From d3017dd96bf96521cbb87a26bb9dd09f8aa5811d Mon Sep 17 00:00:00 2001 From: Jiaxin Wu Date: Mon, 27 Mar 2017 14:45:50 +0800 Subject: [PATCH] MdeModulePkg/DxeHttpLib: Fix the incorrect return status if URI port is invalid Cc: Zhang Lubo Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin Reviewed-by: Zhang Lubo --- MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c | 15 +++++++++++++++ MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h | 5 ++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c index 2ff04ffad3..8e29213a4f 100644 --- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c +++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c @@ -692,6 +692,7 @@ HttpUrlGetPort ( { CHAR8 *PortString; EFI_STATUS Status; + UINTN Index; UINTN Data; UINT32 ResultLength; HTTP_URL_PARSER *Parser; @@ -700,6 +701,9 @@ HttpUrlGetPort ( return EFI_INVALID_PARAMETER; } + *Port = 0; + Index = 0; + Parser = (HTTP_URL_PARSER*) UrlParser; if ((Parser->FieldBitMap & BIT (HTTP_URI_FIELD_PORT)) == 0) { @@ -723,8 +727,19 @@ HttpUrlGetPort ( PortString[ResultLength] = '\0'; + while (Index < ResultLength) { + if (!NET_IS_DIGIT (PortString[Index])) { + return EFI_INVALID_PARAMETER; + } + Index ++; + } + Status = AsciiStrDecimalToUintnS (Url + Parser->FieldData[HTTP_URI_FIELD_PORT].Offset, (CHAR8 **) NULL, &Data); + if (Data > HTTP_URI_PORT_MAX_NUM || Data < HTTP_URI_PORT_MIN_NUM) { + return EFI_INVALID_PARAMETER; + } + *Port = (UINT16) Data; return Status; } diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h index 0d0ad3d8ff..5ee0fdc619 100644 --- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h +++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.h @@ -1,7 +1,7 @@ /** @file Header file for HttpLib. - Copyright (c) 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials @@ -50,6 +50,9 @@ Header file for HttpLib. #define HTTP_URI_FIELD_PORT 7 #define HTTP_URI_FIELD_MAX 8 +#define HTTP_URI_PORT_MIN_NUM 0 +#define HTTP_URI_PORT_MAX_NUM 65535 + // // Structure to store the parse result of a HTTP URL. // -- 2.39.2