NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553)

[mirror_edk2.git] / NetworkPkg / HttpDxe / HttpsSupport.c

diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index 988bbcbce7d891dae18b007c85efbee66ffb3385..5dfb13bd6021ff12a0a4ca2a859cf998e124b5b2 100644 (file)
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -623,13 +623,16 @@ TlsConfigureSession (
   //\r
   // TlsConfigData initialization\r
   //\r
-  HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;\r
-  HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;\r
-  HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;\r
+  HttpInstance->TlsConfigData.ConnectionEnd       = EfiTlsClient;\r
+  HttpInstance->TlsConfigData.VerifyMethod        = EFI_TLS_VERIFY_PEER;\r
+  HttpInstance->TlsConfigData.VerifyHost.Flags    = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS;\r
+  HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;\r
+  HttpInstance->TlsConfigData.SessionState        = EfiTlsSessionNotStarted;\r
 \r
   //\r
   // EfiTlsConnectionEnd,\r
-  // EfiTlsVerifyMethod\r
+  // EfiTlsVerifyMethod,\r
+  // EfiTlsVerifyHost,\r
   // EfiTlsSessionState\r
   //\r
   Status = HttpInstance->Tls->SetSessionData (\r
@@ -652,6 +655,16 @@ TlsConfigureSession (
     return Status;\r
   }\r
 \r
+  Status = HttpInstance->Tls->SetSessionData (\r
+                                HttpInstance->Tls,\r
+                                EfiTlsVerifyHost,\r
+                                &HttpInstance->TlsConfigData.VerifyHost,\r
+                                sizeof (EFI_TLS_VERIFY_HOST)\r
+                                );\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r
   Status = HttpInstance->Tls->SetSessionData (\r
                                 HttpInstance->Tls,\r
                                 EfiTlsSessionState,\r