git.proxmox.com Git - mirror_edk2.git/commit - NetworkPkg/TlsDxe/TlsProtocol.c

author	Laszlo Ersek <lersek@redhat.com>
	Sat, 31 Mar 2018 14:04:10 +0000 (16:04 +0200)
committer	Laszlo Ersek <lersek@redhat.com>
	Fri, 13 Apr 2018 12:06:09 +0000 (14:06 +0200)
commit	44eb974081ce6abb98fb82ec35b77d790f48dda3
tree	b1522be5388d0023184fb5abd92717cac7cae7db	tree
parent	344d057a2b539cf34420e2afad2351b45c65178e	commit \| diff

NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList

TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER
element at the end of "Data":

- Generally speaking, malformed input for a security API is best rejected
  explicitly.

- Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If
  DataSize is 1 on input, then the initial check for (DataSize == 0) will
  fail, but then TlsSetCipherList() will be called with CipherNum=0.

Return EFI_INVALID_PARAMETER from TlsSetSessionData() if "Data" doesn't
contain a whole number of EFI_TLS_CIPHER elements. While at it, introduce
the dedicated variable CipherCount.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>