]> git.proxmox.com Git - mirror_edk2.git/blobdiff - NetworkPkg/Ip6Dxe/Ip6Input.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix a bug in IP driver that the fragment overlap check may be skipped incorrectly.
[mirror_edk2.git] / NetworkPkg / Ip6Dxe / Ip6Input.c
diff --git a/NetworkPkg/Ip6Dxe/Ip6Input.c b/NetworkPkg/Ip6Dxe/Ip6Input.c
index f63c1afa82ab51100d72a351bf21b60dd8dbca70..cf88884e381b20f088b1b791d9540051143ba1f2 100644 (file)
--- a/NetworkPkg/Ip6Dxe/Ip6Input.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Input.c
@@ -1,7 +1,7 @@
 /** @file\r
   IP6 internal functions to process the incoming packets.\r
 \r
-  Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
@@ -243,7 +243,7 @@ Ip6Reassemble (
   // check whether THIS.Start < PREV.End for overlap. If two fragments\r
   // overlaps, trim the overlapped part off THIS fragment.\r
   //\r
-  if ((Cur != ListHead) && ((Prev = Cur->BackLink) != ListHead)) {\r
+  if ((Prev = Cur->BackLink) != ListHead) {\r
     Fragment  = NET_LIST_USER_STRUCT (Prev, NET_BUF, List);\r
     Node      = IP6_GET_CLIP_INFO (Fragment);\r
 \r
@@ -536,7 +536,7 @@ Ip6IpSecProcessPacket (
   ZeroMem (&ZeroHead, sizeof (EFI_IP6_HEADER));\r
 \r
   if (mIpSec == NULL) {\r
-    gBS->LocateProtocol (&gEfiIpSecProtocolGuid, NULL, (VOID **) &mIpSec);\r
+    gBS->LocateProtocol (&gEfiIpSec2ProtocolGuid, NULL, (VOID **) &mIpSec);\r
 \r
     //\r
     // Check whether the ipsec protocol is available.\r
@@ -613,6 +613,7 @@ Ip6IpSecProcessPacket (
   Ip6NtohHead (*Head);\r
 \r
   if (EFI_ERROR (Status)) {\r
+    FreePool (OriginalFragmentTable);\r
     goto ON_EXIT;\r
   }\r
 \r
@@ -620,7 +621,13 @@ Ip6IpSecProcessPacket (
     //\r
     // For ByPass Packet\r
     //\r
+    FreePool (FragmentTable);\r
     goto ON_EXIT;\r
+  } else {\r
+    //\r
+    // Free the FragmentTable which allocated before calling the IPsec.\r
+    //\r
+    FreePool (OriginalFragmentTable);\r
   }\r
 \r
   if (Direction == EfiIPsecOutBound && TxWrap != NULL) {\r
@@ -634,6 +641,7 @@ Ip6IpSecProcessPacket (
                                    TxWrap\r
                                    );\r
     if (TxWrap->Packet == NULL) {\r
+      TxWrap->Packet = *Netbuf;\r
       Status = EFI_OUT_OF_RESOURCES;\r
       goto ON_EXIT;\r
     }\r
@@ -652,6 +660,8 @@ Ip6IpSecProcessPacket (
     IpSecWrap = AllocateZeroPool (sizeof (IP6_IPSEC_WRAP));\r
 \r
     if (IpSecWrap == NULL) {\r
+      Status = EFI_OUT_OF_RESOURCES;\r
+      gBS->SignalEvent (RecycleEvent);\r
       goto ON_EXIT;\r
     }\r
 \r
@@ -667,6 +677,9 @@ Ip6IpSecProcessPacket (
                                       );\r
 \r
     if (Packet == NULL) {\r
+      Packet = IpSecWrap->Packet;\r
+      gBS->SignalEvent (RecycleEvent);\r
+      FreePool (IpSecWrap);\r
       Status = EFI_OUT_OF_RESOURCES;\r
       goto ON_EXIT;\r
     }\r
@@ -679,7 +692,8 @@ Ip6IpSecProcessPacket (
                                         NET_BUF_HEAD\r
                                         );\r
       if (PacketHead == NULL) {\r
-        Status = EFI_OUT_OF_RESOURCES;\r
+        *Netbuf = Packet;\r
+        Status  = EFI_OUT_OF_RESOURCES;\r
         goto ON_EXIT;\r
       }\r
 \r
@@ -738,8 +752,6 @@ Ip6PreProcessPacket (
      OUT UINT32          *UnFragmentLen,\r
      OUT BOOLEAN         *Fragmented, \r
      OUT EFI_IP6_HEADER  **Head\r
-     \r
-     \r
   )\r
 {\r
   UINT16                    PayloadLen;\r
@@ -1059,6 +1071,13 @@ Ip6AcceptFrame (
     }\r
   }\r
 \r
+  //\r
+  // Check the Packet again.\r
+  //\r
+  if (Packet == NULL) {\r
+    goto Restart;\r
+  }\r
+  \r
   //\r
   // Packet may have been changed. The ownership of the packet\r
   // is transfered to the packet process logic.\r
EFI Development Kit II mirror for PVE