From 557a962ce519757cacb236fbbc819f9300d9d287 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Mon, 26 Apr 2021 20:07:25 +0200 Subject: [PATCH 02/10] NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] RH-Commit: [2/10] ce3d2f2f2e16c44a621ffbed70ff245a1ec473bd RH-Bugzilla: 1956676 RH-Acked-by: Philippe Mathieu-Daudé The ISCSI_CHAP_AUTH_MAX_LEN macro is defined with value 1024. The usage of this macro currently involves a semantic (not functional) bug, which we're going to fix in a subsequent patch, eliminating ISCSI_CHAP_AUTH_MAX_LEN altogether. For now, remove the macro's usage from all "ISCSI_CHAP_AUTH_DATA.InChallenge" contexts. This is doable without duplicating open-coded constants. No changes in functionality. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daudé Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Maciej Rabeda Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 +- NetworkPkg/IScsiDxe/IScsiCHAP.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c index cbbc56ae5b..df3c2eb120 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -289,7 +289,7 @@ IScsiCHAPOnRspReceived ( } AuthData->InIdentifier = (UINT32) Result; - AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; + AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); IScsiHexToBin ( (UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h index 5e59fb678b..1fc1d96ea3 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -49,7 +49,7 @@ typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { typedef struct _ISCSI_CHAP_AUTH_DATA { ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; UINT32 InIdentifier; - UINT8 InChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; + UINT8 InChallenge[1024]; UINT32 InChallengeLength; // // Calculated CHAP Response (CHAP_R) value. -- 2.27.0