Resolved Coverity Issues in DHCP4 Dxe
1.DhcpChooseOffer(CHECKED_RETURN)
Calling "DhcpValidateOptions" without checking return value as is done
elsewhere 6 out of 7 times.
2.DhcpSendMessage(FORWARD_NULL)
In some case ,SeedHead might be dereferencing the null pointer.
3.Dhcp6GetMappingTimeOut(OVERFLOW_BEFORE_WIDEN)
Potentially overflowing expression "10000000U *
DadXmits.DupAddrDetectTransmits" with type "unsigned int"(32 bits)
4.Dhcp6DepriveAddress(INTEGER_OVERFLOW)
Expression "AddressCount - 1U", where "AddressCount" is known to be equal to 0,
underflows the type that receives it.
5.Dhcp6CalculateLeaseTime(INTEGER_OVERFLOW)
When IaCb->Ia->IaAddressCount is less than 0 ,Expression "MinLt * 8U",
overflows the type that receives it
Cc: Saloni Kasbekar <saloni.kasbe...@intel.com>
Cc: Zachary Clark-williams <zachary.clark-willi...@intel.com>
Signed-off-by: SanthoshKumarV <santhoshkum...@ami.com>
---
NetworkPkg/Dhcp4Dxe/Dhcp4Io.c | 8 ++++++--
NetworkPkg/Dhcp4Dxe/Dhcp4Option.c | 2 ++
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 7 +++++--
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 14 ++++++++------
4 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Io.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Io.c
index 238e186c5b..8860863170 100644
--- a/NetworkPkg/Dhcp4Dxe/Dhcp4Io.c
+++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Io.c
@@ -521,8 +521,10 @@ DhcpChooseOffer (
DhcpSb->Selected = Selected;
DhcpSb->LastOffer = NULL;
DhcpSb->Para = NULL;
- DhcpValidateOptions (Selected, &DhcpSb->Para);
+ Status = DhcpValidateOptions (Selected, &DhcpSb->Para);
+ if (EFI_ERROR(Status))
+ return Status;
//
// A bootp offer has been selected, save the lease status,
// enter bound state then notify the user.
@@ -1226,7 +1228,9 @@ DhcpSendMessage (
}
} else if (Type == DHCP_MSG_DECLINE) {
ASSERT (SeedHead != NULL);
- IpAddr = EFI_IP4 (SeedHead->YourAddr);
+ if (SeedHead != NULL) {
+ IpAddr = EFI_IP4 (SeedHead->YourAddr);
+ }
}
if (IpAddr != 0) {
diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Option.c
b/NetworkPkg/Dhcp4Dxe/Dhcp4Option.c
index 5959eff17c..d6274c181c 100644
--- a/NetworkPkg/Dhcp4Dxe/Dhcp4Option.c
+++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Option.c
@@ -184,6 +184,8 @@ DhcpOptionIsValid (
}
ASSERT (Unit != 0);
+ if (Unit == 0) //Handle the invalid Unit and return
+ return FALSE;
//
// Validate that the option appears in the full units.
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
index a9bffae353..2ff8483488 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
@@ -2886,7 +2886,7 @@ ON_CONTINUE:
0
);
ON_EXIT:
- if (EFI_ERROR (Status)) {
+ if (EFI_ERROR (Status) && (Instance->Config != NULL) ) {
Dhcp6CleanupSession (Instance, Status);
}
}
@@ -3302,7 +3302,10 @@ Dhcp6OnTimerTick (
//
// Retransmit the last sent packet again.
//
- Dhcp6TransmitPacket (Instance, TxCb->TxPacket, TxCb->Elapsed);
+ Status = Dhcp6TransmitPacket (Instance, TxCb->TxPacket, TxCb->Elapsed);
+ if (EFI_ERROR (Status)) {
+ return;
+ }
TxCb->SolicitRetry = FALSE;
if (TxCb->TxPacket->Dhcp6.Header.MessageType == Dhcp6MsgSolicit) {
TxCb->SolicitRetry = TRUE;
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
index f38e3ee3fe..d3ab27cde9 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
@@ -44,8 +44,8 @@ Dhcp6GenerateClientId (
// Attempt to get client Id from variable to keep it constant.
// See details in section-9 of rfc-3315.
//
- GetVariable2 (L"ClientId", &gEfiDhcp6ServiceBindingProtocolGuid, (VOID
**)&Duid, NULL);
- if (Duid != NULL) {
+ Status = GetVariable2 (L"ClientId", &gEfiDhcp6ServiceBindingProtocolGuid,
(VOID **)&Duid, NULL);
+ if ((!EFI_ERROR (Status)) && (Duid != NULL)) {
return Duid;
}
@@ -378,8 +378,9 @@ Dhcp6CalculateLeaseTime (
UINTN Index;
ASSERT (IaCb->Ia->IaAddressCount > 0);
+ if (IaCb->Ia->IaAddressCount > 0)
+ MinLt = (UINT32)(-1);
- MinLt = (UINT32)(-1);
MaxLt = 0;
//
@@ -482,8 +483,9 @@ Dhcp6DepriveAddress (
}
ASSERT (AddressCount != 0);
-
- IaCopySize = sizeof (EFI_DHCP6_IA) + (AddressCount - 1) * sizeof
(EFI_DHCP6_IA_ADDRESS);
+ if (AddressCount != 0) {
+ IaCopySize = sizeof (EFI_DHCP6_IA) + (AddressCount - 1) * sizeof
(EFI_DHCP6_IA_ADDRESS);
+ }
IaCopy = AllocateZeroPool (IaCopySize);
if (IaCopy == NULL) {
@@ -1520,7 +1522,7 @@ Dhcp6GetMappingTimeOut (
return Status;
}
- *TimeOut = TICKS_PER_SECOND * DadXmits.DupAddrDetectTransmits +
DHCP6_DAD_ADDITIONAL_DELAY;
+ *TimeOut = TICKS_PER_SECOND * (UINTN)DadXmits.DupAddrDetectTransmits +
DHCP6_DAD_ADDITIONAL_DELAY;
return EFI_SUCCESS;
}
--
2.42.0.windows.2
-The information contained in this message may be confidential and proprietary
to American Megatrends (AMI). This communication is intended to be read only by
the individual or entity to whom it is addressed or by their designee. If the
reader of this message is not the intended recipient, you are on notice that
any distribution of this message, in any form, is strictly prohibited. Please
promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and
then delete or destroy all copies of the transmission.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118918): https://edk2.groups.io/g/devel/message/118918
Mute This Topic: https://groups.io/mt/106112065/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
