Update code to avoid potential access violation.

[mirror_edk2.git] / NetworkPkg / IScsiDxe / IScsiProto.c

diff --git a/NetworkPkg/IScsiDxe/IScsiProto.c b/NetworkPkg/IScsiDxe/IScsiProto.c
index 2ab4da8cdac22fa9330f3f44f9a5d98b8d7b319e..acb7876ab54b6480a5bc9058d387719e3186eb71 100644 (file)
--- a/NetworkPkg/IScsiDxe/IScsiProto.c
+++ b/NetworkPkg/IScsiDxe/IScsiProto.c
@@ -1,7 +1,7 @@
 /** @file\r
   The implementation of iSCSI protocol based on RFC3720.\r
 \r
-Copyright (c) 2004 - 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -514,6 +514,8 @@ IScsiReceiveLoginRsp (
   if (EFI_ERROR (Status)) {\r
     return Status;\r
   }\r
+  ASSERT (Pdu != NULL);\r
+\r
   //\r
   // A Login Response is received; process it.\r
   //\r
@@ -539,6 +541,7 @@ IScsiReceiveLoginRsp (
                                the correspondence length fields are updated.\r
   @retval EFI_OUT_OF_RESOURCES There is not enough space in the PDU to add the key-value\r
                                pair.\r
+  @retval EFI_PROTOCOL_ERROR   There is no such data in the net buffer.\r
 **/\r
 EFI_STATUS\r
 IScsiAddKeyValuePair (\r
@@ -555,6 +558,9 @@ IScsiAddKeyValuePair (
   CHAR8               *Data;\r
 \r
   LoginReq    = (ISCSI_LOGIN_REQUEST *) NetbufGetByte (Pdu, 0, NULL);\r
+  if (LoginReq == NULL) {\r
+    return EFI_PROTOCOL_ERROR;\r
+  }\r
   DataSegLen  = NTOH24 (LoginReq->DataSegmentLength);\r
 \r
   KeyLen      = (UINT32) AsciiStrLen (Key);\r
@@ -741,6 +747,9 @@ IScsiProcessLoginRsp (
   Session   = Conn->Session;\r
 \r
   LoginRsp  = (ISCSI_LOGIN_RESPONSE *) NetbufGetByte (Pdu, 0, NULL);\r
+  if (LoginRsp == NULL) {\r
+    return EFI_PROTOCOL_ERROR;\r
+  }\r
   if (!ISCSI_CHECK_OPCODE (LoginRsp, ISCSI_OPCODE_LOGIN_RSP)) {\r
     //\r
     // It is not a Login Response.\r
@@ -2268,6 +2277,7 @@ IScsiGenerateDataOutPduSequence (
   NET_BUF             *DataOutPdu;\r
   ISCSI_CONNECTION    *Conn;\r
   ISCSI_XFER_CONTEXT  *XferContext;\r
+  UINT8               *DataOutPacket;\r
 \r
   PduList = AllocatePool (sizeof (LIST_ENTRY));\r
   if (PduList == NULL) {\r
@@ -2311,7 +2321,14 @@ IScsiGenerateDataOutPduSequence (
   //\r
   // Set the F bit for the last data out PDU in this sequence.\r
   //\r
-  ISCSI_SET_FLAG (NetbufGetByte (DataOutPdu, 0, NULL), ISCSI_BHS_FLAG_FINAL);\r
+  DataOutPacket = NetbufGetByte (DataOutPdu, 0, NULL);\r
+  if (DataOutPacket == NULL) {\r
+    IScsiFreeNbufList (PduList);\r
+    PduList = NULL;\r
+    goto ON_EXIT;\r
+  }\r
+\r
+  ISCSI_SET_FLAG (DataOutPacket, ISCSI_BHS_FLAG_FINAL);\r
 \r
 ON_EXIT:\r
 \r
@@ -2396,6 +2413,9 @@ IScsiOnDataInRcvd (
   EFI_STATUS          Status;\r
 \r
   DataInHdr                   = (ISCSI_SCSI_DATA_IN *) NetbufGetByte (Pdu, 0, NULL);\r
+  if (DataInHdr == NULL) {\r
+    return EFI_PROTOCOL_ERROR;\r
+  }\r
 \r
   DataInHdr->InitiatorTaskTag = NTOHL (DataInHdr->InitiatorTaskTag);\r
   DataInHdr->ExpCmdSN         = NTOHL (DataInHdr->ExpCmdSN);\r
@@ -2486,6 +2506,9 @@ IScsiOnR2TRcvd (
   UINT8                   *Data;\r
 \r
   R2THdr = (ISCSI_READY_TO_TRANSFER *) NetbufGetByte (Pdu, 0, NULL);\r
+  if (R2THdr == NULL) {\r
+    return EFI_PROTOCOL_ERROR;\r
+  }\r
 \r
   R2THdr->InitiatorTaskTag = NTOHL (R2THdr->InitiatorTaskTag);\r
   R2THdr->TargetTransferTag = NTOHL (R2THdr->TargetTransferTag);\r
@@ -2551,6 +2574,9 @@ IScsiOnScsiRspRcvd (
   UINT32            DataSegLen;\r
 \r
   ScsiRspHdr                    = (SCSI_RESPONSE *) NetbufGetByte (Pdu, 0, NULL);\r
+  if (ScsiRspHdr == NULL) {\r
+    return EFI_PROTOCOL_ERROR;\r
+  }\r
 \r
   ScsiRspHdr->InitiatorTaskTag  = NTOHL (ScsiRspHdr->InitiatorTaskTag);\r
   if (ScsiRspHdr->InitiatorTaskTag != Tcb->InitiatorTaskTag) {\r
@@ -2613,6 +2639,9 @@ IScsiOnScsiRspRcvd (
   DataSegLen = ISCSI_GET_DATASEG_LEN (ScsiRspHdr);\r
   if (DataSegLen != 0) {\r
     SenseData               = (ISCSI_SENSE_DATA *) NetbufGetByte (Pdu, sizeof (SCSI_RESPONSE), NULL);\r
+    if (SenseData == NULL) {\r
+      return EFI_PROTOCOL_ERROR;\r
+    }\r
 \r
     SenseData->Length       = NTOHS (SenseData->Length);\r
 \r
@@ -2649,6 +2678,9 @@ IScsiOnNopInRcvd (
   EFI_STATUS    Status;\r
 \r
   NopInHdr            = (ISCSI_NOP_IN *) NetbufGetByte (Pdu, 0, NULL);\r
+  if (NopInHdr == NULL) {\r
+    return EFI_PROTOCOL_ERROR;\r
+  }\r
 \r
   NopInHdr->StatSN    = NTOHL (NopInHdr->StatSN);\r
   NopInHdr->ExpCmdSN  = NTOHL (NopInHdr->ExpCmdSN);\r
@@ -2684,6 +2716,7 @@ IScsiOnNopInRcvd (
                                the Packet.\r
   @retval EFI_DEVICE_ERROR     Session state was not as required.\r
   @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r
+  @retval EFI_PROTOCOL_ERROR   There is no such data in the net buffer.\r
   @retval Others               Other errors as indicated.\r
 \r
 **/\r
@@ -2745,6 +2778,11 @@ IScsiExecuteScsiCommand (
 \r
   XferContext         = &Tcb->XferContext;\r
   PduHdr              = NetbufGetByte (Pdu, 0, NULL);\r
+  if (PduHdr == NULL) {\r
+    Status = EFI_PROTOCOL_ERROR;\r
+    NetbufFree (Pdu);\r
+    goto ON_EXIT;\r
+  }\r
   XferContext->Offset = ISCSI_GET_DATASEG_LEN (PduHdr);\r
 \r
   //\r
@@ -2803,7 +2841,13 @@ IScsiExecuteScsiCommand (
       goto ON_EXIT;\r
     }\r
 \r
-    switch (ISCSI_GET_OPCODE (NetbufGetByte (Pdu, 0, NULL))) {\r
+    PduHdr = NetbufGetByte (Pdu, 0, NULL);\r
+    if (PduHdr == NULL) {\r
+      Status = EFI_PROTOCOL_ERROR;\r
+      NetbufFree (Pdu);\r
+      goto ON_EXIT;\r
+    }\r
+    switch (ISCSI_GET_OPCODE (PduHdr)) {\r
     case ISCSI_OPCODE_SCSI_DATA_IN:\r
       Status = IScsiOnDataInRcvd (Pdu, Tcb, Packet);\r
       break;\r