X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdeModulePkg%2FUniversal%2FNetwork%2FArpDxe%2FArpImpl.c;h=0e9ef103eff9c31d1f34fb5a1feae5bd97021bed;hp=d42937ef347de3c8a480d7d6c1560775b0853d27;hb=c0fd7f734e2d33e22215899b40a47b843129541d;hpb=0c323d071d8951fe0c8f41fad08939722d436b12
diff --git a/MdeModulePkg/Universal/Network/ArpDxe/ArpImpl.c b/MdeModulePkg/Universal/Network/ArpDxe/ArpImpl.c
index d42937ef34..0e9ef103ef 100644
--- a/MdeModulePkg/Universal/Network/ArpDxe/ArpImpl.c
+++ b/MdeModulePkg/Universal/Network/ArpDxe/ArpImpl.c
@@ -1,14 +1,8 @@
/** @file
The implementation of the ARP protocol.
-
-Copyright (c) 2006 - 2008, Intel Corporation.
-All rights reserved. This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -52,7 +46,7 @@ ArpInitInstance (
CopyMem (&Instance->ArpProto, &mEfiArpProtocolTemplate, sizeof (Instance->ArpProto));
Instance->Configured = FALSE;
- Instance->Destroyed = FALSE;
+ Instance->InDestroy = FALSE;
InitializeListHead (&Instance->List);
}
@@ -112,15 +106,28 @@ ArpOnFrameRcvdDpc (
// Status is EFI_SUCCESS, process the received frame.
//
RxData = RxToken->Packet.RxData;
- Head = (ARP_HEAD *) RxData->PacketData;
+ //
+ // Sanity check.
+ //
+ if (RxData->DataLength < sizeof (ARP_HEAD)) {
+ //
+ // Restart the receiving if packet size is not correct.
+ //
+ goto RESTART_RECEIVE;
+ }
//
// Convert the byte order of the multi-byte fields.
//
+ Head = (ARP_HEAD *) RxData->PacketData;
Head->HwType = NTOHS (Head->HwType);
Head->ProtoType = NTOHS (Head->ProtoType);
Head->OpCode = NTOHS (Head->OpCode);
+ if (RxData->DataLength < (sizeof (ARP_HEAD) + 2 * Head->HwAddrLen + 2 * Head->ProtoAddrLen)) {
+ goto RESTART_RECEIVE;
+ }
+
if ((Head->HwType != ArpService->SnpMode.IfType) ||
(Head->HwAddrLen != ArpService->SnpMode.HwAddressSize) ||
(RxData->ProtocolType != ARP_ETHER_PROTO_TYPE)) {
@@ -325,12 +332,12 @@ ArpOnFrameRcvd (
//
// Request ArpOnFrameRcvdDpc as a DPC at TPL_CALLBACK
//
- NetLibQueueDpc (TPL_CALLBACK, ArpOnFrameRcvdDpc, Context);
+ QueueDpc (TPL_CALLBACK, ArpOnFrameRcvdDpc, Context);
}
/**
Process the already sent arp packets.
-
+
@param[in] Context Pointer to the context data registerd to the
Event.
@@ -360,10 +367,10 @@ ArpOnFrameSentDpc (
//
// Free the allocated memory and close the event.
//
- gBS->FreePool (TxData->FragmentTable[0].FragmentBuffer);
- gBS->FreePool (TxData);
+ FreePool (TxData->FragmentTable[0].FragmentBuffer);
+ FreePool (TxData);
gBS->CloseEvent (TxToken->Event);
- gBS->FreePool (TxToken);
+ FreePool (TxToken);
}
/**
@@ -386,7 +393,7 @@ ArpOnFrameSent (
//
// Request ArpOnFrameSentDpc as a DPC at TPL_CALLBACK
//
- NetLibQueueDpc (TPL_CALLBACK, ArpOnFrameSentDpc, Context);
+ QueueDpc (TPL_CALLBACK, ArpOnFrameSentDpc, Context);
}
@@ -437,7 +444,7 @@ ArpTimerHandler (
ASSERT (IsListEmpty (&CacheEntry->UserRequestList));
RemoveEntryList (&CacheEntry->List);
- gBS->FreePool (CacheEntry);
+ FreePool (CacheEntry);
} else {
//
// resend the ARP request.
@@ -479,7 +486,7 @@ ArpTimerHandler (
// Time out, remove it.
//
RemoveEntryList (&CacheEntry->List);
- gBS->FreePool (CacheEntry);
+ FreePool (CacheEntry);
} else {
//
// Update the DecayTime.
@@ -507,7 +514,7 @@ ArpTimerHandler (
// Time out, remove it.
//
RemoveEntryList (&CacheEntry->List);
- gBS->FreePool (CacheEntry);
+ FreePool (CacheEntry);
} else {
//
// Update the DecayTime.
@@ -533,6 +540,8 @@ ArpMatchAddress (
IN NET_ARP_ADDRESS *AddressTwo
)
{
+ ASSERT (AddressOne != NULL && AddressTwo != NULL);
+
if ((AddressOne->Type != AddressTwo->Type) ||
(AddressOne->Length != AddressTwo->Length)) {
//
@@ -803,7 +812,7 @@ ArpAddressResolved (
// Remove this user request and free the context data.
//
RemoveEntryList (&Context->List);
- gBS->FreePool (Context);
+ FreePool (Context);
Count++;
}
@@ -812,7 +821,7 @@ ArpAddressResolved (
//
// Dispatch the DPCs queued by the NotifyFunction of the Context->UserRequestEvent.
//
- NetLibDispatchDpc ();
+ DispatchDpc ();
return Count;
}
@@ -928,9 +937,9 @@ ArpConfigureInstance (
if (ConfigData->SwAddressType == IPV4_ETHER_PROTO_TYPE) {
CopyMem (&Ip, ConfigData->StationAddress, sizeof (IP4_ADDR));
- if (!Ip4IsUnicast (NTOHL (Ip), 0)) {
+ if (IP4_IS_UNSPECIFIED (Ip) || IP4_IS_LOCAL_BROADCAST (Ip)) {
//
- // The station address is not a valid IPv4 unicast address.
+ // The station address should not be zero or broadcast address.
//
return EFI_INVALID_PARAMETER;
}
@@ -988,7 +997,7 @@ ArpConfigureInstance (
//
// Free the buffer previously allocated to hold the station address.
//
- gBS->FreePool (OldConfigData->StationAddress);
+ FreePool (OldConfigData->StationAddress);
}
Instance->Configured = FALSE;
@@ -1083,6 +1092,7 @@ ArpSendFrame (
Packet = AllocatePool (TotalLength);
if (Packet == NULL) {
DEBUG ((EFI_D_ERROR, "ArpSendFrame: Allocate memory for Packet failed.\n"));
+ ASSERT (Packet != NULL);
}
TmpPtr = Packet;
@@ -1188,18 +1198,18 @@ ArpSendFrame (
CLEAN_EXIT:
if (Packet != NULL) {
- gBS->FreePool (Packet);
+ FreePool (Packet);
}
if (TxData != NULL) {
- gBS->FreePool (TxData);
+ FreePool (TxData);
}
if (TxToken->Event != NULL) {
gBS->CloseEvent (TxToken->Event);
}
- gBS->FreePool (TxToken);
+ FreePool (TxToken);
}
@@ -1285,7 +1295,7 @@ MATCHED:
//
RemoveEntryList (&CacheEntry->List);
ASSERT (IsListEmpty (&CacheEntry->UserRequestList));
- gBS->FreePool (CacheEntry);
+ FreePool (CacheEntry);
Count++;
}
@@ -1398,7 +1408,7 @@ ArpCancelRequest (
// No user requests any more, remove this request cache entry.
//
RemoveEntryList (&CacheEntry->List);
- gBS->FreePool (CacheEntry);
+ FreePool (CacheEntry);
}
}
}
@@ -1451,6 +1461,7 @@ ArpFindCacheEntry (
UINT32 FoundCount;
EFI_ARP_FIND_DATA *FindData;
LIST_ENTRY *CacheTable;
+ UINT32 FoundEntryLength;
ArpService = Instance->ArpService;
@@ -1567,12 +1578,14 @@ ArpFindCacheEntry (
goto CLEAN_EXIT;
}
+ //
+ // Found the entry length, make sure its 8 bytes alignment.
+ //
+ FoundEntryLength = (((sizeof (EFI_ARP_FIND_DATA) + Instance->ConfigData.SwAddressLength +
+ ArpService->SnpMode.HwAddressSize) + 3) & ~(0x3));
+
if (EntryLength != NULL) {
- //
- // Return the entry length, make sure its 8 bytes alignment.
- //
- *EntryLength = (((sizeof (EFI_ARP_FIND_DATA) + Instance->ConfigData.SwAddressLength +
- ArpService->SnpMode.HwAddressSize) + 3) & ~(0x3));
+ *EntryLength = FoundEntryLength;
}
if (EntryCount != NULL) {
@@ -1589,7 +1602,7 @@ ArpFindCacheEntry (
//
// Allocate buffer to copy the found entries.
//
- FindData = AllocatePool (FoundCount * (*EntryLength));
+ FindData = AllocatePool (FoundCount * FoundEntryLength);
if (FindData == NULL) {
DEBUG ((EFI_D_ERROR, "ArpFindCacheEntry: Failed to allocate memory.\n"));
Status = EFI_OUT_OF_RESOURCES;
@@ -1613,7 +1626,7 @@ ArpFindCacheEntry (
//
// Set the fields in FindData.
//
- FindData->Size = *EntryLength;
+ FindData->Size = FoundEntryLength;
FindData->DenyFlag = (BOOLEAN)(CacheTable == &ArpService->DeniedCacheTable);
FindData->StaticFlag = (BOOLEAN)(CacheEntry->DefaultDecayTime == 0);
FindData->HwAddressType = ArpService->SnpMode.IfType;
@@ -1642,7 +1655,7 @@ ArpFindCacheEntry (
//
// Slip to the next FindData.
//
- FindData = (EFI_ARP_FIND_DATA *)((UINT8 *)FindData + *EntryLength);
+ FindData = (EFI_ARP_FIND_DATA *)((UINT8 *)FindData + FoundEntryLength);
}
CLEAN_EXIT: