Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1251
IpSecDxe failed to create the Child SA during parsing SA Payload, the issue was caused by the below commit: SHA-1: 1e0db7b11987d0ec93be7dfe26102a327860fdbd * MdeModulePkg/NetworkPkg: Checking for NULL pointer before use. In above commit, it changed the value of IsMatch in Ikev2ChildSaParseSaPayload() to FALSE. That's correct but it exposed the potential bug in to match the correct proposal Data, which will cause the issue happen. Cc: Fu Siyuan <siyuan...@intel.com> Cc: Ye Ting <ting...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> --- NetworkPkg/IpSecDxe/Ikev2/Utility.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c index 0c9c929705..d61bae8c9d 100644 --- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c +++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c @@ -2502,15 +2502,16 @@ Ikev2ChildSaParseSaPayload ( IntegrityAlgorithm == PreferIntegrityAlgorithm && IsSupportEsn == PreferIsSupportEsn ) { IsMatch = TRUE; } else { - PreferEncryptAlgorithm = 0; - PreferIntegrityAlgorithm = 0; - IsSupportEsn = TRUE; + IntegrityAlgorithm = 0; + EncryptAlgorithm = 0; + EncryptKeylength = 0; + IsSupportEsn = FALSE; } - ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) + + ProposalData = (IKEV2_PROPOSAL_DATA*)((UINT8*)(ProposalData + 1) + ProposalData->NumTransforms * sizeof (IKEV2_TRANSFORM_DATA)); } ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1); if (IsMatch) { -- 2.17.1.windows.2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel