代码拉取完成,页面将自动刷新
From 1ef9758121ee50437322d84ce394279e38a7055f Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 8 Feb 2024 10:35:14 -0500
Subject: [PATCH 14/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
Patch
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
RH-Jira: RHEL-21840 RHEL-21842
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/4] 26695f0c8bd1032ba04179cb9281f753fcff2c92 (jmaloy/jons_fork)
JIRA: https://issues.redhat.com/browse/RHEL-21842
CVE: CVE-2023-45230
Upstream: Merged
Conflicts: Only whitespace issues caused by the 'uncrustify' tool.
commit f31453e8d6542461d92d835e0b79fec8b039174d
Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
Date: Fri Jan 26 05:54:43 2024 +0800
NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4535
Bug Details:
PixieFail Bug #2
CVE-2023-45230
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
of a Memory Buffer
Changes Overview:
> -UINT8 *
> +EFI_STATUS
> Dhcp6AppendOption (
> - IN OUT UINT8 *Buf,
> - IN UINT16 OptType,
> - IN UINT16 OptLen,
> - IN UINT8 *Data
> + IN OUT EFI_DHCP6_PACKET *Packet,
> + IN OUT UINT8 **PacketCursor,
> + IN UINT16 OptType,
> + IN UINT16 OptLen,
> + IN UINT8 *Data
> );
Dhcp6AppendOption() and variants can return errors now. All callsites
are adapted accordingly.
It gets passed in EFI_DHCP6_PACKET as additional parameter ...
> + //
> + // Verify the PacketCursor is within the packet
> + //
> + if ( (*PacketCursor < Packet->Dhcp6.Option)
> + || (*PacketCursor >= Packet->Dhcp6.Option +
(Packet->Size - sizeof (EFI_DHCP6_HEADER))))
> + {
> + return EFI_INVALID_PARAMETER;
> + }
... so it can look at Packet->Size when checking buffer space.
Also to allow Packet->Length updates.
Lots of checks added.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 49 +++-
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 409 +++++++++++++++++++----------
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 382 +++++++++++++++++++++------
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h | 82 +++---
4 files changed, 676 insertions(+), 246 deletions(-)
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
index f88b00ad04..ec0ed5d8f5 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
@@ -47,9 +47,52 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
#define DHCP6_SERVICE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'S')
#define DHCP6_INSTANCE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'I')
-#define DHCP6_PACKET_ALL 0
-#define DHCP6_PACKET_STATEFUL 1
-#define DHCP6_PACKET_STATELESS 2
+//
+// For more information on DHCP options see RFC 8415, Section 21.1
+//
+// The format of DHCP options is:
+//
+// 0 1 2 3
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// | option-code | option-len |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// | option-data |
+// | (option-len octets) |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//
+#define DHCP6_SIZE_OF_OPT_CODE (sizeof(UINT16))
+#define DHCP6_SIZE_OF_OPT_LEN (sizeof(UINT16))
+
+//
+// Combined size of Code and Length
+//
+#define DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN (DHCP6_SIZE_OF_OPT_CODE + \
+ DHCP6_SIZE_OF_OPT_LEN)
+
+STATIC_ASSERT (
+ DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN == 4,
+ "Combined size of Code and Length must be 4 per RFC 8415"
+ );
+
+//
+// Offset to the length is just past the code
+//
+#define DHCP6_OPT_LEN_OFFSET(a) (a + DHCP6_SIZE_OF_OPT_CODE)
+STATIC_ASSERT (
+ DHCP6_OPT_LEN_OFFSET (0) == 2,
+ "Offset of length is + 2 past start of option"
+ );
+
+#define DHCP6_OPT_DATA_OFFSET(a) (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
+STATIC_ASSERT (
+ DHCP6_OPT_DATA_OFFSET (0) == 4,
+ "Offset to option data should be +4 from start of option"
+ );
+
+#define DHCP6_PACKET_ALL 0
+#define DHCP6_PACKET_STATEFUL 1
+#define DHCP6_PACKET_STATELESS 2
#define DHCP6_BASE_PACKET_SIZE 1024
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
index c20876d5a5..2976684aba 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
@@ -3,9 +3,9 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
-
**/
#include "Dhcp6Impl.h"
@@ -946,7 +946,8 @@ Dhcp6SendSolicitMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@@ -960,26 +961,38 @@ Dhcp6SendSolicitMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendETOption (
- Cursor,
+ Status = Dhcp6AppendETOption (
+ Packet,
+ &Cursor,
Instance,
&Elapsed
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendIaOption (
- Cursor,
+ Status = Dhcp6AppendIaOption (
+ Packet,
+ &Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
//
// Append user-defined when configurate Dhcp6 service.
@@ -987,28 +1000,26 @@ Dhcp6SendSolicitMsg (
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
- Cursor = Dhcp6AppendOption(
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
}
- //
- // Determine the size/length of packet.
- //
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendSolicit, &Packet);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
@@ -1022,10 +1033,8 @@ Dhcp6SendSolicitMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
@@ -1037,6 +1046,14 @@ Dhcp6SendSolicitMsg (
Elapsed,
Instance->Config->SolicitRetransmission
);
+
+ON_ERROR:
+
+ if (Packet) {
+ FreePool (Packet);
+ }
+
+ return Status;
}
/**
@@ -1128,7 +1145,8 @@ Dhcp6SendRequestMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@@ -1142,33 +1160,49 @@ Dhcp6SendRequestMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendETOption (
- Cursor,
+ Status = Dhcp6AppendETOption (
+ Packet,
+ &Cursor,
Instance,
&Elapsed
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendIaOption (
- Cursor,
+ Status = Dhcp6AppendIaOption (
+ Packet,
+ &Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
//
// Append user-defined when configurate Dhcp6 service.
@@ -1176,18 +1210,18 @@ Dhcp6SendRequestMsg (
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
- Cursor = Dhcp6AppendOption(
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
}
- //
- // Determine the size/length of packet.
- //
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
@@ -1196,8 +1230,7 @@ Dhcp6SendRequestMsg (
Status = Dhcp6CallbackUser (Instance, Dhcp6SendRequest, &Packet);
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
@@ -1213,14 +1246,21 @@ Dhcp6SendRequestMsg (
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
+
+ON_ERROR:
+
+ if (Packet) {
+ FreePool (Packet);
+ }
+
+ return Status;
}
@@ -1286,7 +1326,8 @@ Dhcp6SendDeclineMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE);
if (Packet == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE;
@@ -1300,42 +1341,58 @@ Dhcp6SendDeclineMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendETOption (
- Cursor,
+ Status = Dhcp6AppendETOption (
+ Packet,
+ &Cursor,
Instance,
&Elapsed
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendIaOption (Cursor, DecIa, 0, 0, Packet->Dhcp6.Header.MessageType);
+ Status = Dhcp6AppendIaOption (
+ Packet,
+ &Cursor,
+ DecIa,
+ 0,
+ 0,
+ Packet->Dhcp6.Header.MessageType
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- //
- // Determine the size/length of packet.
- //
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendDecline, &Packet);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
@@ -1349,16 +1406,22 @@ Dhcp6SendDeclineMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
+
+ON_ERROR:
+
+ if (Packet) {
+ FreePool (Packet);
+ }
+
+ return Status;
}
@@ -1420,7 +1483,8 @@ Dhcp6SendReleaseMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE);
if (Packet == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE;
@@ -1434,45 +1498,61 @@ Dhcp6SendReleaseMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
//
// ServerId is extracted from packet, it's network order.
//
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendETOption (
- Cursor,
+ Status = Dhcp6AppendETOption (
+ Packet,
+ &Cursor,
Instance,
&Elapsed
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendIaOption (Cursor, RelIa, 0, 0, Packet->Dhcp6.Header.MessageType);
+ Status = Dhcp6AppendIaOption (
+ Packet,
+ &Cursor,
+ RelIa,
+ 0,
+ 0,
+ Packet->Dhcp6.Header.MessageType
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- //
- // Determine the size/length of packet
- //
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendRelease, &Packet);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
@@ -1482,16 +1562,22 @@ Dhcp6SendReleaseMsg (
Instance->IaCb.Ia->State = Dhcp6Releasing;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
+
+ON_ERROR:
+
+ if (Packet) {
+ FreePool (Packet);
+ }
+
+ return Status;
}
@@ -1551,7 +1637,8 @@ Dhcp6SendRenewRebindMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@@ -1565,26 +1652,38 @@ Dhcp6SendRenewRebindMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendETOption (
- Cursor,
+ Status = Dhcp6AppendETOption (
+ Packet,
+ &Cursor,
Instance,
&Elapsed
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendIaOption (
- Cursor,
+ Status = Dhcp6AppendIaOption (
+ Packet,
+ &Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
if (!RebindRequest) {
//
@@ -1600,18 +1699,22 @@ Dhcp6SendRenewRebindMsg (
Dhcp6OptServerId
);
if (Option == NULL) {
- FreePool (Packet);
- return EFI_DEVICE_ERROR;
+ Status = EFI_DEVICE_ERROR;
+ goto ON_ERROR;
}
ServerId = (EFI_DHCP6_DUID *) (Option + 2);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptServerId),
ServerId->Length,
ServerId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
}
//
@@ -1620,18 +1723,18 @@ Dhcp6SendRenewRebindMsg (
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
- Cursor = Dhcp6AppendOption(
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
}
- //
- // Determine the size/length of packet.
- //
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
@@ -1641,10 +1744,8 @@ Dhcp6SendRenewRebindMsg (
Event = (RebindRequest) ? Dhcp6EnterRebinding : Dhcp6EnterRenewing;
Status = Dhcp6CallbackUser (Instance, Event, &Packet);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
@@ -1661,16 +1762,22 @@ Dhcp6SendRenewRebindMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
+
+ON_ERROR:
+
+ if (Packet) {
+ FreePool (Packet);
+ }
+
+ return Status;
}
/**
@@ -1834,7 +1941,8 @@ Dhcp6SendInfoRequestMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@@ -1851,26 +1959,38 @@ Dhcp6SendInfoRequestMsg (
if (SendClientId) {
Length = HTONS (ClientId->Length);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
}
- Cursor = Dhcp6AppendETOption (
- Cursor,
+ Status = Dhcp6AppendETOption (
+ Packet,
+ &Cursor,
Instance,
&Elapsed
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
OptionRequest->OpCode,
OptionRequest->OpLen,
OptionRequest->Data
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
//
// Append user-defined when configurate Dhcp6 service.
@@ -1878,18 +1998,18 @@ Dhcp6SendInfoRequestMsg (
for (Index = 0; Index < OptionCount; Index++) {
UserOpt = OptionList[Index];
- Cursor = Dhcp6AppendOption(
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
}
- //
- // Determine the size/length of packet.
- //
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
@@ -1901,16 +2021,22 @@ Dhcp6SendInfoRequestMsg (
// Send info-request packet with no state.
//
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, Retransmission);
+
+ON_ERROR:
+
+ if (Packet) {
+ FreePool (Packet);
+ }
+
+ return Status;
}
@@ -1962,7 +2088,8 @@ Dhcp6SendConfirmMsg (
//
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
if (Packet == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_ERROR;
}
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
@@ -1976,54 +2103,64 @@ Dhcp6SendConfirmMsg (
Cursor = Packet->Dhcp6.Option;
Length = HTONS (ClientId->Length);
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
HTONS (Dhcp6OptClientId),
Length,
ClientId->Duid
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendETOption (
- Cursor,
+ Status = Dhcp6AppendETOption (
+ Packet,
+ &Cursor,
Instance,
&Elapsed
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
- Cursor = Dhcp6AppendIaOption (
- Cursor,
+ Status = Dhcp6AppendIaOption (
+ Packet,
+ &Cursor,
Instance->IaCb.Ia,
Instance->IaCb.T1,
Instance->IaCb.T2,
Packet->Dhcp6.Header.MessageType
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
//
// Append user-defined when configurate Dhcp6 service.
//
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
UserOpt = Instance->Config->OptionList[Index];
- Cursor = Dhcp6AppendOption (
- Cursor,
+ Status = Dhcp6AppendOption (
+ Packet,
+ &Cursor,
UserOpt->OpCode,
UserOpt->OpLen,
UserOpt->Data
);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
}
- //
- // Determine the size/length of packet.
- //
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
ASSERT (Packet->Size > Packet->Length + 8);
//
// Callback to user with the packet to be sent and check the user's feedback.
//
Status = Dhcp6CallbackUser (Instance, Dhcp6SendConfirm, &Packet);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
@@ -2037,16 +2174,22 @@ Dhcp6SendConfirmMsg (
Instance->StartTime = 0;
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
-
if (EFI_ERROR (Status)) {
- FreePool (Packet);
- return Status;
+ goto ON_ERROR;
}
//
// Enqueue the sent packet for the retransmission in case reply timeout.
//
return Dhcp6EnqueueRetry (Instance, Packet, Elapsed, NULL);
+
+ON_ERROR:
+
+ if (Packet) {
+ FreePool (Packet);
+ }
+
+ return Status;
}
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
index d249a1cca7..484c360a96 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
@@ -601,24 +601,33 @@ Dhcp6OnTransmitted (
/**
- Append the option to Buf, and move Buf to the end.
+ Append the option to Buf, update the length of packet, and move Buf to the end.
- @param[in, out] Buf The pointer to the buffer.
- @param[in] OptType The option type.
- @param[in] OptLen The length of option contents.
- @param[in] Data The pointer to the option content.
+ @param[in, out] Packet A pointer to the packet, on success Packet->Length
+ will be updated.
+ @param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
+ will be moved to the end of the option.
+ @param[in] OptType The option type.
+ @param[in] OptLen The length of option contents.
+ @param[in] Data The pointer to the option content.
- @return Buf The position to append the next option.
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
-UINT8 *
+EFI_STATUS
Dhcp6AppendOption (
- IN OUT UINT8 *Buf,
- IN UINT16 OptType,
- IN UINT16 OptLen,
- IN UINT8 *Data
+ IN OUT EFI_DHCP6_PACKET *Packet,
+ IN OUT UINT8 **PacketCursor,
+ IN UINT16 OptType,
+ IN UINT16 OptLen,
+ IN UINT8 *Data
)
{
+ UINT32 Length;
+ UINT32 BytesNeeded;
+
//
// The format of Dhcp6 option:
//
@@ -631,35 +640,94 @@ Dhcp6AppendOption (
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
- ASSERT (OptLen != 0);
+ //
+ // Verify the arguments are valid
+ //
+ if (Packet == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (Data == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (OptLen == 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Verify the PacketCursor is within the packet
+ //
+ if ( (*PacketCursor < Packet->Dhcp6.Option)
+ || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Calculate the bytes needed for the option
+ //
+ BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + NTOHS (OptLen);
+
+ //
+ // Space remaining in the packet
+ //
+ Length = Packet->Size - Packet->Length;
+ if (Length < BytesNeeded) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ //
+ // Verify the PacketCursor is within the packet
+ //
+ if ( (*PacketCursor < Packet->Dhcp6.Option)
+ || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, OptType);
+ *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, OptLen);
+ *PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
+ CopyMem (*PacketCursor, Data, NTOHS (OptLen));
+ *PacketCursor += NTOHS (OptLen);
- WriteUnaligned16 ((UINT16 *) Buf, OptType);
- Buf += 2;
- WriteUnaligned16 ((UINT16 *) Buf, OptLen);
- Buf += 2;
- CopyMem (Buf, Data, NTOHS (OptLen));
- Buf += NTOHS (OptLen);
+ // Update the packet length by the length of the option + 4 bytes
+ Packet->Length += BytesNeeded;
- return Buf;
+ return EFI_SUCCESS;
}
/**
Append the appointed IA Address option to Buf, and move Buf to the end.
- @param[in, out] Buf The pointer to the position to append.
+ @param[in, out] Packet A pointer to the packet, on success Packet->Length
+ will be updated.
+ @param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
+ will be moved to the end of the option.
@param[in] IaAddr The pointer to the IA Address.
@param[in] MessageType Message type of DHCP6 package.
- @return Buf The position to append the next option.
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
-UINT8 *
+EFI_STATUS
Dhcp6AppendIaAddrOption (
- IN OUT UINT8 *Buf,
- IN EFI_DHCP6_IA_ADDRESS *IaAddr,
- IN UINT32 MessageType
-)
+ IN OUT EFI_DHCP6_PACKET *Packet,
+ IN OUT UINT8 **PacketCursor,
+ IN EFI_DHCP6_IA_ADDRESS *IaAddr,
+ IN UINT32 MessageType
+ )
{
+ UINT32 BytesNeeded;
+ UINT32 Length;
// The format of the IA Address option is:
//
@@ -682,17 +750,60 @@ Dhcp6AppendIaAddrOption (
// . .
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ //
+ // Verify the arguments are valid
+ //
+ if (Packet == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (IaAddr == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Verify the PacketCursor is within the packet
+ //
+ if ( (*PacketCursor < Packet->Dhcp6.Option)
+ || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN;
+ BytesNeeded += sizeof (EFI_IPv6_ADDRESS);
+ //
+ // Even if the preferred-lifetime is 0, it still needs to store it.
+ //
+ BytesNeeded += sizeof (IaAddr->PreferredLifetime);
+ //
+ // Even if the valid-lifetime is 0, it still needs to store it.
+ //
+ BytesNeeded += sizeof (IaAddr->ValidLifetime);
+
+ //
+ // Space remaining in the packet
+ //
+ Length = Packet->Size - Packet->Length;
+ if (Length < BytesNeeded) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
//
// Fill the value of Ia Address option type
//
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (Dhcp6OptIaAddr));
- Buf += 2;
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Dhcp6OptIaAddr));
+ *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (sizeof (EFI_DHCP6_IA_ADDRESS)));
- Buf += 2;
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (sizeof (EFI_DHCP6_IA_ADDRESS)));
+ *PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
- CopyMem (Buf, &IaAddr->IpAddress, sizeof(EFI_IPv6_ADDRESS));
- Buf += sizeof(EFI_IPv6_ADDRESS);
+ CopyMem (*PacketCursor, &IaAddr->IpAddress, sizeof (EFI_IPv6_ADDRESS));
+ *PacketCursor += sizeof (EFI_IPv6_ADDRESS);
//
// Fill the value of preferred-lifetime and valid-lifetime.
@@ -700,43 +811,59 @@ Dhcp6AppendIaAddrOption (
// should set to 0 when initiate a Confirm message.
//
if (MessageType != Dhcp6MsgConfirm) {
- WriteUnaligned32 ((UINT32 *) Buf, HTONL (IaAddr->PreferredLifetime));
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (IaAddr->PreferredLifetime));
}
- Buf += 4;
+
+ *PacketCursor += sizeof (IaAddr->PreferredLifetime);
if (MessageType != Dhcp6MsgConfirm) {
- WriteUnaligned32 ((UINT32 *) Buf, HTONL (IaAddr->ValidLifetime));
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (IaAddr->ValidLifetime));
}
- Buf += 4;
- return Buf;
+ *PacketCursor += sizeof (IaAddr->ValidLifetime);
+
+ //
+ // Update the packet length
+ //
+ Packet->Length += BytesNeeded;
+
+ return EFI_SUCCESS;
}
/**
Append the appointed Ia option to Buf, and move Buf to the end.
- @param[in, out] Buf The pointer to the position to append.
+ @param[in, out] Packet A pointer to the packet, on success Packet->Length
+ will be updated.
+ @param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
+ will be moved to the end of the option.
@param[in] Ia The pointer to the Ia.
@param[in] T1 The time of T1.
@param[in] T2 The time of T2.
@param[in] MessageType Message type of DHCP6 package.
- @return Buf The position to append the next Ia option.
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
-UINT8 *
+EFI_STATUS
Dhcp6AppendIaOption (
- IN OUT UINT8 *Buf,
- IN EFI_DHCP6_IA *Ia,
- IN UINT32 T1,
- IN UINT32 T2,
- IN UINT32 MessageType
+ IN OUT EFI_DHCP6_PACKET *Packet,
+ IN OUT UINT8 **PacketCursor,
+ IN EFI_DHCP6_IA *Ia,
+ IN UINT32 T1,
+ IN UINT32 T2,
+ IN UINT32 MessageType
)
{
- UINT8 *AddrOpt;
- UINT16 *Len;
- UINTN Index;
+ UINT8 *AddrOpt;
+ UINT16 *Len;
+ UINTN Index;
+ UINT32 BytesNeeded;
+ UINT32 Length;
+ EFI_STATUS Status;
//
// The format of IA_NA and IA_TA option:
@@ -757,68 +884,126 @@ Dhcp6AppendIaOption (
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
+ //
+ // Verify the arguments are valid
+ //
+ if (Packet == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (Ia == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Verify the PacketCursor is within the packet
+ //
+ if ( (*PacketCursor < Packet->Dhcp6.Option)
+ || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN;
+ BytesNeeded += sizeof (Ia->Descriptor.IaId);
+ //
+ // + N for the IA_NA-options/IA_TA-options
+ // Dhcp6AppendIaAddrOption will need to check the length for each address
+ //
+ if (Ia->Descriptor.Type == Dhcp6OptIana) {
+ BytesNeeded += sizeof (T1) + sizeof (T2);
+ }
+
+ //
+ // Space remaining in the packet
+ //
+ Length = (UINT16)(Packet->Size - Packet->Length);
+ if (Length < BytesNeeded) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
//
// Fill the value of Ia option type
//
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (Ia->Descriptor.Type));
- Buf += 2;
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Ia->Descriptor.Type));
+ *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
//
// Fill the len of Ia option later, keep the pointer first
//
- Len = (UINT16 *) Buf;
- Buf += 2;
+ Len = (UINT16 *)*PacketCursor;
+ *PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
//
// Fill the value of iaid
//
- WriteUnaligned32 ((UINT32 *) Buf, HTONL (Ia->Descriptor.IaId));
- Buf += 4;
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (Ia->Descriptor.IaId));
+ *PacketCursor += sizeof (Ia->Descriptor.IaId);
//
// Fill the value of t1 and t2 if iana, keep it 0xffffffff if no specified.
//
if (Ia->Descriptor.Type == Dhcp6OptIana) {
- WriteUnaligned32 ((UINT32 *) Buf, HTONL ((T1 != 0) ? T1 : 0xffffffff));
- Buf += 4;
- WriteUnaligned32 ((UINT32 *) Buf, HTONL ((T2 != 0) ? T2 : 0xffffffff));
- Buf += 4;
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL ((T1 != 0) ? T1 : 0xffffffff));
+ *PacketCursor += sizeof (T1);
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL ((T2 != 0) ? T2 : 0xffffffff));
+ *PacketCursor += sizeof (T2);
}
//
// Fill all the addresses belong to the Ia
//
for (Index = 0; Index < Ia->IaAddressCount; Index++) {
- AddrOpt = (UINT8 *) Ia->IaAddress + Index * sizeof (EFI_DHCP6_IA_ADDRESS);
- Buf = Dhcp6AppendIaAddrOption (Buf, (EFI_DHCP6_IA_ADDRESS *) AddrOpt, MessageType);
+ AddrOpt = (UINT8 *)Ia->IaAddress + Index * sizeof (EFI_DHCP6_IA_ADDRESS);
+ Status = Dhcp6AppendIaAddrOption (Packet, PacketCursor, (EFI_DHCP6_IA_ADDRESS *)AddrOpt, MessageType);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
}
//
// Fill the value of Ia option length
//
- *Len = HTONS ((UINT16) (Buf - (UINT8 *) Len - 2));
+ *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));
+
+ //
+ // Update the packet length
+ //
+ Packet->Length += BytesNeeded;
- return Buf;
+ return EFI_SUCCESS;
}
/**
Append the appointed Elapsed time option to Buf, and move Buf to the end.
- @param[in, out] Buf The pointer to the position to append.
+ @param[in, out] Packet A pointer to the packet, on success Packet->Length
+ @param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
+ will be moved to the end of the option.
@param[in] Instance The pointer to the Dhcp6 instance.
@param[out] Elapsed The pointer to the elapsed time value in
- the generated packet.
+ the generated packet.
- @return Buf The position to append the next Ia option.
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
-UINT8 *
+EFI_STATUS
Dhcp6AppendETOption (
- IN OUT UINT8 *Buf,
- IN DHCP6_INSTANCE *Instance,
- OUT UINT16 **Elapsed
+ IN OUT EFI_DHCP6_PACKET *Packet,
+ IN OUT UINT8 **PacketCursor,
+ IN DHCP6_INSTANCE *Instance,
+ OUT UINT16 **Elapsed
)
{
+ UINT32 BytesNeeded;
+ UINT32 Length;
+
//
// The format of elapsed time option:
//
@@ -830,27 +1015,70 @@ Dhcp6AppendETOption (
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
//
+ //
+ // Verify the arguments are valid
+ //
+ if (Packet == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if ((PacketCursor == NULL) || (*PacketCursor == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (Instance == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if ((Elapsed == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Verify the PacketCursor is within the packet
+ //
+ if ( (*PacketCursor < Packet->Dhcp6.Option)
+ || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ BytesNeeded = DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN;
+ //
+ // + 2 for elapsed-time
+ //
+ BytesNeeded += sizeof (UINT16);
+ //
+ // Space remaining in the packet
+ //
+ Length = Packet->Size - Packet->Length;
+ if (Length < BytesNeeded) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
//
// Fill the value of elapsed-time option type.
//
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (Dhcp6OptElapsedTime));
- Buf += 2;
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Dhcp6OptElapsedTime));
+ *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
//
// Fill the len of elapsed-time option, which is fixed.
//
- WriteUnaligned16 ((UINT16 *) Buf, HTONS(2));
- Buf += 2;
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (2));
+ *PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
//
// Fill in elapsed time value with 0 value for now. The actual value is
// filled in later just before the packet is transmitted.
//
- WriteUnaligned16 ((UINT16 *) Buf, HTONS(0));
- *Elapsed = (UINT16 *) Buf;
- Buf += 2;
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (0));
+ *Elapsed = (UINT16 *)*PacketCursor;
+ *PacketCursor += sizeof (UINT16);
- return Buf;
+ Packet->Length += BytesNeeded;
+
+ return EFI_SUCCESS;
}
/**
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
index 2f18eb3609..af68f77e8b 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
@@ -161,69 +161,85 @@ Dhcp6OnTransmitted (
);
/**
- Append the appointed option to the buf, and move the buf to the end.
-
- @param[in, out] Buf The pointer to buffer.
- @param[in] OptType The option type.
- @param[in] OptLen The length of option content.s
- @param[in] Data The pointer to the option content.
-
- @return Buf The position to append the next option.
-
+ Append the option to Buf, update the length of packet, and move Buf to the end.
+
+ @param[in, out] Packet A pointer to the packet, on success Packet->Length
+ will be updated.
+ @param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
+ will be moved to the end of the option.
+ @param[in] OptType The option type.
+ @param[in] OptLen The length of option contents.
+ @param[in] Data The pointer to the option content.
+
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
-UINT8 *
+EFI_STATUS
Dhcp6AppendOption (
- IN OUT UINT8 *Buf,
- IN UINT16 OptType,
- IN UINT16 OptLen,
- IN UINT8 *Data
+ IN OUT EFI_DHCP6_PACKET *Packet,
+ IN OUT UINT8 **PacketCursor,
+ IN UINT16 OptType,
+ IN UINT16 OptLen,
+ IN UINT8 *Data
);
/**
- Append the Ia option to Buf, and move Buf to the end.
-
- @param[in, out] Buf The pointer to the position to append.
+ Append the appointed Ia option to Buf, update the Ia option length, and move Buf
+ to the end of the option.
+ @param[in, out] Packet A pointer to the packet, on success Packet->Length
+ will be updated.
+ @param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
+ will be moved to the end of the option.
@param[in] Ia The pointer to the Ia.
@param[in] T1 The time of T1.
@param[in] T2 The time of T2.
@param[in] MessageType Message type of DHCP6 package.
- @return Buf The position to append the next Ia option.
-
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
-UINT8 *
+EFI_STATUS
Dhcp6AppendIaOption (
- IN OUT UINT8 *Buf,
- IN EFI_DHCP6_IA *Ia,
- IN UINT32 T1,
- IN UINT32 T2,
- IN UINT32 MessageType
+ IN OUT EFI_DHCP6_PACKET *Packet,
+ IN OUT UINT8 **PacketCursor,
+ IN EFI_DHCP6_IA *Ia,
+ IN UINT32 T1,
+ IN UINT32 T2,
+ IN UINT32 MessageType
);
/**
Append the appointed Elapsed time option to Buf, and move Buf to the end.
- @param[in, out] Buf The pointer to the position to append.
+ @param[in, out] Packet A pointer to the packet, on success Packet->Length
+ @param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
+ will be moved to the end of the option.
@param[in] Instance The pointer to the Dhcp6 instance.
@param[out] Elapsed The pointer to the elapsed time value in
the generated packet.
- @return Buf The position to append the next Ia option.
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
-UINT8 *
+EFI_STATUS
Dhcp6AppendETOption (
- IN OUT UINT8 *Buf,
- IN DHCP6_INSTANCE *Instance,
- OUT UINT16 **Elapsed
+ IN OUT EFI_DHCP6_PACKET *Packet,
+ IN OUT UINT8 **PacketCursor,
+ IN DHCP6_INSTANCE *Instance,
+ OUT UINT16 **Elapsed
);
/**
Set the elapsed time based on the given instance and the pointer to the
elapsed time option.
- @param[in] Elapsed The pointer to the position to append.
- @param[in] Instance The pointer to the Dhcp6 instance.
+ @retval EFI_INVALID_PARAMETER An argument provided to the function was invalid
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to append the option.
+ @retval EFI_SUCCESS The option is appended successfully.
**/
VOID
SetElapsedTime (
--
2.41.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
