This library is used to share code between UEFI network stack modules.\r
It provides the helper routines to parse the HTTP message byte stream.\r
\r
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
HexStr[2] = '\0';\r
while (Index < BufferLength) {\r
if (Buffer[Index] == '%') {\r
- if (!NET_IS_HEX_CHAR (Buffer[Index+1]) || !NET_IS_HEX_CHAR (Buffer[Index+2])) {\r
+ if (Index + 1 >= BufferLength || Index + 2 >= BufferLength || \r
+ !NET_IS_HEX_CHAR (Buffer[Index+1]) || !NET_IS_HEX_CHAR (Buffer[Index+2])) {\r
return EFI_INVALID_PARAMETER;\r
}\r
HexStr[0] = Buffer[Index+1];\r
@param[in, out] UrlParser Pointer to the buffer of the parse result.\r
\r
@retval EFI_SUCCESS Successfully parse the authority.\r
- @retval Other Error happened.\r
+ @retval EFI_INVALID_PARAMETER The Url is invalid to parse the authority component.\r
\r
**/\r
EFI_STATUS\r
BOOLEAN FoundAt;\r
EFI_STATUS Status;\r
HTTP_URL_PARSER *Parser;\r
+\r
+ Parser = NULL;\r
\r
if (Url == NULL || Length == 0 || UrlParser == NULL) {\r
return EFI_INVALID_PARAMETER;\r
\r
switch (State) {\r
case UrlParserStateMax:\r
+ FreePool (Parser);\r
return EFI_INVALID_PARAMETER;\r
\r
case UrlParserSchemeColon:\r
if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_AUTHORITY)) != 0) {\r
Status = NetHttpParseAuthority (Url, FoundAt, Parser);\r
if (EFI_ERROR (Status)) {\r
+ FreePool (Parser);\r
return Status;\r
}\r
}\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Parser = (HTTP_URL_PARSER*) UrlParser;\r
+ Parser = (HTTP_URL_PARSER *) UrlParser;\r
\r
if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_HOST)) == 0) {\r
return EFI_NOT_FOUND;\r
&ResultLength\r
);\r
if (EFI_ERROR (Status)) {\r
+ FreePool (Name);\r
return Status;\r
}\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Parser = (HTTP_URL_PARSER*) UrlParser;\r
+ Parser = (HTTP_URL_PARSER *) UrlParser;\r
\r
if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_HOST)) == 0) {\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_NOT_FOUND;\r
}\r
\r
Ip4String = AllocatePool (Parser->FieldData[HTTP_URI_FIELD_HOST].Length + 1);\r
&ResultLength\r
);\r
if (EFI_ERROR (Status)) {\r
+ FreePool (Ip4String);\r
return Status;\r
}\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Parser = (HTTP_URL_PARSER*) UrlParser;\r
+ Parser = (HTTP_URL_PARSER *) UrlParser;\r
\r
if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_HOST)) == 0) {\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_NOT_FOUND;\r
}\r
\r
//\r
&ResultLength\r
);\r
if (EFI_ERROR (Status)) {\r
+ FreePool (Ip6String);\r
return Status;\r
}\r
\r
OUT UINT16 *Port\r
)\r
{\r
- CHAR8 *PortString;\r
- EFI_STATUS Status;\r
- UINT32 ResultLength;\r
+ CHAR8 *PortString;\r
+ EFI_STATUS Status;\r
+ UINTN Index;\r
+ UINTN Data;\r
+ UINT32 ResultLength;\r
HTTP_URL_PARSER *Parser;\r
\r
if (Url == NULL || UrlParser == NULL || Port == NULL) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Parser = (HTTP_URL_PARSER*) UrlParser;\r
+ *Port = 0;\r
+ Index = 0;\r
+\r
+ Parser = (HTTP_URL_PARSER *) UrlParser;\r
\r
if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_PORT)) == 0) {\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_NOT_FOUND;\r
}\r
\r
PortString = AllocatePool (Parser->FieldData[HTTP_URI_FIELD_PORT].Length + 1);\r
&ResultLength\r
);\r
if (EFI_ERROR (Status)) {\r
- return Status;\r
+ goto ON_EXIT;\r
}\r
\r
PortString[ResultLength] = '\0';\r
- *Port = (UINT16) AsciiStrDecimalToUintn (Url + Parser->FieldData[HTTP_URI_FIELD_PORT].Offset);\r
\r
- return EFI_SUCCESS;\r
+ while (Index < ResultLength) {\r
+ if (!NET_IS_DIGIT (PortString[Index])) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+ Index ++;\r
+ }\r
+\r
+ Status = AsciiStrDecimalToUintnS (Url + Parser->FieldData[HTTP_URI_FIELD_PORT].Offset, (CHAR8 **) NULL, &Data);\r
+\r
+ if (Data > HTTP_URI_PORT_MAX_NUM) {\r
+ Status = EFI_INVALID_PARAMETER;\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ *Port = (UINT16) Data;\r
+\r
+ON_EXIT:\r
+ FreePool (PortString);\r
+ return Status;\r
}\r
\r
/**\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Parser = (HTTP_URL_PARSER*) UrlParser;\r
+ Parser = (HTTP_URL_PARSER *) UrlParser;\r
\r
if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_PATH)) == 0) {\r
return EFI_NOT_FOUND;\r
&ResultLength\r
);\r
if (EFI_ERROR (Status)) {\r
+ FreePool (PathStr);\r
return Status;\r
}\r
\r
return EFI_NOT_FOUND;\r
}\r
\r
- *ContentLength = AsciiStrDecimalToUintn (Header->FieldValue);\r
- return EFI_SUCCESS;\r
+ return AsciiStrDecimalToUintnS (Header->FieldValue, (CHAR8 **) NULL, ContentLength);\r
}\r
\r
/**\r
\r
@retval EFI_SUCCESS Successfully parse the message-body.\r
@retval EFI_INVALID_PARAMETER MsgParser is NULL or Body is NULL or BodyLength is 0.\r
- @retval Others Operation aborted.\r
+ @retval EFI_ABORTED Operation aborted.\r
+ @retval Other Error happened while parsing message body.\r
\r
**/\r
EFI_STATUS\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Parser = (HTTP_BODY_PARSER*) MsgParser;\r
+ Parser = (HTTP_BODY_PARSER *) MsgParser;\r
\r
if (Parser->IgnoreBody) {\r
Parser->State = BodyParserComplete;\r
if (Parser->Callback != NULL) {\r
Status = Parser->Callback (\r
- BodyParseEventOnComplete,\r
- Body,\r
- 0,\r
- Parser->Context\r
- );\r
+ BodyParseEventOnComplete,\r
+ Body,\r
+ 0,\r
+ Parser->Context\r
+ );\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
//\r
if (Parser->Callback != NULL) {\r
Status = Parser->Callback (\r
- BodyParseEventOnData,\r
- Char,\r
- MIN (BodyLength, Parser->ContentLength - Parser->ParsedBodyLength),\r
- Parser->Context\r
- );\r
+ BodyParseEventOnData,\r
+ Char,\r
+ MIN (BodyLength, Parser->ContentLength - Parser->ParsedBodyLength),\r
+ Parser->Context\r
+ );\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
Parser->State = BodyParserComplete;\r
if (Parser->Callback != NULL) {\r
Status = Parser->Callback (\r
- BodyParseEventOnComplete,\r
- Char,\r
- 0,\r
- Parser->Context\r
- );\r
+ BodyParseEventOnComplete,\r
+ Char,\r
+ 0,\r
+ Parser->Context\r
+ );\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
Char++;\r
if (Parser->Callback != NULL) {\r
Status = Parser->Callback (\r
- BodyParseEventOnComplete,\r
- Char,\r
- 0,\r
- Parser->Context\r
- );\r
+ BodyParseEventOnComplete,\r
+ Char,\r
+ 0,\r
+ Parser->Context\r
+ );\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
LengthForCallback = MIN (Parser->CurrentChunkSize - Parser->CurrentChunkParsedSize, RemainderLengthInThis);\r
if (Parser->Callback != NULL) {\r
Status = Parser->Callback (\r
- BodyParseEventOnData,\r
- Char,\r
- LengthForCallback,\r
- Parser->Context\r
- );\r
+ BodyParseEventOnData,\r
+ Char,\r
+ LengthForCallback,\r
+ Parser->Context\r
+ );\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
{\r
HTTP_BODY_PARSER *Parser;\r
\r
- Parser = (HTTP_BODY_PARSER*) MsgParser;\r
+ if (MsgParser == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
+ Parser = (HTTP_BODY_PARSER *) MsgParser;\r
\r
if (Parser->State == BodyParserComplete) {\r
return TRUE;\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- Parser = (HTTP_BODY_PARSER*) MsgParser;\r
+ Parser = (HTTP_BODY_PARSER *) MsgParser;\r
\r
if (!Parser->ContentLengthIsValid) {\r
return EFI_NOT_READY;\r
\r
**/\r
CHAR8 *\r
-EFIAPI\r
AsciiStrGetNextToken (\r
IN CONST CHAR8 *String,\r
IN CHAR8 Separator\r
\r
\r
@retval EFI_SUCCESS The FieldName and FieldValue are set into HttpHeader successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.\r
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources.\r
\r
**/\r
UINTN FieldNameSize;\r
UINTN FieldValueSize;\r
\r
+ if (HttpHeader == NULL || FieldName == NULL || FieldValue == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
if (HttpHeader->FieldName != NULL) {\r
FreePool (HttpHeader->FieldName);\r
}\r
FieldValueSize = AsciiStrSize (FieldValue);\r
HttpHeader->FieldValue = AllocateZeroPool (FieldValueSize);\r
if (HttpHeader->FieldValue == NULL) {\r
+ FreePool (HttpHeader->FieldName);\r
return EFI_OUT_OF_RESOURCES;\r
}\r
CopyMem (HttpHeader->FieldValue, FieldValue, FieldValueSize);\r
CHAR8 *FieldNameStr;\r
CHAR8 *FieldValueStr;\r
CHAR8 *StrPtr;\r
+ CHAR8 *EndofHeader;\r
\r
if (String == NULL || FieldName == NULL || FieldValue == NULL) {\r
return NULL;\r
FieldNameStr = NULL;\r
FieldValueStr = NULL;\r
StrPtr = NULL;\r
+ EndofHeader = NULL;\r
+\r
+\r
+ //\r
+ // Check whether the raw HTTP header string is valid or not.\r
+ //\r
+ EndofHeader = AsciiStrStr (String, "\r\n\r\n");\r
+ if (EndofHeader == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// Each header field consists of a name followed by a colon (":") and the field value.\r
\r
//\r
// The field value MAY be preceded by any amount of LWS, though a single SP is preferred.\r
+ // Note: LWS = [CRLF] 1*(SP|HT), it can be '\r\n ' or '\r\n\t' or ' ' or '\t'.\r
+ // CRLF = '\r\n'.\r
+ // SP = ' '.\r
+ // HT = '\t' (Tab).\r
//\r
while (TRUE) {\r
if (*FieldValueStr == ' ' || *FieldValueStr == '\t') {\r
+ //\r
+ // Boundary condition check. \r
+ //\r
+ if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 1) {\r
+ return NULL; \r
+ }\r
+ \r
FieldValueStr ++;\r
- } else if (*FieldValueStr == '\r' && *(FieldValueStr + 1) == '\n' &&\r
- (*(FieldValueStr + 2) == ' ' || *(FieldValueStr + 2) == '\t')) {\r
- FieldValueStr = FieldValueStr + 3;\r
+ } else if (*FieldValueStr == '\r') {\r
+ //\r
+ // Boundary condition check. \r
+ //\r
+ if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 3) {\r
+ return NULL; \r
+ }\r
+\r
+ if (*(FieldValueStr + 1) == '\n' && (*(FieldValueStr + 2) == ' ' || *(FieldValueStr + 2) == '\t')) {\r
+ FieldValueStr = FieldValueStr + 3;\r
+ }\r
} else {\r
break;\r
}\r
NULL if any error occured.\r
@param[out] RequestMsgSize Size of the RequestMsg (in bytes).\r
\r
- @return EFI_SUCCESS If HTTP request string was created successfully\r
+ @retval EFI_SUCCESS If HTTP request string was created successfully.\r
@retval EFI_OUT_OF_RESOURCES Failed to allocate resources.\r
- @retval EFI_INVALID_PARAMETER The input arguments are invalid\r
+ @retval EFI_INVALID_PARAMETER The input arguments are invalid.\r
\r
**/\r
EFI_STATUS\r
UINTN Index;\r
EFI_HTTP_UTILITIES_PROTOCOL *HttpUtilitiesProtocol;\r
\r
-\r
- ASSERT (Message != NULL);\r
-\r
- *RequestMsg = NULL;\r
Status = EFI_SUCCESS;\r
HttpHdrSize = 0;\r
MsgSize = 0;\r
// 3. If we do not have a Request, HeaderCount should be zero\r
// 4. If we do not have Request and Headers, we need at least a message-body\r
//\r
- if ((Message->Data.Request != NULL && Url == NULL) ||\r
+ if ((Message == NULL || RequestMsg == NULL || RequestMsgSize == NULL) || \r
+ (Message->Data.Request != NULL && Url == NULL) ||\r
(Message->Data.Request != NULL && Message->HeaderCount == 0) ||\r
(Message->Data.Request == NULL && Message->HeaderCount != 0) ||\r
(Message->Data.Request == NULL && Message->HeaderCount == 0 && Message->BodyLength == 0)) {\r
Status = gBS->LocateProtocol (\r
&gEfiHttpUtilitiesProtocolGuid,\r
NULL,\r
- (VOID **)&HttpUtilitiesProtocol\r
+ (VOID **) &HttpUtilitiesProtocol\r
);\r
\r
if (EFI_ERROR (Status)) {\r
// Build raw HTTP Headers\r
//\r
Status = HttpUtilitiesProtocol->Build (\r
- HttpUtilitiesProtocol,\r
- 0,\r
- NULL,\r
- 0,\r
- NULL,\r
- Message->HeaderCount,\r
- AppendList,\r
- &HttpHdrSize,\r
- &HttpHdr\r
- );\r
-\r
- if (AppendList != NULL) {\r
- FreePool (AppendList);\r
- }\r
+ HttpUtilitiesProtocol,\r
+ 0,\r
+ NULL,\r
+ 0,\r
+ NULL,\r
+ Message->HeaderCount,\r
+ AppendList,\r
+ &HttpHdrSize,\r
+ &HttpHdr\r
+ );\r
+\r
+ FreePool (AppendList);\r
\r
if (EFI_ERROR (Status) || HttpHdr == NULL){\r
return Status;\r
//\r
// memory for the string that needs to be sent to TCP\r
//\r
+ *RequestMsg = NULL;\r
*RequestMsg = AllocateZeroPool (MsgSize);\r
if (*RequestMsg == NULL) {\r
Status = EFI_OUT_OF_RESOURCES;\r
case 206:\r
return HTTP_STATUS_206_PARTIAL_CONTENT;\r
case 300:\r
- return HTTP_STATUS_300_MULTIPLE_CHIOCES;\r
+ return HTTP_STATUS_300_MULTIPLE_CHOICES;\r
case 301:\r
return HTTP_STATUS_301_MOVED_PERMANENTLY;\r
case 302:\r
return HTTP_STATUS_305_USE_PROXY;\r
case 307:\r
return HTTP_STATUS_307_TEMPORARY_REDIRECT;\r
+ case 308:\r
+ return HTTP_STATUS_308_PERMANENT_REDIRECT;\r
case 400:\r
return HTTP_STATUS_400_BAD_REQUEST;\r
case 401:\r
{\r
UINTN Index;\r
\r
+ if (FieldName == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
for (Index = 0; Index < DeleteCount; Index++) {\r
+ if (DeleteList[Index] == NULL) {\r
+ continue;\r
+ }\r
+ \r
if (AsciiStrCmp (FieldName, DeleteList[Index]) == 0) {\r
return FALSE;\r
}\r