svn commit: r365505 - head/stand/efi/libefi

Wed, 09 Sep 2020 09:36:10 -0700 

Author: scottph
Date: Wed Sep  9 16:35:51 2020
New Revision: 365505
URL: https://svnweb.freebsd.org/changeset/base/365505

Log:
  stand/efihttp: Work around a bug in edk2 http instance reconfiguration
  
  A bug in the EFI HTTP driver of TianoCore EDK2 causes memory
  corruption when an http instance that uses tls is reconfigured,
  leading to a crash.
  
  Work around this by forcing a new http instance for each request
  instead of reconfiguring the existing one.
  
  The upstream bug report is https://bugzilla.tianocore.org/show_bug.cgi?id=1917
  
  Submitted by: bcran
  Reviewed By:  imp, kevans, tsoome
  MFC after:    1 week
  Differential Revision:        https://reviews.freebsd.org/D21281

Modified:
  head/stand/efi/libefi/efihttp.c

Modified: head/stand/efi/libefi/efihttp.c
==============================================================================
--- head/stand/efi/libefi/efihttp.c     Wed Sep  9 16:13:33 2020        
(r365504)
+++ head/stand/efi/libefi/efihttp.c     Wed Sep  9 16:35:51 2020        
(r365505)
@@ -576,6 +576,14 @@ efihttp_fs_open(const char *path, struct open_file *f)
         */
        err = _efihttp_fs_open(path, f);
        if (err != 0) {
+               /*
+                * Work around a bug in the EFI HTTP implementation which
+                * causes a crash if the http instance isn't torn down
+                * between requests.
+                * See https://bugzilla.tianocore.org/show_bug.cgi?id=1917
+                */
+               efihttp_dev_close(f);
+               efihttp_dev_open(f);
                path_slash = malloc(strlen(path) + 2);
                if (path_slash == NULL)
                        return (ENOMEM);
@@ -719,6 +727,14 @@ efihttp_fs_seek(struct open_file *f, off_t offset, int
                path = fh->path;
                fh->path = NULL;
                efihttp_fs_close(f);
+               /*
+                * Work around a bug in the EFI HTTP implementation which
+                * causes a crash if the http instance isn't torn down
+                * between requests.
+                * See https://bugzilla.tianocore.org/show_bug.cgi?id=1917
+                */
+               efihttp_dev_close(f);
+               efihttp_dev_open(f);
                err = efihttp_fs_open(path, f);
                free(path);
                if (err != 0)
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to