]> git.proxmox.com Git - mirror_edk2.git/commit - NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesProtocol.c
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2239ea7) | patch
NetworkPkg/HttpUtilitiesDxe: fix read memory access overflow.
authorLi, Songpeng <songpeng.li@intel.com>
Fri, 28 Sep 2018 03:02:35 +0000 (11:02 +0800)
committerFu Siyuan <siyuan.fu@intel.com>
Sat, 29 Sep 2018 02:51:37 +0000 (10:51 +0800)
commit130e62928449ba35375282e045aecb8cc29697ec
tree617b1d63127ec06e9a94f4c3b6733ebb8d870804tree
parent2239ea71b65072ce3c76d56e7074d2ee60ba1762commit | diff
NetworkPkg/HttpUtilitiesDxe: fix read memory access overflow.

The input param String of AsciiStrStr() requires a pointer to
 Null-terminated string, however in HttpUtilitiesParse(),
 the Buffersize before AllocateZeroPool() is equal to the size
 of TCP header, after the CopyMem(), it might not end with
 Null-terminator. It might cause memory access overflow.

Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1204
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Songpeng Li <songpeng.li@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesProtocol.c diff | blob | blame | history
EFI Development Kit II mirror for PVE