Cc: Ye Ting <ting...@intel.com> Cc: Fu Siyuan <siyuan...@intel.com> Cc: Wang Fan <fan.w...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> --- MdeModulePkg/Include/Library/HttpLib.h | 1 + MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c | 25 ++++++++++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/MdeModulePkg/Include/Library/HttpLib.h b/MdeModulePkg/Include/Library/HttpLib.h index 8539820..88b56ae 100644 --- a/MdeModulePkg/Include/Library/HttpLib.h +++ b/MdeModulePkg/Include/Library/HttpLib.h @@ -370,10 +370,11 @@ HttpFindHeader ( @param[in] FieldName FieldName of this HttpHeader, a NULL terminated ASCII string. @param[in] FieldValue FieldValue of this HttpHeader, a NULL terminated ASCII string. @retval EFI_SUCCESS The FieldName and FieldValue are set into HttpHeader successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. @retval EFI_OUT_OF_RESOURCES Failed to allocate resources. **/ EFI_STATUS EFIAPI diff --git a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c index 27b94e3..38ded5d 100644 --- a/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c +++ b/MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.c @@ -1396,10 +1396,14 @@ HttpIsMessageComplete ( IN VOID *MsgParser ) { HTTP_BODY_PARSER *Parser; + if (MsgParser == NULL) { + return FALSE; + } + Parser = (HTTP_BODY_PARSER*) MsgParser; if (Parser->State == BodyParserComplete) { return TRUE; } @@ -1497,10 +1501,11 @@ AsciiStrGetNextToken ( @param[in] FieldName FieldName of this HttpHeader, a NULL terminated ASCII string. @param[in] FieldValue FieldValue of this HttpHeader, a NULL terminated ASCII string. @retval EFI_SUCCESS The FieldName and FieldValue are set into HttpHeader successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. @retval EFI_OUT_OF_RESOURCES Failed to allocate resources. **/ EFI_STATUS EFIAPI @@ -1511,10 +1516,14 @@ HttpSetFieldNameAndValue ( ) { UINTN FieldNameSize; UINTN FieldValueSize; + if (HttpHeader == NULL || FieldName == NULL || FieldValue == NULL) { + return EFI_INVALID_PARAMETER; + } + if (HttpHeader->FieldName != NULL) { FreePool (HttpHeader->FieldName); } if (HttpHeader->FieldValue != NULL) { FreePool (HttpHeader->FieldValue); @@ -1728,14 +1737,10 @@ HttpGenRequestMessage ( VOID *HttpHdr; EFI_HTTP_HEADER **AppendList; UINTN Index; EFI_HTTP_UTILITIES_PROTOCOL *HttpUtilitiesProtocol; - - ASSERT (Message != NULL); - - *RequestMsg = NULL; Status = EFI_SUCCESS; HttpHdrSize = 0; MsgSize = 0; Success = FALSE; HttpHdr = NULL; @@ -1746,11 +1751,12 @@ HttpGenRequestMessage ( // 1. If we have a Request, we cannot have a NULL Url // 2. If we have a Request, HeaderCount can not be non-zero // 3. If we do not have a Request, HeaderCount should be zero // 4. If we do not have Request and Headers, we need at least a message-body // - if ((Message->Data.Request != NULL && Url == NULL) || + if ((Message == NULL || RequestMsg == NULL || RequestMsgSize == NULL) || + (Message->Data.Request != NULL && Url == NULL) || (Message->Data.Request != NULL && Message->HeaderCount == 0) || (Message->Data.Request == NULL && Message->HeaderCount != 0) || (Message->Data.Request == NULL && Message->HeaderCount == 0 && Message->BodyLength == 0)) { return EFI_INVALID_PARAMETER; } @@ -1827,10 +1833,11 @@ HttpGenRequestMessage ( MsgSize += Message->BodyLength; // // memory for the string that needs to be sent to TCP // + *RequestMsg = NULL; *RequestMsg = AllocateZeroPool (MsgSize); if (*RequestMsg == NULL) { Status = EFI_OUT_OF_RESOURCES; goto Exit; } @@ -2052,11 +2059,19 @@ HttpIsValidHttpHeader ( IN CHAR8 *FieldName ) { UINTN Index; + if (FieldName == NULL) { + return FALSE; + } + for (Index = 0; Index < DeleteCount; Index++) { + if (DeleteList[Index] == NULL) { + continue; + } + if (AsciiStrCmp (FieldName, DeleteList[Index]) == 0) { return FALSE; } } -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel