MdeModulePkg/Library/DxeHttpLib: Handle the blank value in HTTP header.

This patch is to resolve the lock-up issue if the value of HTTP header
is blank.  The issue is recorded @
https://bugzilla.tianocore.org/show_bug.cgi?id=1102.

Cc: Stephen Benjamin <stephen@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Tested-by: Stephen Benjamin <stephen@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
index 5fbb50d03ab61f60a05986bdc2b91c9c5bdda099..2fc3da8a2de38569cf03d7f74bc5a469cfa2b0bf 100644 (file)
--- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -1597,6 +1597,18 @@ HttpGetFieldNameAndValue (
 \r
   //\r
   // Each header field consists of a name followed by a colon (":") and the field value.\r
+  // The field value MAY be preceded by any amount of LWS, though a single SP is preferred.\r
+  //\r
+  // message-header = field-name ":" [ field-value ]\r
+  // field-name = token\r
+  // field-value = *( field-content | LWS )\r
+  //\r
+  // Note: "*(element)" allows any number element, including zero; "1*(element)" requires at least one element.\r
+  //       [element] means element is optional.\r
+  //       LWS  = [CRLF] 1*(SP|HT), it can be ' ' or '\t' or '\r\n ' or '\r\n\t'.\r
+  //       CRLF = '\r\n'.\r
+  //       SP   = ' '.\r
+  //       HT   = '\t' (Tab).\r
   //\r
   FieldNameStr = String;\r
   FieldValueStr = AsciiStrGetNextToken (FieldNameStr, ':');\r
@@ -1605,16 +1617,12 @@ HttpGetFieldNameAndValue (
   }\r
 \r
   //\r
-  // Replace ':' with 0\r
+  // Replace ':' with 0, then FieldName has been retrived from String.\r
   //\r
   *(FieldValueStr - 1) = 0;\r
 \r
   //\r
-  // The field value MAY be preceded by any amount of LWS, though a single SP is preferred.\r
-  // Note: LWS  = [CRLF] 1*(SP|HT), it can be '\r\n ' or '\r\n\t' or ' ' or '\t'.\r
-  //       CRLF = '\r\n'.\r
-  //       SP   = ' '.\r
-  //       HT   = '\t' (Tab).\r
+  // Handle FieldValueStr, skip all the preceded LWS.\r
   //\r
   while (TRUE) {\r
     if (*FieldValueStr == ' ' || *FieldValueStr == '\t') {\r
@@ -1622,6 +1630,9 @@ HttpGetFieldNameAndValue (
       // Boundary condition check.\r
       //\r
       if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 1) {\r
+        //\r
+        // Wrong String format!\r
+        //\r
         return NULL;\r
       }\r
 \r
@@ -1631,25 +1642,45 @@ HttpGetFieldNameAndValue (
       // Boundary condition check.\r
       //\r
       if ((UINTN) EndofHeader - (UINTN) FieldValueStr < 3) {\r
-        return NULL;\r
+        //\r
+        // No more preceded LWS, so break here.\r
+        //\r
+        break;\r
       }\r
 \r
-      if (*(FieldValueStr + 1) == '\n' && (*(FieldValueStr + 2) == ' ' || *(FieldValueStr + 2) == '\t')) {\r
-        FieldValueStr = FieldValueStr + 3;\r
+      if (*(FieldValueStr + 1) == '\n' ) {\r
+        if (*(FieldValueStr + 2) == ' ' || *(FieldValueStr + 2) == '\t') {\r
+          FieldValueStr = FieldValueStr + 3;\r
+        } else {\r
+          //\r
+          // No more preceded LWS, so break here.\r
+          //\r
+          break;\r
+        }\r
+      } else {\r
+        //\r
+        // Wrong String format!\r
+        //\r
+        return NULL;\r
       }\r
     } else {\r
+      //\r
+      // No more preceded LWS, so break here.\r
+      //\r
       break;\r
     }\r
   }\r
 \r
-  //\r
-  // Header fields can be extended over multiple lines by preceding each extra\r
-  // line with at least one SP or HT.\r
-  //\r
   StrPtr = FieldValueStr;\r
   do {\r
+    //\r
+    // Handle the LWS within the field value.\r
+    //\r
     StrPtr = AsciiStrGetNextToken (StrPtr, '\r');\r
     if (StrPtr == NULL || *StrPtr != '\n') {\r
+      //\r
+      // Wrong String format!\r
+      //\r
       return NULL;\r
     }\r
 \r