From 95ce1cb291324bdef3c790e367ba6ac8752c5f23 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 27 Apr 2021 10:26:01 +0200 Subject: [PATCH 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] RH-Commit: [6/10] b302b99312b327b9bf04ea408c638fa0e366d643 RH-Bugzilla: 1956676 RH-Acked-by: Philippe Mathieu-Daudé IScsiBinToHex() is called for encoding: - the answer to the target's challenge; that is, CHAP_R; - the challenge for the target, in case mutual authentication is enabled; that is, CHAP_C. The initiator controls the size of both blobs, the sizes of their hex encodings are correctly calculated in "RspLen" and "ChallengeLen". Therefore the IScsiBinToHex() calls never fail; assert that. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daudé Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Maciej Rabeda Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c index 9e192ce292..dbe3c8ef46 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -391,6 +391,7 @@ IScsiCHAPToSendReq ( UINT32 RspLen; CHAR8 *Challenge; UINT32 ChallengeLen; + EFI_STATUS BinToHexStatus; ASSERT (Conn->CurrentStage == ISCSI_SECURITY_NEGOTIATION); @@ -471,12 +472,13 @@ IScsiCHAPToSendReq ( // // CHAP_R= // - IScsiBinToHex ( - (UINT8 *) AuthData->CHAPResponse, - ISCSI_CHAP_RSP_LEN, - Response, - &RspLen - ); + BinToHexStatus = IScsiBinToHex ( + (UINT8 *) AuthData->CHAPResponse, + ISCSI_CHAP_RSP_LEN, + Response, + &RspLen + ); + ASSERT_EFI_ERROR (BinToHexStatus); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { @@ -490,12 +492,13 @@ IScsiCHAPToSendReq ( // CHAP_C= // IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); - IScsiBinToHex ( - (UINT8 *) AuthData->OutChallenge, - ISCSI_CHAP_RSP_LEN, - Challenge, - &ChallengeLen - ); + BinToHexStatus = IScsiBinToHex ( + (UINT8 *) AuthData->OutChallenge, + ISCSI_CHAP_RSP_LEN, + Challenge, + &ChallengeLen + ); + ASSERT_EFI_ERROR (BinToHexStatus); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; -- 2.27.0