Hi Maciej, Can you please review this patch? It is sitting there for a while, looks like it slipped through the cracks.
Thank you, Vladimir > -----Original Message----- > From: Vladimir Olovyannikov <vladimir.olovyanni...@broadcom.com> > Sent: Friday, August 28, 2020 11:17 AM > To: devel@edk2.groups.io > Cc: Vladimir Olovyannikov <vladimir.olovyanni...@broadcom.com>; Maciej > Rabeda <maciej.rab...@linux.intel.com>; Jiaxin Wu <jiaxin...@intel.com>; > Siyuan Fu <siyuan...@intel.com> > Subject: [PATCH 1/1] NetworkPkg: Fix possible infinite loop in HTTP msg body > parser > > When an HTTP server sends a non-chunked body data with no Content- > Length header, the HttpParserMessageBody in DxeHttpLib gets confused > and never sets the Char pointer beyond the body start. > This causes "for" loop to never break because the condition of "Char >= Body > + BodyLength" is never satisfied. > Use BodyLength as the ContentLength for the parser when ContentLength is > absent in HTTP response headers. > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2941 > > Signed-off-by: Vladimir Olovyannikov > <vladimir.olovyanni...@broadcom.com> > Cc: Maciej Rabeda <maciej.rab...@linux.intel.com> > Cc: Jiaxin Wu <jiaxin...@intel.com> > Cc: Siyuan Fu <siyuan...@intel.com> > --- > NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 19 ++++++++++++++++--- > 1 file changed, 16 insertions(+), 3 deletions(-) > > diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > index 180d9321025a..e550c9962dc1 100644 > --- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > +++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > @@ -1122,6 +1122,7 @@ HttpParseMessageBody ( > CHAR8 *Char; > UINTN RemainderLengthInThis; > UINTN LengthForCallback; > + UINTN PortionLength; > EFI_STATUS Status; > HTTP_BODY_PARSER *Parser; > > @@ -1173,19 +1174,31 @@ HttpParseMessageBody ( > // > // Identity transfer-coding, just notify user to save the body data. > // > + PortionLength = MIN ( > + BodyLength, > + Parser->ContentLength - Parser->ParsedBodyLength > + ); > + if (!PortionLength) { > + // > + // Got BodyLength, but no ContentLength. Use BodyLength. > + // > + PortionLength = BodyLength; > + Parser->ContentLength = PortionLength; > + } > + > if (Parser->Callback != NULL) { > Status = Parser->Callback ( > BodyParseEventOnData, > Char, > - MIN (BodyLength, Parser->ContentLength - Parser- > >ParsedBodyLength), > + PortionLength, > Parser->Context > ); > if (EFI_ERROR (Status)) { > return Status; > } > } > - Char += MIN (BodyLength, Parser->ContentLength - Parser- > >ParsedBodyLength); > - Parser->ParsedBodyLength += MIN (BodyLength, Parser- > >ContentLength - Parser->ParsedBodyLength); > + Char += PortionLength; > + Parser->ParsedBodyLength += PortionLength; > if (Parser->ParsedBodyLength == Parser->ContentLength) { > Parser->State = BodyParserComplete; > if (Parser->Callback != NULL) { > -- > 2.26.2.266.ge870325ee8 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65585): https://edk2.groups.io/g/devel/message/65585 Mute This Topic: https://groups.io/mt/76479891/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
smime.p7s
Description: S/MIME Cryptographic Signature
