UINT32 Reserved;\r
} HTTP_BOOT_VENDOR_OPTION;\r
\r
+#define HTTP_CACHED_DHCP4_PACKET_MAX_SIZE (OFFSET_OF (EFI_DHCP4_PACKET, Dhcp4) + HTTP_BOOT_DHCP4_PACKET_MAX_SIZE)\r
+\r
typedef union {\r
EFI_DHCP4_PACKET Offer;\r
EFI_DHCP4_PACKET Ack;\r
- UINT8 Buffer[HTTP_BOOT_DHCP4_PACKET_MAX_SIZE];\r
+ UINT8 Buffer[HTTP_CACHED_DHCP4_PACKET_MAX_SIZE];\r
} HTTP_BOOT_DHCP4_PACKET;\r
\r
typedef struct {\r
\r
case Dhcp6RcvdAdvertise:\r
Status = EFI_NOT_READY;\r
+ if (Packet->Length > HTTP_BOOT_DHCP6_PACKET_MAX_SIZE) {\r
+ //\r
+ // Ignore the incoming packets which exceed the maximum length.\r
+ //\r
+ break;\r
+ }\r
if (Private->OfferNum < HTTP_BOOT_OFFER_MAX_NUM) {\r
//\r
// Cache the dhcp offers to OfferBuffer[] for select later, and record\r
HTTP_BOOT_DHCP6_OPTION_VENDOR_CLASS *VendorClass;\r
} HTTP_BOOT_DHCP6_OPTION_ENTRY;\r
\r
+#define HTTP_CACHED_DHCP6_PACKET_MAX_SIZE (OFFSET_OF (EFI_DHCP6_PACKET, Dhcp6) + HTTP_BOOT_DHCP6_PACKET_MAX_SIZE)\r
+\r
typedef union {\r
EFI_DHCP6_PACKET Offer;\r
EFI_DHCP6_PACKET Ack;\r
- UINT8 Buffer[HTTP_BOOT_DHCP6_PACKET_MAX_SIZE];\r
+ UINT8 Buffer[HTTP_CACHED_DHCP6_PACKET_MAX_SIZE];\r
} HTTP_BOOT_DHCP6_PACKET;\r
\r
typedef struct {\r
ZeroMem (Private->OfferBuffer, sizeof (Private->OfferBuffer));\r
if (!Private->UsingIpv6) {\r
for (Index = 0; Index < HTTP_BOOT_OFFER_MAX_NUM; Index++) {\r
- Private->OfferBuffer[Index].Dhcp4.Packet.Offer.Size = HTTP_BOOT_DHCP4_PACKET_MAX_SIZE;\r
+ Private->OfferBuffer[Index].Dhcp4.Packet.Offer.Size = HTTP_CACHED_DHCP4_PACKET_MAX_SIZE;\r
}\r
} else {\r
for (Index = 0; Index < HTTP_BOOT_OFFER_MAX_NUM; Index++) {\r
- Private->OfferBuffer[Index].Dhcp6.Packet.Offer.Size = HTTP_BOOT_DHCP6_PACKET_MAX_SIZE;\r
+ Private->OfferBuffer[Index].Dhcp6.Packet.Offer.Size = HTTP_CACHED_DHCP6_PACKET_MAX_SIZE;\r
}\r
}\r
\r
OptList[Index]->OpCode = DHCP4_TAG_MAXMSG;\r
OptList[Index]->Length = (UINT8) sizeof (PXEBC_DHCP4_OPTION_MAX_MESG_SIZE);\r
OptEnt.MaxMesgSize = (PXEBC_DHCP4_OPTION_MAX_MESG_SIZE *) OptList[Index]->Data;\r
- Value = NTOHS (PXEBC_DHCP4_PACKET_MAX_SIZE - 8);\r
+ Value = NTOHS (PXEBC_DHCP4_PACKET_MAX_SIZE);\r
CopyMem (&OptEnt.MaxMesgSize->Size, &Value, sizeof (UINT16));\r
Index++;\r
OptList[Index] = GET_NEXT_DHCP_OPTION (OptList[Index - 1]);\r
DHCP4_TAG_MAXMSG\r
);\r
if (MaxMsgSize != NULL) {\r
- Value = HTONS (PXEBC_DHCP4_PACKET_MAX_SIZE - 8);\r
+ Value = HTONS (PXEBC_DHCP4_PACKET_MAX_SIZE);\r
CopyMem (MaxMsgSize->Data, &Value, sizeof (Value));\r
}\r
\r
switch (Dhcp4Event) {\r
\r
case Dhcp4SendDiscover:\r
+ if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {\r
+ //\r
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.\r
+ //\r
+ Status = EFI_ABORTED;\r
+ break;\r
+ }\r
+\r
//\r
// Cache the DHCPv4 discover packet to mode data directly.\r
// It need to check SendGuid as well as Dhcp4SendRequest.\r
CopyMem (&Mode->DhcpDiscover.Dhcpv4, &Packet->Dhcp4, Packet->Length);\r
\r
case Dhcp4SendRequest:\r
+ if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {\r
+ //\r
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.\r
+ //\r
+ Status = EFI_ABORTED;\r
+ break;\r
+ }\r
+ \r
if (Mode->SendGUID) {\r
//\r
// Send the system Guid instead of the MAC address as the hardware address if required.\r
\r
case Dhcp4RcvdOffer:\r
Status = EFI_NOT_READY;\r
+ if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {\r
+ //\r
+ // Ignore the incoming packets which exceed the maximum length.\r
+ //\r
+ break;\r
+ }\r
if (Private->OfferNum < PXEBC_OFFER_MAX_NUM) {\r
//\r
// Cache the DHCPv4 offers to OfferBuffer[] for select later, and record\r
break;\r
\r
case Dhcp4RcvdAck:\r
+ if (Packet->Length > PXEBC_DHCP4_PACKET_MAX_SIZE) {\r
+ //\r
+ // Abort the DHCP if the ACK packet exceeds the maximum length.\r
+ //\r
+ Status = EFI_ABORTED;\r
+ break;\r
+ }\r
+\r
//\r
// Cache the DHCPv4 ack to Private->Dhcp4Ack, but it's not the final ack in mode data\r
// without verification.\r
\r
#define PXEBC_DHCP4_OPTION_MAX_NUM 16\r
#define PXEBC_DHCP4_OPTION_MAX_SIZE 312\r
-#define PXEBC_DHCP4_PACKET_MAX_SIZE 1472\r
+#define PXEBC_DHCP4_PACKET_MAX_SIZE (sizeof (EFI_PXE_BASE_CODE_PACKET))\r
#define PXEBC_DHCP4_S_PORT 67\r
#define PXEBC_DHCP4_C_PORT 68\r
#define PXEBC_BS_DOWNLOAD_PORT 69\r
UINT8 CredTypeLen;\r
} PXEBC_VENDOR_OPTION;\r
\r
+#define PXEBC_CACHED_DHCP4_PACKET_MAX_SIZE (OFFSET_OF (EFI_DHCP4_PACKET, Dhcp4) + PXEBC_DHCP4_PACKET_MAX_SIZE)\r
+\r
typedef union {\r
EFI_DHCP4_PACKET Offer;\r
EFI_DHCP4_PACKET Ack;\r
- UINT8 Buffer[PXEBC_DHCP4_PACKET_MAX_SIZE];\r
+ UINT8 Buffer[PXEBC_CACHED_DHCP4_PACKET_MAX_SIZE];\r
} PXEBC_DHCP4_PACKET;\r
\r
typedef struct {\r
switch (Dhcp6Event) {\r
\r
case Dhcp6SendSolicit:\r
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {\r
+ //\r
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.\r
+ //\r
+ Status = EFI_ABORTED;\r
+ break;\r
+ }\r
+ \r
//\r
// Record the first Solicate msg time\r
//\r
\r
case Dhcp6RcvdAdvertise:\r
Status = EFI_NOT_READY;\r
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {\r
+ //\r
+ // Ignore the incoming packets which exceed the maximum length.\r
+ //\r
+ break;\r
+ }\r
if (Private->OfferNum < PXEBC_OFFER_MAX_NUM) {\r
//\r
// Cache the dhcp offers to OfferBuffer[] for select later, and record\r
break;\r
\r
case Dhcp6SendRequest:\r
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {\r
+ //\r
+ // If the to be sent packet exceeds the maximum length, abort the DHCP process.\r
+ //\r
+ Status = EFI_ABORTED;\r
+ break;\r
+ }\r
+ \r
//\r
// Store the request packet as seed packet for discover.\r
//\r
break;\r
\r
case Dhcp6RcvdReply:\r
+ if (Packet->Length > PXEBC_DHCP6_PACKET_MAX_SIZE) {\r
+ //\r
+ // Abort the DHCP if the Peply packet exceeds the maximum length.\r
+ //\r
+ Status = EFI_ABORTED;\r
+ break;\r
+ }\r
//\r
// Cache the dhcp ack to Private->Dhcp6Ack, but it's not the final ack in mode data\r
// without verification.\r
\r
#define PXEBC_DHCP6_OPTION_MAX_NUM 16\r
#define PXEBC_DHCP6_OPTION_MAX_SIZE 312\r
-#define PXEBC_DHCP6_PACKET_MAX_SIZE 1472\r
+#define PXEBC_DHCP6_PACKET_MAX_SIZE (sizeof (EFI_PXE_BASE_CODE_PACKET))\r
#define PXEBC_IP6_POLICY_MAX 0xff\r
#define PXEBC_IP6_ROUTE_TABLE_TIMEOUT 10\r
\r
UINT8 Precedence;\r
} PXEBC_DHCP6_OPTION_NODE;\r
\r
+#define PXEBC_CACHED_DHCP6_PACKET_MAX_SIZE (OFFSET_OF (EFI_DHCP6_PACKET, Dhcp6) + PXEBC_DHCP6_PACKET_MAX_SIZE)\r
+\r
typedef union {\r
EFI_DHCP6_PACKET Offer;\r
EFI_DHCP6_PACKET Ack;\r
- UINT8 Buffer[PXEBC_DHCP6_PACKET_MAX_SIZE];\r
+ UINT8 Buffer[PXEBC_CACHED_DHCP6_PACKET_MAX_SIZE];\r
} PXEBC_DHCP6_PACKET;\r
\r
typedef struct {\r
// PXE over IPv6 starts here, initialize the fields and list header.\r
//\r
Private->Ip6Policy = PXEBC_IP6_POLICY_MAX;\r
- Private->ProxyOffer.Dhcp6.Packet.Offer.Size = PXEBC_DHCP6_PACKET_MAX_SIZE;\r
- Private->DhcpAck.Dhcp6.Packet.Ack.Size = PXEBC_DHCP6_PACKET_MAX_SIZE;\r
- Private->PxeReply.Dhcp6.Packet.Ack.Size = PXEBC_DHCP6_PACKET_MAX_SIZE;\r
+ Private->ProxyOffer.Dhcp6.Packet.Offer.Size = PXEBC_CACHED_DHCP6_PACKET_MAX_SIZE;\r
+ Private->DhcpAck.Dhcp6.Packet.Ack.Size = PXEBC_CACHED_DHCP6_PACKET_MAX_SIZE;\r
+ Private->PxeReply.Dhcp6.Packet.Ack.Size = PXEBC_CACHED_DHCP6_PACKET_MAX_SIZE;\r
\r
for (Index = 0; Index < PXEBC_OFFER_MAX_NUM; Index++) {\r
- Private->OfferBuffer[Index].Dhcp6.Packet.Offer.Size = PXEBC_DHCP6_PACKET_MAX_SIZE;\r
+ Private->OfferBuffer[Index].Dhcp6.Packet.Offer.Size = PXEBC_CACHED_DHCP6_PACKET_MAX_SIZE;\r
}\r
\r
//\r
//\r
// PXE over IPv4 starts here, initialize the fields.\r
//\r
- Private->ProxyOffer.Dhcp4.Packet.Offer.Size = PXEBC_DHCP4_PACKET_MAX_SIZE;\r
- Private->DhcpAck.Dhcp4.Packet.Ack.Size = PXEBC_DHCP4_PACKET_MAX_SIZE;\r
- Private->PxeReply.Dhcp4.Packet.Ack.Size = PXEBC_DHCP4_PACKET_MAX_SIZE;\r
+ Private->ProxyOffer.Dhcp4.Packet.Offer.Size = PXEBC_CACHED_DHCP4_PACKET_MAX_SIZE;\r
+ Private->DhcpAck.Dhcp4.Packet.Ack.Size = PXEBC_CACHED_DHCP4_PACKET_MAX_SIZE;\r
+ Private->PxeReply.Dhcp4.Packet.Ack.Size = PXEBC_CACHED_DHCP4_PACKET_MAX_SIZE;\r
\r
for (Index = 0; Index < PXEBC_OFFER_MAX_NUM; Index++) {\r
- Private->OfferBuffer[Index].Dhcp4.Packet.Offer.Size = PXEBC_DHCP4_PACKET_MAX_SIZE;\r
+ Private->OfferBuffer[Index].Dhcp4.Packet.Offer.Size = PXEBC_CACHED_DHCP4_PACKET_MAX_SIZE;\r
}\r
\r
PxeBcSeedDhcp4Packet (&Private->SeedPacket, Private->Udp4Read);\r