The input param String of AsciiStrStr() requires a pointer to Null-terminated string, however in HttpTcpReceiveHeader() and HttpUtilitiesParse(), the Buffersize before AllocateZeroPool() is equal to the size of TCP header, after the CopyMem(), it might not end with Null-terminator. It might cause memory access overflow.
Songpeng Li (2): NetworkPkg/HttpDxe: fix read memory access overflow in HTTPBoot. NetworkPkg/HttpUtilitiesDxe: fix read memory access overflow. NetworkPkg/HttpDxe/HttpProto.c | 10 ++++++---- NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesProtocol.c | 8 +++++++- 2 files changed, 13 insertions(+), 5 deletions(-) -- 2.18.0.windows.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
