Revision: 19653
http://sourceforge.net/p/edk2/code/19653
Author: jiaxinwu
Date: 2016-01-18 01:59:41 +0000 (Mon, 18 Jan 2016)
Log Message:
-----------
NetworkPkg: Fix SPD entry edit policy issue in IPSecConfig.
The current implementation doesn't handle the relationship
between SPD and SAD well, which may introduce some security
and connection issue after SPD updated.
For SPD entry edit policy, if one SPD entry is edited/updated,
the original SAs list should be discard. Current IPSecConfig
tool does not dealt properly with those rules.
Cc: Ye Ting <[email protected]>
Cc: Fu Siyuan <[email protected]>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <[email protected]>
Reviewed-by: Ye Ting <[email protected]>
Reviewed-by: Fu Siyuan <[email protected]>
Modified Paths:
--------------
trunk/edk2/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
Modified: trunk/edk2/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
===================================================================
--- trunk/edk2/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
2016-01-18 01:59:16 UTC (rev 19652)
+++ trunk/edk2/NetworkPkg/Application/IpsecConfig/PolicyEntryOperation.c
2016-01-18 01:59:41 UTC (rev 19653)
@@ -1,7 +1,7 @@
/** @file
The implementation of policy entry operation function in IpSecConfig
application.
- Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
@@ -1398,6 +1398,8 @@
//
// Process Data
//
+ OldData->SaIdCount = 0;
+
if ((Mask & NAME) != 0) {
AsciiStrCpyS ((CHAR8 *) OldData->Name, MAX_PEERID_LEN, (CHAR8 *)
NewData->Name);
}
@@ -1862,37 +1864,30 @@
&CreateNew
);
if (!EFI_ERROR (Status)) {
+ //
+ // If the Selector already existed, this Entry will be updated by set
data.
+ //
+ Status = mIpSecConfig->SetData (
+ mIpSecConfig,
+ Context->DataType,
+ Context->Selector, /// New created selector.
+ Data, /// Old date which has been modified,
need to be set data.
+ Selector
+ );
+ ASSERT_EFI_ERROR (Status);
+
if (CreateNew) {
//
- // Insert new entry before old entry
+ // Edit the entry to a new one. So, we need delete the old entry.
//
Status = mIpSecConfig->SetData (
mIpSecConfig,
Context->DataType,
- Context->Selector,
- Data,
- Selector
- );
- ASSERT_EFI_ERROR (Status);
- //
- // Delete old entry
- //
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Selector,
- NULL,
+ Selector, /// Old selector.
+ NULL, /// NULL means to delete this Entry
specified by Selector.
NULL
);
ASSERT_EFI_ERROR (Status);
- } else {
- Status = mIpSecConfig->SetData (
- mIpSecConfig,
- Context->DataType,
- Context->Selector,
- Data,
- NULL
- );
}
}
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
