From f47859b9e9caf237d0691be7915cc026f4f015a4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Mon, 26 Apr 2021 19:05:20 +0200 Subject: [PATCH 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] RH-Commit: [1/10] 190e229a59ca2e2e48593b00942749336e04f81e RH-Bugzilla: 1956676 RH-Acked-by: Philippe Mathieu-Daudé Working with overlong lines is difficult for me; rewrap the CHAP-related source files in IScsiDxe to 80 characters width. No functional changes. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daudé Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daudé Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++++++++++++-------- NetworkPkg/IScsiDxe/IScsiCHAP.h | 3 +- 2 files changed, 71 insertions(+), 22 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c index 355c6f129f..cbbc56ae5b 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -1,5 +1,6 @@ /** @file - This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration. + This file is for Challenge-Handshake Authentication Protocol (CHAP) + Configuration. Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -18,9 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @param[in] ChallengeLength The length of iSCSI CHAP challenge message. @param[out] ChapResponse The calculation of the expected hash value. - @retval EFI_SUCCESS The expected hash value was calculatedly successfully. - @retval EFI_PROTOCOL_ERROR The length of the secret should be at least the - length of the hash value for the hashing algorithm chosen. + @retval EFI_SUCCESS The expected hash value was calculatedly + successfully. + @retval EFI_PROTOCOL_ERROR The length of the secret should be at least + the length of the hash value for the hashing + algorithm chosen. @retval EFI_PROTOCOL_ERROR MD5 hash operation fail. @retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD5. @@ -94,8 +97,10 @@ Exit: @param[in] AuthData iSCSI CHAP authentication data. @param[in] TargetResponse The response from target. - @retval EFI_SUCCESS The response from target passed authentication. - @retval EFI_SECURITY_VIOLATION The response from target was not expected value. + @retval EFI_SUCCESS The response from target passed + authentication. + @retval EFI_SECURITY_VIOLATION The response from target was not expected + value. @retval Others Other errors as indicated. **/ @@ -193,7 +198,10 @@ IScsiCHAPOnRspReceived ( // // The first Login Response. // - Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG); + Value = IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_TARGET_PORTAL_GROUP_TAG + ); if (Value == NULL) { goto ON_EXIT; } @@ -205,13 +213,17 @@ IScsiCHAPOnRspReceived ( Session->TargetPortalGroupTag = (UINT16) Result; - Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD); + Value = IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_AUTH_METHOD + ); if (Value == NULL) { goto ON_EXIT; } // - // Initiator mandates CHAP authentication but target replies without "CHAP", or - // initiator suggets "None" but target replies with some kind of auth method. + // Initiator mandates CHAP authentication but target replies without + // "CHAP", or initiator suggets "None" but target replies with some kind of + // auth method. // if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) { if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) { @@ -236,7 +248,10 @@ IScsiCHAPOnRspReceived ( // // The Target replies with CHAP_A= CHAP_I= CHAP_C= // - Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM); + Value = IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_ALGORITHM + ); if (Value == NULL) { goto ON_EXIT; } @@ -249,12 +264,18 @@ IScsiCHAPOnRspReceived ( goto ON_EXIT; } - Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER); + Identifier = IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_IDENTIFIER + ); if (Identifier == NULL) { goto ON_EXIT; } - Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE); + Challenge = IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_CHALLENGE + ); if (Challenge == NULL) { goto ON_EXIT; } @@ -269,7 +290,11 @@ IScsiCHAPOnRspReceived ( AuthData->InIdentifier = (UINT32) Result; AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; - IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge); + IScsiHexToBin ( + (UINT8 *) AuthData->InChallenge, + &AuthData->InChallengeLength, + Challenge + ); Status = IScsiCHAPCalculateResponse ( AuthData->InIdentifier, AuthData->AuthConfig->CHAPSecret, @@ -303,7 +328,10 @@ IScsiCHAPOnRspReceived ( goto ON_EXIT; } - Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE); + Response = IScsiGetValueByKeyFromList ( + KeyValueList, + ISCSI_KEY_CHAP_RESPONSE + ); if (Response == NULL) { goto ON_EXIT; } @@ -341,7 +369,8 @@ ON_EXIT: @param[in, out] Pdu The PDU to send out. @retval EFI_SUCCESS All check passed and the phase-related CHAP - authentication info is filled into the iSCSI PDU. + authentication info is filled into the iSCSI + PDU. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. @@ -392,7 +421,11 @@ IScsiCHAPToSendReq ( // It's the initial Login Request. Fill in the key=value pairs mandatory // for the initial Login Request. // - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName); + IScsiAddKeyValuePair ( + Pdu, + ISCSI_KEY_INITIATOR_NAME, + mPrivate->InitiatorName + ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal"); IScsiAddKeyValuePair ( Pdu, @@ -413,7 +446,8 @@ IScsiCHAPToSendReq ( case ISCSI_CHAP_STEP_ONE: // - // First step, send the Login Request with CHAP_A= key-value pair. + // First step, send the Login Request with CHAP_A= key-value + // pair. // AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr); @@ -429,11 +463,20 @@ IScsiCHAPToSendReq ( // // CHAP_N= // - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName); + IScsiAddKeyValuePair ( + Pdu, + ISCSI_KEY_CHAP_NAME, + (CHAR8 *) &AuthData->AuthConfig->CHAPName + ); // // CHAP_R= // - IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen); + IScsiBinToHex ( + (UINT8 *) AuthData->CHAPResponse, + ISCSI_CHAP_RSP_LEN, + Response, + &RspLen + ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { @@ -448,7 +491,12 @@ IScsiCHAPToSendReq ( // IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; - IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen); + IScsiBinToHex ( + (UINT8 *) AuthData->OutChallenge, + ISCSI_CHAP_RSP_LEN, + Challenge, + &ChallengeLen + ); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h index 140bba0dcd..5e59fb678b 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -88,7 +88,8 @@ IScsiCHAPOnRspReceived ( @param[in, out] Pdu The PDU to send out. @retval EFI_SUCCESS All check passed and the phase-related CHAP - authentication info is filled into the iSCSI PDU. + authentication info is filled into the iSCSI + PDU. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. -- 2.27.0