X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=NetworkPkg%2FUefiPxeBcDxe%2FPxeBcDhcp4.c;h=bb65445fc9f0f3b95b6285ea9bfb0a46579f927f;hb=ccd05ddd50d8c95c2624b79cace2afdc26e89c9e;hp=6566afd6af2dbe42a70a28ebeb69e2171485c8d1;hpb=142c00c3d659a6d5d66416385b4c93fd9a9f10e6;p=mirror_edk2.git
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
index 6566afd6af..bb65445fc9 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
@@ -1,7 +1,7 @@
/** @file
Functions implementation related with DHCPv4 for UefiPxeBc Driver.
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -256,7 +256,7 @@ PxeBcBuildDhcp4Options (
OptList[Index]->OpCode = DHCP4_TAG_MAXMSG;
OptList[Index]->Length = (UINT8) sizeof (PXEBC_DHCP4_OPTION_MAX_MESG_SIZE);
OptEnt.MaxMesgSize = (PXEBC_DHCP4_OPTION_MAX_MESG_SIZE *) OptList[Index]->Data;
- Value = NTOHS (PXEBC_DHCP4_PACKET_MAX_SIZE - 8);
+ Value = NTOHS (PXEBC_DHCP4_PACKET_MAX_SIZE);
CopyMem (&OptEnt.MaxMesgSize->Size, &Value, sizeof (UINT16));
Index++;
OptList[Index] = GET_NEXT_DHCP_OPTION (OptList[Index - 1]);
@@ -320,6 +320,7 @@ PxeBcBuildDhcp4Options (
//
// Zero the Guid to indicate NOT programable if failed to get system Guid.
//
+ DEBUG ((EFI_D_WARN, "PXE: Failed to read system GUID from the smbios table!\n"));
ZeroMem (OptEnt.Uuid->Guid, sizeof (EFI_GUID));
}
@@ -424,17 +425,24 @@ PxeBcSeedDhcp4Packet (
@param[in] Dst Pointer to the cache buffer for DHCPv4 packet.
@param[in] Src Pointer to the DHCPv4 packet to be cached.
+ @retval EFI_SUCCESS Packet is copied.
+ @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough to hold the packet.
+
**/
-VOID
+EFI_STATUS
PxeBcCacheDhcp4Packet (
IN EFI_DHCP4_PACKET *Dst,
IN EFI_DHCP4_PACKET *Src
)
{
- ASSERT (Dst->Size >= Src->Length);
-
+ if (Dst->Size < Src->Length) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
CopyMem (&Dst->Dhcp4, &Src->Dhcp4, Src->Length);
Dst->Length = Src->Length;
+
+ return EFI_SUCCESS;
}
@@ -620,8 +628,11 @@ PxeBcParseDhcp4Packet (
@param[in] Ack Pointer to the DHCPv4 ack packet.
@param[in] Verified If TRUE, parse the ACK packet and store info into mode data.
+ @retval EFI_SUCCESS Cache and parse the packet successfully.
+ @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough to hold the packet.
+
**/
-VOID
+EFI_STATUS
PxeBcCopyDhcp4Ack (
IN PXEBC_PRIVATE_DATA *Private,
IN EFI_DHCP4_PACKET *Ack,
@@ -629,10 +640,14 @@ PxeBcCopyDhcp4Ack (
)
{
EFI_PXE_BASE_CODE_MODE *Mode;
+ EFI_STATUS Status;
Mode = Private->PxeBc.Mode;
- PxeBcCacheDhcp4Packet (&Private->DhcpAck.Dhcp4.Packet.Ack, Ack);
+ Status = PxeBcCacheDhcp4Packet (&Private->DhcpAck.Dhcp4.Packet.Ack, Ack);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
if (Verified) {
//
@@ -642,6 +657,8 @@ PxeBcCopyDhcp4Ack (
CopyMem (&Mode->DhcpAck.Dhcpv4, &Ack->Dhcp4, Ack->Length);
Mode->DhcpAckReceived = TRUE;
}
+
+ return EFI_SUCCESS;
}
@@ -651,8 +668,11 @@ PxeBcCopyDhcp4Ack (
@param[in] Private Pointer to PxeBc private data.
@param[in] OfferIndex The received order of offer packets.
+ @retval EFI_SUCCESS Cache and parse the packet successfully.
+ @retval EFI_BUFFER_TOO_SMALL Cache buffer is not big enough to hold the packet.
+
**/
-VOID
+EFI_STATUS
PxeBcCopyProxyOffer (
IN PXEBC_PRIVATE_DATA *Private,
IN UINT32 OfferIndex
@@ -660,6 +680,7 @@ PxeBcCopyProxyOffer (
{
EFI_PXE_BASE_CODE_MODE *Mode;
EFI_DHCP4_PACKET *Offer;
+ EFI_STATUS Status;
ASSERT (OfferIndex < Private->OfferNum);
ASSERT (OfferIndex < PXEBC_OFFER_MAX_NUM);
@@ -670,7 +691,11 @@ PxeBcCopyProxyOffer (
//
// Cache the proxy offer packet and parse it.
//
- PxeBcCacheDhcp4Packet (&Private->ProxyOffer.Dhcp4.Packet.Offer, Offer);
+ Status = PxeBcCacheDhcp4Packet (&Private->ProxyOffer.Dhcp4.Packet.Offer, Offer);
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
PxeBcParseDhcp4Packet (&Private->ProxyOffer.Dhcp4);
//
@@ -678,6 +703,8 @@ PxeBcCopyProxyOffer (
//
CopyMem (&Mode->ProxyOffer.Dhcpv4, &Offer->Dhcp4, Offer->Length);
Mode->ProxyOfferReceived = TRUE;
+
+ return EFI_SUCCESS;
}
@@ -780,8 +807,11 @@ PxeBcRetryBinlOffer (
@param[in] Private Pointer to PxeBc private data.
@param[in] RcvdOffer Pointer to the received offer packet.
+ @retval EFI_SUCCESS Cache and parse the packet successfully.
+ @retval Others Operation failed.
+
**/
-VOID
+EFI_STATUS
PxeBcCacheDhcp4Offer (
IN PXEBC_PRIVATE_DATA *Private,
IN EFI_DHCP4_PACKET *RcvdOffer
@@ -790,6 +820,7 @@ PxeBcCacheDhcp4Offer (
PXEBC_DHCP4_PACKET_CACHE *Cache4;
EFI_DHCP4_PACKET *Offer;
PXEBC_OFFER_TYPE OfferType;
+ EFI_STATUS Status;
ASSERT (Private->OfferNum < PXEBC_OFFER_MAX_NUM);
Cache4 = &Private->OfferBuffer[Private->OfferNum].Dhcp4;
@@ -798,13 +829,16 @@ PxeBcCacheDhcp4Offer (
//
// Cache the content of DHCPv4 packet firstly.
//
- PxeBcCacheDhcp4Packet (Offer, RcvdOffer);
+ Status = PxeBcCacheDhcp4Packet (Offer, RcvdOffer);
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
//
// Validate the DHCPv4 packet, and parse the options and offer type.
//
if (EFI_ERROR (PxeBcParseDhcp4Packet (Cache4))) {
- return;
+ return EFI_ABORTED;
}
//
@@ -821,7 +855,7 @@ PxeBcCacheDhcp4Offer (
Private->OfferIndex[OfferType][0] = Private->OfferNum;
Private->OfferCount[OfferType] = 1;
} else {
- return;
+ return EFI_ABORTED;
}
} else {
ASSERT (Private->OfferCount[OfferType] < PXEBC_OFFER_MAX_NUM);
@@ -837,14 +871,15 @@ PxeBcCacheDhcp4Offer (
//
Private->OfferIndex[OfferType][Private->OfferCount[OfferType]] = Private->OfferNum;
Private->OfferCount[OfferType]++;
- } else if (Private->OfferCount[OfferType] > 0) {
+ } else if ((OfferType == PxeOfferTypeProxyPxe10 || OfferType == PxeOfferTypeProxyWfm11a) &&
+ Private->OfferCount[OfferType] < 1) {
//
// Only cache the first PXE10/WFM11a offer, and discard the others.
//
Private->OfferIndex[OfferType][0] = Private->OfferNum;
Private->OfferCount[OfferType] = 1;
} else {
- return ;
+ return EFI_ABORTED;
}
} else {
//
@@ -856,6 +891,8 @@ PxeBcCacheDhcp4Offer (
}
Private->OfferNum++;
+
+ return EFI_SUCCESS;
}
@@ -980,11 +1017,12 @@ PxeBcSelectDhcp4Offer (
/**
Handle the DHCPv4 offer packet.
- @param[in] Private Pointer to PxeBc private data.
+ @param[in] Private Pointer to PxeBc private data.
- @retval EFI_SUCCESS Handled the DHCPv4 offer packet successfully.
- @retval EFI_NO_RESPONSE No response to the following request packet.
- @retval EFI_NOT_FOUND No boot filename received.
+ @retval EFI_SUCCESS Handled the DHCPv4 offer packet successfully.
+ @retval EFI_NO_RESPONSE No response to the following request packet.
+ @retval EFI_NOT_FOUND No boot filename received.
+ @retval EFI_BUFFER_TOO_SMALL Can't cache the offer pacet.
**/
EFI_STATUS
@@ -1089,7 +1127,7 @@ PxeBcHandleDhcp4Offer (
//
// Success to try to request by a ProxyPxe10 or ProxyWfm11a offer, copy and parse it.
//
- PxeBcCopyProxyOffer (Private, ProxyIndex);
+ Status = PxeBcCopyProxyOffer (Private, ProxyIndex);
}
} else {
//
@@ -1116,7 +1154,10 @@ PxeBcHandleDhcp4Offer (
Ack = Offer;
}
- PxeBcCopyDhcp4Ack (Private, Ack, TRUE);
+ Status = PxeBcCopyDhcp4Ack (Private, Ack, TRUE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
Mode->DhcpDiscoverValid = TRUE;
}
@@ -1170,6 +1211,8 @@ PxeBcDhcp4CallBack (
return EFI_SUCCESS;
}
+ ASSERT (Packet != NULL);
+
Private = (PXEBC_PRIVATE_DATA *) Context;
Mode = Private->PxeBc.Mode;
Callback = Private->PxeBcCallback;
@@ -1183,7 +1226,7 @@ PxeBcDhcp4CallBack (
DHCP4_TAG_MAXMSG
);
if (MaxMsgSize != NULL) {
- Value = HTONS (PXEBC_DHCP4_PACKET_MAX_SIZE - 8);
+ Value = HTONS (PXEBC_DHCP4_PACKET_MAX_SIZE);
CopyMem (MaxMsgSize->Data, &Value, sizeof (Value));
}
@@ -1209,6 +1252,14 @@ PxeBcDhcp4CallBack (
switch (Dhcp4Event) {
case Dhcp4SendDiscover:
+ if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {
+ //
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.
+ //
+ Status = EFI_ABORTED;
+ break;
+ }
+
//
// Cache the DHCPv4 discover packet to mode data directly.
// It need to check SendGuid as well as Dhcp4SendRequest.
@@ -1216,6 +1267,14 @@ PxeBcDhcp4CallBack (
CopyMem (&Mode->DhcpDiscover.Dhcpv4, &Packet->Dhcp4, Packet->Length);
case Dhcp4SendRequest:
+ if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {
+ //
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.
+ //
+ Status = EFI_ABORTED;
+ break;
+ }
+
if (Mode->SendGUID) {
//
// Send the system Guid instead of the MAC address as the hardware address if required.
@@ -1224,6 +1283,7 @@ PxeBcDhcp4CallBack (
//
// Zero the Guid to indicate NOT programable if failed to get system Guid.
//
+ DEBUG ((EFI_D_WARN, "PXE: Failed to read system GUID from the smbios table!\n"));
ZeroMem (Packet->Dhcp4.Header.ClientHwAddr, sizeof (EFI_GUID));
}
Packet->Dhcp4.Header.HwAddrLen = (UINT8) sizeof (EFI_GUID);
@@ -1232,16 +1292,25 @@ PxeBcDhcp4CallBack (
case Dhcp4RcvdOffer:
Status = EFI_NOT_READY;
+ if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {
+ //
+ // Ignore the incoming packets which exceed the maximum length.
+ //
+ break;
+ }
if (Private->OfferNum < PXEBC_OFFER_MAX_NUM) {
//
// Cache the DHCPv4 offers to OfferBuffer[] for select later, and record
// the OfferIndex and OfferCount.
+ // If error happens, just ignore this packet and continue to wait more offer.
//
PxeBcCacheDhcp4Offer (Private, Packet);
}
break;
case Dhcp4SelectOffer:
+ ASSERT (NewPacket != NULL);
+
//
// Select offer by the default policy or by order, and record the SelectIndex
// and SelectProxyType.
@@ -1262,7 +1331,10 @@ PxeBcDhcp4CallBack (
//
ASSERT (Private->SelectIndex != 0);
- PxeBcCopyDhcp4Ack (Private, Packet, FALSE);
+ Status = PxeBcCopyDhcp4Ack (Private, Packet, FALSE);
+ if (EFI_ERROR (Status)) {
+ Status = EFI_ABORTED;
+ }
break;
default:
@@ -1400,6 +1472,7 @@ PxeBcDhcp4Discover (
//
// Zero the Guid to indicate NOT programable if failed to get system Guid.
//
+ DEBUG ((EFI_D_WARN, "PXE: Failed to read system GUID from the smbios table!\n"));
ZeroMem (Token.Packet->Dhcp4.Header.ClientHwAddr, sizeof (EFI_GUID));
}
Token.Packet->Dhcp4.Header.HwAddrLen = (UINT8) sizeof (EFI_GUID);
@@ -1461,6 +1534,12 @@ PxeBcDhcp4Discover (
// Find the right PXE Reply according to server address.
//
while (RepIndex < Token.ResponseCount) {
+ if (Response->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {
+ SrvIndex = 0;
+ RepIndex++;
+ Response = (EFI_DHCP4_PACKET *) ((UINT8 *) Response + Response->Size);
+ continue;
+ }
while (SrvIndex < IpCount) {
if (SrvList[SrvIndex].AcceptAnyResponse) {
@@ -1479,7 +1558,6 @@ PxeBcDhcp4Discover (
SrvIndex = 0;
RepIndex++;
-
Response = (EFI_DHCP4_PACKET *) ((UINT8 *) Response + Response->Size);
}
@@ -1489,10 +1567,16 @@ PxeBcDhcp4Discover (
// Especially for PXE discover packet, store it into mode data here.
//
if (Private->IsDoDiscover) {
- PxeBcCacheDhcp4Packet (&Private->PxeReply.Dhcp4.Packet.Ack, Response);
+ Status = PxeBcCacheDhcp4Packet (&Private->PxeReply.Dhcp4.Packet.Ack, Response);
+ if (EFI_ERROR(Status)) {
+ goto ON_EXIT;
+ }
CopyMem (&Mode->PxeDiscover, &Token.Packet->Dhcp4, Token.Packet->Length);
} else {
- PxeBcCacheDhcp4Packet (&Private->ProxyOffer.Dhcp4.Packet.Offer, Response);
+ Status = PxeBcCacheDhcp4Packet (&Private->ProxyOffer.Dhcp4.Packet.Offer, Response);
+ if (EFI_ERROR(Status)) {
+ goto ON_EXIT;
+ }
}
} else {
//
@@ -1500,12 +1584,15 @@ PxeBcDhcp4Discover (
//
Status = EFI_NOT_FOUND;
}
- if (Token.ResponseList != NULL) {
- FreePool (Token.ResponseList);
- }
}
-
- FreePool (Token.Packet);
+ON_EXIT:
+
+ if (Token.ResponseList != NULL) {
+ FreePool (Token.ResponseList);
+ }
+ if (Token.Packet != NULL) {
+ FreePool (Token.Packet);
+ }
return Status;
}
@@ -1617,16 +1704,16 @@ PxeBcDhcp4Dora (
ZeroMem (Private->OfferCount, sizeof (Private->OfferCount));
ZeroMem (Private->OfferIndex, sizeof (Private->OfferIndex));
- //
- // Start DHCPv4 D.O.R.A. process to acquire IPv4 address. This may
- // have already been done, thus do not leave in error if the return
- // code is EFI_ALREADY_STARTED.
- //
Status = Dhcp4->Start (Dhcp4, NULL);
- if (EFI_ERROR (Status) && Status != EFI_ALREADY_STARTED) {
+ if (EFI_ERROR (Status)) {
if (Status == EFI_ICMP_ERROR) {
PxeMode->IcmpErrorReceived = TRUE;
}
+
+ if (Status == EFI_TIMEOUT && Private->OfferNum > 0) {
+ Status = EFI_NO_RESPONSE;
+ }
+
goto ON_EXIT;
}