Reviewed-by: Fu Siyuan
> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Tuesday, April 3, 2018 10:52 PM
> To: edk2-devel-01
> Cc: Wu, Jiaxin ; Fu, Siyuan
> Subject: [PATCH 03/13] NetworkPkg/TlsDxe: verify DataSize for
> EfiTlsCipherList
>
> TlsSetSessionDa
TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER
element at the end of "Data":
- Generally speaking, malformed input for a security API is best rejected
explicitly.
- Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If
DataSize is 1 on input, then the initia
2 matches
Mail list logo