The input param String of AsciiStrStr() requires a pointer to
Null-terminated string, however in HttpUtilitiesParse(),
the Buffersize before AllocateZeroPool() is equal to the size
of TCP header, after the CopyMem(), it might not end with
Null-terminator. It might cause memory access overflow.
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1204
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Songpeng Li <songpeng.li@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
CHAR8 *FieldName;\r
CHAR8 *FieldValue;\r
UINTN Index;\r
+ UINTN HttpBufferSize;\r
\r
Status = EFI_SUCCESS;\r
TempHttpMessage = NULL;\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- TempHttpMessage = AllocateZeroPool (HttpMessageSize);\r
+ //\r
+ // Append the http response string along with a Null-terminator.\r
+ //\r
+ HttpBufferSize = HttpMessageSize + 1;\r
+ TempHttpMessage = AllocatePool (HttpBufferSize);\r
if (TempHttpMessage == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
CopyMem (TempHttpMessage, HttpMessage, HttpMessageSize);\r
+ *(TempHttpMessage + HttpMessageSize) = '\0';\r
\r
//\r
// Get header number\r