uYP/tvAqhQdXLWVpYY6oRmiDsikwndxksF6AlVhnWrJ7eEWnaLXgJ4Yj0Y9wIzagp3KaP8eaMNGQVtGw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623154409; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Ysc44LYyVDOJJiFhGWofgvYFneGKih2SKj3M1e6vVFU=; b=jQwMYJKXabGh4WBFL6m32VpRC6zPIoODQoUcqLzCcebpr/SHpGa05BeIy8DhseAwocPqrIKBgMMWcfyyx6qdf6tWEb1PY9VGpJP70mPErcKG1AobLGDWbfmSqUk8r7hJfbkfbmneRfTVv/BJduCX1t5VIVebeHkN/4OD1918uHs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+76208+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1623154409299234.33118561866218; Tue, 8 Jun 2021 05:13:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id tTksYY1788612xp1NqmdUmJN; Tue, 08 Jun 2021 05:13:28 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web08.11306.1623154402586860865 for ; Tue, 08 Jun 2021 05:13:22 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-37-F_jHPkcXOAmisKzLCbdBWg-1; Tue, 08 Jun 2021 08:13:19 -0400 X-MC-Unique: F_jHPkcXOAmisKzLCbdBWg-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C9B88107ACCD; Tue, 8 Jun 2021 12:13:17 +0000 (UTC) X-Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-27.ams2.redhat.com [10.36.113.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8B98F620DE; Tue, 8 Jun 2021 12:13:16 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Siyuan Fu Subject: [edk2-devel] [PUBLIC edk2 PATCH v2 10/10] NetworkPkg/IScsiDxe: check IScsiHexToBin() return values Date: Tue, 8 Jun 2021 14:12:59 +0200 Message-Id: <20210608121259.32451-11-lersek@redhat.com> In-Reply-To: <20210608121259.32451-1-lersek@redhat.com> References: <20210608121259.32451-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com X-Gm-Message-State: lwfhh7HOBv2lGksRnecWC0kkx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1623154409; bh=Ysc44LYyVDOJJiFhGWofgvYFneGKih2SKj3M1e6vVFU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=ZlUf8B/dfg/HgiK5OQKIfGWeXMMbatxKJaqR/NCy72EgzCOinSgt+Iw2gnGNgdE999x 791azEEeJnhqZUEBZM3Ijl+8CqVc4pr12EWm5kqUNlKRq5uHd9c8BjyXSPVCEzz3m702h HZrgPEK2x0skwpazAF7RdxlQQhde5jI3iL0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" IScsiDxe (that is, the initiator) receives two hex-encoded strings from the iSCSI target: - CHAP_C, where the target challenges the initiator, - CHAP_R, where the target answers the challenge from the initiator (in case the initiator wants mutual authentication). Accordingly, we have two IScsiHexToBin() call sites: - At the CHAP_C decoding site, check whether the decoding succeeds. The decoded buffer ("AuthData->InChallenge") can accommodate 1024 bytes, which is a permissible restriction on the target, per . Shorter challenges from the target are acceptable. - At the CHAP_R decoding site, enforce that the decoding both succeed, and provide exactly ISCSI_CHAP_RSP_LEN bytes. CHAP_R contains the digest calculated by the target, therefore it must be of fixed size. We may only call IScsiCHAPAuthTarget() if "TargetRsp" has been fully populated. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daud=C3=A9 Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Maciej Rabeda --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHA= P.c index dbe3c8ef46f9..7e930c0d1eab 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -274,43 +274,47 @@ IScsiCHAPOnRspReceived ( =20 Challenge =3D IScsiGetValueByKeyFromList ( KeyValueList, ISCSI_KEY_CHAP_CHALLENGE ); if (Challenge =3D=3D NULL) { goto ON_EXIT; } // // Process the CHAP identifier and CHAP Challenge from Target. // Calculate Response value. // Result =3D IScsiNetNtoi (Identifier); if (Result > 0xFF) { goto ON_EXIT; } =20 AuthData->InIdentifier =3D (UINT32) Result; AuthData->InChallengeLength =3D (UINT32) sizeof (AuthData->InChallenge= ); - IScsiHexToBin ( - (UINT8 *) AuthData->InChallenge, - &AuthData->InChallengeLength, - Challenge - ); + Status =3D IScsiHexToBin ( + (UINT8 *) AuthData->InChallenge, + &AuthData->InChallengeLength, + Challenge + ); + if (EFI_ERROR (Status)) { + Status =3D EFI_PROTOCOL_ERROR; + goto ON_EXIT; + } Status =3D IScsiCHAPCalculateResponse ( AuthData->InIdentifier, AuthData->AuthConfig->CHAPSecret, (UINT32) AsciiStrLen (AuthData->AuthConfig->CHAPSecret), AuthData->InChallenge, AuthData->InChallengeLength, AuthData->CHAPResponse ); =20 // // Transit to next step. // Conn->AuthStep =3D ISCSI_CHAP_STEP_THREE; break; =20 case ISCSI_CHAP_STEP_THREE: // // One way CHAP authentication and the target would like to // authenticate us. @@ -321,39 +325,43 @@ IScsiCHAPOnRspReceived ( case ISCSI_CHAP_STEP_FOUR: ASSERT (AuthData->AuthConfig->CHAPType =3D=3D ISCSI_CHAP_MUTUAL); // // The forth step, CHAP_N=3D CHAP_R=3D is received from Target. // Name =3D IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_NAME= ); if (Name =3D=3D NULL) { goto ON_EXIT; } =20 Response =3D IScsiGetValueByKeyFromList ( KeyValueList, ISCSI_KEY_CHAP_RESPONSE ); if (Response =3D=3D NULL) { goto ON_EXIT; } =20 RspLen =3D ISCSI_CHAP_RSP_LEN; - IScsiHexToBin (TargetRsp, &RspLen, Response); + Status =3D IScsiHexToBin (TargetRsp, &RspLen, Response); + if (EFI_ERROR (Status) || RspLen !=3D ISCSI_CHAP_RSP_LEN) { + Status =3D EFI_PROTOCOL_ERROR; + goto ON_EXIT; + } =20 // // Check the CHAP Name and Response replied by Target. // Status =3D IScsiCHAPAuthTarget (AuthData, TargetRsp); break; =20 default: break; } =20 ON_EXIT: =20 if (KeyValueList !=3D NULL) { IScsiFreeKeyValueList (KeyValueList); } =20 FreePool (Data); =20 --=20 2.19.1.3.g30247aa5d201 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76208): https://edk2.groups.io/g/devel/message/76208 Mute This Topic: https://groups.io/mt/83394120/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-