Re: [edk2] [PATCH 03/13] NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList

Reviewed-by: Fu Siyuan > -Original Message- > From: Laszlo Ersek [mailto:ler...@redhat.com] > Sent: Tuesday, April 3, 2018 10:52 PM > To: edk2-devel-01 > Cc: Wu, Jiaxin ; Fu, Siyuan > Subject: [PATCH 03/13] NetworkPkg/TlsDxe: verify DataSize for > EfiTlsCipherList > > TlsSetSessionDa

[edk2] [PATCH 03/13] NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList

TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER element at the end of "Data": - Generally speaking, malformed input for a security API is best rejected explicitly. - Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If DataSize is 1 on input, then the initia