From 0efeec8e20e9bf13e5c82622f536df0c13abe331 Mon Sep 17 00:00:00 2001
From: Jiaxin Wu <jiaxin.wu@intel.com>
Date: Mon, 25 Dec 2017 16:43:37 +0800
Subject: [PATCH] MdeModulePkg/DxeHttpLib: Check the input parameters for some
 APIs.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com
---
 MdeModulePkg/Include/Library/HttpLib.h       |  1 +
 MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c | 25 ++++++++++++++++----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/MdeModulePkg/Include/Library/HttpLib.h b/MdeModulePkg/Include/Library/HttpLib.h
index 853982025c..88b56ae1ce 100644
--- a/MdeModulePkg/Include/Library/HttpLib.h
+++ b/MdeModulePkg/Include/Library/HttpLib.h
@@ -372,6 +372,7 @@ HttpFindHeader (
 
 
   @retval EFI_SUCCESS             The FieldName and FieldValue are set into HttpHeader successfully.
+  @retval EFI_INVALID_PARAMETER   The parameter is invalid.
   @retval EFI_OUT_OF_RESOURCES    Failed to allocate resources.
 
 **/
diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
index 774bf7d7e5..e53dce5e1b 100644
--- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -1399,6 +1399,10 @@ HttpIsMessageComplete (
 {
   HTTP_BODY_PARSER      *Parser;
 
+  if (MsgParser == NULL) {
+    return FALSE;
+  }
+
   Parser = (HTTP_BODY_PARSER*) MsgParser;
 
   if (Parser->State == BodyParserComplete) {
@@ -1500,6 +1504,7 @@ AsciiStrGetNextToken (
 
 
   @retval EFI_SUCCESS             The FieldName and FieldValue are set into HttpHeader successfully.
+  @retval EFI_INVALID_PARAMETER   The parameter is invalid.
   @retval EFI_OUT_OF_RESOURCES    Failed to allocate resources.
 
 **/
@@ -1514,6 +1519,10 @@ HttpSetFieldNameAndValue (
   UINTN                       FieldNameSize;
   UINTN                       FieldValueSize;
 
+  if (HttpHeader == NULL || FieldName == NULL || FieldValue == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
   if (HttpHeader->FieldName != NULL) {
     FreePool (HttpHeader->FieldName);
   }
@@ -1731,10 +1740,6 @@ HttpGenRequestMessage (
   UINTN                            Index;
   EFI_HTTP_UTILITIES_PROTOCOL      *HttpUtilitiesProtocol;
 
-
-  ASSERT (Message != NULL);
-
-  *RequestMsg           = NULL;
   Status                = EFI_SUCCESS;
   HttpHdrSize           = 0;
   MsgSize               = 0;
@@ -1749,7 +1754,8 @@ HttpGenRequestMessage (
   // 3. If we do not have a Request, HeaderCount should be zero
   // 4. If we do not have Request and Headers, we need at least a message-body
   //
-  if ((Message->Data.Request != NULL && Url == NULL) ||
+  if ((Message == NULL || RequestMsg == NULL || RequestMsgSize == NULL) || 
+      (Message->Data.Request != NULL && Url == NULL) ||
       (Message->Data.Request != NULL && Message->HeaderCount == 0) ||
       (Message->Data.Request == NULL && Message->HeaderCount != 0) ||
       (Message->Data.Request == NULL && Message->HeaderCount == 0 && Message->BodyLength == 0)) {
@@ -1830,6 +1836,7 @@ HttpGenRequestMessage (
   //
   // memory for the string that needs to be sent to TCP
   //
+  *RequestMsg           = NULL;
   *RequestMsg = AllocateZeroPool (MsgSize);
   if (*RequestMsg == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
@@ -2055,7 +2062,15 @@ HttpIsValidHttpHeader (
 {
   UINTN                       Index;
 
+  if (FieldName == NULL) {
+    return FALSE;
+  }
+
   for (Index = 0; Index < DeleteCount; Index++) {
+    if (DeleteList[Index] == NULL) {
+      continue;
+    }
+    
     if (AsciiStrCmp (FieldName, DeleteList[Index]) == 0) {
       return FALSE;
     }
-- 
2.39.2