NetworkPkg/IpSecDxe: Add check to avoid possible divide by zero

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
index c3655328c4c8165594c567c1c479a4b140f66145..2ca7f3c63cea90605c0442ed30232a8f26954106 100644 (file)
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@@ -2,7 +2,7 @@
   The Common operations used by IKE Exchange Process.\r
 \r
   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
-  Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
+  Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>\r
 \r
   This program and the accompanying materials\r
   are licensed and made available under the terms and conditions of the BSD License\r
@@ -2627,6 +2627,8 @@ Ikev2ChildSaParseSaPayload (
 \r
   @retval EFI_SUCCESS            The operation complete successfully.\r
   @retval EFI_INVALID_PARAMETER  If NumFragments is zero.\r
+                                 If the authentication algorithm given by HashAlgId\r
+                                 cannot be found.\r
   @retval EFI_OUT_OF_RESOURCES   If the required resource can't be allocated.\r
   @retval Others                 The operation is failed.\r
 \r
@@ -2663,6 +2665,10 @@ Ikev2SaGenerateKey (
   LocalFragments[2].Data = NULL;\r
 \r
   AuthKeyLength = IpSecGetHmacDigestLength (HashAlgId);\r
+  if (AuthKeyLength == 0) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
   DigestSize    = AuthKeyLength;\r
   Digest        = AllocateZeroPool (AuthKeyLength);\r
 \r