[edk2] [Patch] NetworkPkg: Fix the potential NULL pointer dereferenced issue

Jiaxin Wu Tue, 08 Dec 2015 19:18:24 -0800

This patch is used to fix the potential NULL pointer dereferenced
in function 'ParseDnsResponse'.


Cc: Fu Siyuan <siyuan...@intel.com>
Cc: Zhang Lubo <lubo.zh...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin...@intel.com>
---
 NetworkPkg/DnsDxe/DnsImpl.c | 59 +++++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 18 deletions(-)

diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
index 42d51f0..4f7320e 100644
--- a/NetworkPkg/DnsDxe/DnsImpl.c
+++ b/NetworkPkg/DnsDxe/DnsImpl.c
@@ -1197,23 +1197,32 @@ ParseDnsResponse (
   }
   
   //
   // Check the Query type, do some buffer allocations.
   //
-  if (QuerySection->Type == DNS_TYPE_A) {
-    Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof 
(DNS_HOST_TO_ADDR_DATA));
-    ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL);
-    Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool 
(DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
-    ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL);
-  } else if (QuerySection->Type == DNS_TYPE_AAAA) {
-    Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof 
(DNS6_HOST_TO_ADDR_DATA));
-    ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL);
-    Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool 
(DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
-    ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL);
+  if (Instance->Service->IpVersion == IP_VERSION_4) {
+    ASSERT (Dns4TokenEntry != NULL);
+    if (QuerySection->Type == DNS_TYPE_A) {
+      Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof 
(DNS_HOST_TO_ADDR_DATA));
+      ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL);
+      Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool 
(DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS));
+      ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL);
+    } else {
+      Status = EFI_UNSUPPORTED;
+      goto ON_EXIT;
+    }
   } else {
-    Status = EFI_UNSUPPORTED;
-    goto ON_EXIT;
+    ASSERT (Dns6TokenEntry != NULL);
+    if (QuerySection->Type == DNS_TYPE_AAAA) {
+      Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof 
(DNS6_HOST_TO_ADDR_DATA));
+      ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL);
+      Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool 
(DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS));
+      ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL);
+    } else {
+      Status = EFI_UNSUPPORTED;
+      goto ON_EXIT;
+    }
   }
 
   //
   // Processing AnswerSection.
   //
@@ -1238,11 +1247,11 @@ ParseDnsResponse (
       switch (AnswerSection->Type) {
       case DNS_TYPE_A:
         //
         // This is address entry, get Data.
         //
-        ASSERT (AnswerSection->DataLength == 4);
+        ASSERT (Dns4TokenEntry != NULL && AnswerSection->DataLength == 4);
         
         HostAddr4 = Dns4TokenEntry->Token->RspData.H2AData->IpList;
         AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection);
         CopyMem (&HostAddr4[IpCount], AnswerData, sizeof (EFI_IPv4_ADDRESS));
 
@@ -1280,11 +1289,11 @@ ParseDnsResponse (
         break;
       case DNS_TYPE_AAAA:
         //
         // This is address entry, get Data.
         //
-        ASSERT (AnswerSection->DataLength == 16);
+        ASSERT (Dns6TokenEntry != NULL && AnswerSection->DataLength == 16);
         
         HostAddr6 = Dns6TokenEntry->Token->RspData.H2AData->IpList;
         AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection);
         CopyMem (&HostAddr6[IpCount], AnswerData, sizeof (EFI_IPv6_ADDRESS));
 
@@ -1331,27 +1340,41 @@ ParseDnsResponse (
     //
     AnswerName = (CHAR8 *) AnswerSection + sizeof (*AnswerSection) + 
AnswerSection->DataLength;
     AnswerSectionNum ++;
   }
 
-  if (QuerySection->Type == DNS_TYPE_A) {
-    Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
-  } else if (QuerySection->Type == DNS_TYPE_AAAA) {
-    Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
+  if (Instance->Service->IpVersion == IP_VERSION_4) {
+    ASSERT (Dns4TokenEntry != NULL);
+    if (QuerySection->Type == DNS_TYPE_A) {
+      Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
+    } else {
+      Status = EFI_UNSUPPORTED;
+      goto ON_EXIT;
+    }
+  } else {
+    ASSERT (Dns6TokenEntry != NULL);
+    if (QuerySection->Type == DNS_TYPE_AAAA) {
+      Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount;
+    } else {
+      Status = EFI_UNSUPPORTED;
+      goto ON_EXIT;
+    }
   }
 
   //
   // Parsing is complete, SignalEvent here.
   //
   if (Instance->Service->IpVersion == IP_VERSION_4) {
+    ASSERT (Dns4TokenEntry != NULL);
     Dns4RemoveTokenEntry (&Instance->Dns4TxTokens, Dns4TokenEntry);
     Dns4TokenEntry->Token->Status = EFI_SUCCESS;
     if (Dns4TokenEntry->Token->Event != NULL) {
       gBS->SignalEvent (Dns4TokenEntry->Token->Event);
       DispatchDpc ();
     }
   } else {
+    ASSERT (Dns6TokenEntry != NULL);
     Dns6RemoveTokenEntry (&Instance->Dns6TxTokens, Dns6TokenEntry);
     Dns6TokenEntry->Token->Status = EFI_SUCCESS;
     if (Dns6TokenEntry->Token->Event != NULL) {
       gBS->SignalEvent (Dns6TokenEntry->Token->Event);
       DispatchDpc ();
-- 
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [Patch] NetworkPkg: Fix the potential NULL pointer dereferenced issue

Reply via email to