CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553)

[mirror_edk2.git] / CryptoPkg / Library / TlsLib / TlsConfig.c

diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 2bf5aee7c09365d8fbe3a64a77e4ef37e24722b0..307eb57896dc3d0db46abae4857311d864b5ca56 100644 (file)
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -517,7 +517,11 @@ TlsSetVerifyHost (
   IN     CHAR8                    *HostName\r
   )\r
 {\r
-  TLS_CONNECTION  *TlsConn;\r
+  TLS_CONNECTION    *TlsConn;\r
+  X509_VERIFY_PARAM *VerifyParam;\r
+  UINTN             BinaryAddressSize;\r
+  UINT8             BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];\r
+  INTN              ParamStatus;\r
 \r
   TlsConn = (TLS_CONNECTION *) Tls;\r
   if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {\r
@@ -526,11 +530,27 @@ TlsSetVerifyHost (
 \r
   SSL_set_hostflags(TlsConn->Ssl, Flags);\r
 \r
-  if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {\r
-    return EFI_ABORTED;\r
+  VerifyParam = SSL_get0_param (TlsConn->Ssl);\r
+  ASSERT (VerifyParam != NULL);\r
+\r
+  BinaryAddressSize = 0;\r
+  if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {\r
+    BinaryAddressSize = NS_IN6ADDRSZ;\r
+  } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {\r
+    BinaryAddressSize = NS_INADDRSZ;\r
   }\r
 \r
-  return EFI_SUCCESS;\r
+  if (BinaryAddressSize > 0) {\r
+    DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "\r
+      "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,\r
+      (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));\r
+    ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,\r
+                    BinaryAddressSize);\r
+  } else {\r
+    ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);\r
+  }\r
+\r
+  return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;\r
 }\r
 \r
 /**\r