This patch is used to fix the potential NULL pointer dereferenced in function 'ParseDnsResponse'.
Cc: Fu Siyuan <siyuan...@intel.com> Cc: Zhang Lubo <lubo.zh...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin...@intel.com> --- NetworkPkg/DnsDxe/DnsImpl.c | 59 +++++++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 18 deletions(-) diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c index 42d51f0..4f7320e 100644 --- a/NetworkPkg/DnsDxe/DnsImpl.c +++ b/NetworkPkg/DnsDxe/DnsImpl.c @@ -1197,23 +1197,32 @@ ParseDnsResponse ( } // // Check the Query type, do some buffer allocations. // - if (QuerySection->Type == DNS_TYPE_A) { - Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA)); - ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL); - Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS)); - ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL); - } else if (QuerySection->Type == DNS_TYPE_AAAA) { - Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA)); - ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL); - Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS)); - ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL); + if (Instance->Service->IpVersion == IP_VERSION_4) { + ASSERT (Dns4TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_A) { + Dns4TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS_HOST_TO_ADDR_DATA)); + ASSERT (Dns4TokenEntry->Token->RspData.H2AData != NULL); + Dns4TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv4_ADDRESS)); + ASSERT (Dns4TokenEntry->Token->RspData.H2AData->IpList != NULL); + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } } else { - Status = EFI_UNSUPPORTED; - goto ON_EXIT; + ASSERT (Dns6TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_AAAA) { + Dns6TokenEntry->Token->RspData.H2AData = AllocatePool (sizeof (DNS6_HOST_TO_ADDR_DATA)); + ASSERT (Dns6TokenEntry->Token->RspData.H2AData != NULL); + Dns6TokenEntry->Token->RspData.H2AData->IpList = AllocatePool (DnsHeader->AnswersNum * sizeof (EFI_IPv6_ADDRESS)); + ASSERT (Dns6TokenEntry->Token->RspData.H2AData->IpList != NULL); + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } } // // Processing AnswerSection. // @@ -1238,11 +1247,11 @@ ParseDnsResponse ( switch (AnswerSection->Type) { case DNS_TYPE_A: // // This is address entry, get Data. // - ASSERT (AnswerSection->DataLength == 4); + ASSERT (Dns4TokenEntry != NULL && AnswerSection->DataLength == 4); HostAddr4 = Dns4TokenEntry->Token->RspData.H2AData->IpList; AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection); CopyMem (&HostAddr4[IpCount], AnswerData, sizeof (EFI_IPv4_ADDRESS)); @@ -1280,11 +1289,11 @@ ParseDnsResponse ( break; case DNS_TYPE_AAAA: // // This is address entry, get Data. // - ASSERT (AnswerSection->DataLength == 16); + ASSERT (Dns6TokenEntry != NULL && AnswerSection->DataLength == 16); HostAddr6 = Dns6TokenEntry->Token->RspData.H2AData->IpList; AnswerData = (UINT8 *) AnswerSection + sizeof (*AnswerSection); CopyMem (&HostAddr6[IpCount], AnswerData, sizeof (EFI_IPv6_ADDRESS)); @@ -1331,27 +1340,41 @@ ParseDnsResponse ( // AnswerName = (CHAR8 *) AnswerSection + sizeof (*AnswerSection) + AnswerSection->DataLength; AnswerSectionNum ++; } - if (QuerySection->Type == DNS_TYPE_A) { - Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount; - } else if (QuerySection->Type == DNS_TYPE_AAAA) { - Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount; + if (Instance->Service->IpVersion == IP_VERSION_4) { + ASSERT (Dns4TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_A) { + Dns4TokenEntry->Token->RspData.H2AData->IpCount = IpCount; + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } + } else { + ASSERT (Dns6TokenEntry != NULL); + if (QuerySection->Type == DNS_TYPE_AAAA) { + Dns6TokenEntry->Token->RspData.H2AData->IpCount = IpCount; + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } } // // Parsing is complete, SignalEvent here. // if (Instance->Service->IpVersion == IP_VERSION_4) { + ASSERT (Dns4TokenEntry != NULL); Dns4RemoveTokenEntry (&Instance->Dns4TxTokens, Dns4TokenEntry); Dns4TokenEntry->Token->Status = EFI_SUCCESS; if (Dns4TokenEntry->Token->Event != NULL) { gBS->SignalEvent (Dns4TokenEntry->Token->Event); DispatchDpc (); } } else { + ASSERT (Dns6TokenEntry != NULL); Dns6RemoveTokenEntry (&Instance->Dns6TxTokens, Dns6TokenEntry); Dns6TokenEntry->Token->Status = EFI_SUCCESS; if (Dns6TokenEntry->Token->Event != NULL) { gBS->SignalEvent (Dns6TokenEntry->Token->Event); DispatchDpc (); -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel