mirror of
https://github.com/u-boot/u-boot.git
synced 2025-04-17 02:15:02 +00:00
Pull request efi-2025-04-rc4
UEFI: * let efi_net_set_dp properly update the device path Network: * avoid buffer overflows in wget_info with legacy TCP stack -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmfEES4ACgkQhO4vgnE3 U0sZJBAAs2+uW+L30J/2lYEUTsgpliciiCdIU3O44uM+9xK52xVtFqHxZh67twRg cFfqooVg3CGR2Sxn78I40G8ibeEukua1IZStxKSm+eQF5eiKRB5Vxmr03KY0siSE 4IVGZbll4meSnpalpGvIHctZtWb8nQQvhIHE8+8wEmau+UMHbRWmfbTF/SymoIrr //azmapXOYOYGZVh+UKMFoeLJxpA7k+IHvKQgX7CppOgb15Z8RUMjgqizqrYxRkn TOK+51TOigd7ap5+Nz0sFF4knx0yKLpvAZZgS/dln9WvAHD6GccKu2FDfm6ayTvy n10NCgPlQcRVGt26ws01sL5+bLr2bAtcH9zxFmllwknZb5esAo2CmACD/UBYhcrL /jVYveVucCZSVAPCP9h3mx5zUQkxJjpJmymb7NbAGhqp1gwk5XFglBeyMSgQjjDe VecHWTuGIzi8vN4WqYreogdhrEOt+6pCxoe+V24zRCwwczCTgWGFI15ifyoRsJmi psXkyZg/MjGwkZqzN4ZxH2KYCCjUoCdJ/JceSDPWGO15xKc6ZB91tCjKJgAkMlcA kL7hfYz1oP5MWRj1/mzJ99EreyV93xsXtoC7TKKI8BkqPRsSAxso25AkwduTIpR1 zLrAJBkdEAZUG6J9WFeWkOBU0sJCWaT213ArJM2Zq5pH6BL9fLw= =vRs8 -----END PGP SIGNATURE----- Merge tag 'efi-2025-04-rc4' of https://source.denx.de/u-boot/custodians/u-boot-efi CI: * https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/24904 UEFI: * Let efi_net_set_dp properly update the device path Network: * Avoid buffer overflows in wget_info with legacy TCP stack
This commit is contained in:
Tom Rini
commit
d4e428856c
2 changed files with 63 additions and 16 deletions
|
|
@ -927,12 +927,15 @@ efi_status_t efi_net_register(void)
|
|||
&netobj->net);
|
||||
if (r != EFI_SUCCESS)
|
||||
goto failure_to_add_protocol;
|
||||
if (!net_dp)
|
||||
efi_net_set_dp("Net", NULL);
|
||||
r = efi_add_protocol(&netobj->header, &efi_guid_device_path,
|
||||
net_dp);
|
||||
|
||||
if (net_dp)
|
||||
r = efi_add_protocol(&netobj->header, &efi_guid_device_path,
|
||||
net_dp);
|
||||
else
|
||||
r = efi_net_set_dp("Net", NULL);
|
||||
if (r != EFI_SUCCESS)
|
||||
goto failure_to_add_protocol;
|
||||
|
||||
r = efi_add_protocol(&netobj->header, &efi_pxe_base_code_protocol_guid,
|
||||
&netobj->pxe);
|
||||
if (r != EFI_SUCCESS)
|
||||
|
|
@ -1057,18 +1060,58 @@ out_of_resources:
|
|||
*/
|
||||
efi_status_t efi_net_set_dp(const char *dev, const char *server)
|
||||
{
|
||||
efi_free_pool(net_dp);
|
||||
efi_status_t ret = EFI_SUCCESS;
|
||||
struct efi_handler *phandler;
|
||||
struct efi_device_path *old_net_dp, *new_net_dp;
|
||||
|
||||
net_dp = NULL;
|
||||
old_net_dp = net_dp;
|
||||
new_net_dp = NULL;
|
||||
if (!strcmp(dev, "Net"))
|
||||
net_dp = efi_dp_from_eth();
|
||||
new_net_dp = efi_dp_from_eth();
|
||||
else if (!strcmp(dev, "Http"))
|
||||
net_dp = efi_dp_from_http(server);
|
||||
new_net_dp = efi_dp_from_http(server);
|
||||
|
||||
if (!net_dp)
|
||||
if (!new_net_dp) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
// If netobj is not started yet, end here.
|
||||
if (!netobj) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
phandler = NULL;
|
||||
efi_search_protocol(&netobj->header, &efi_guid_device_path, &phandler);
|
||||
|
||||
// If the device path protocol is not yet installed, install it
|
||||
if (!phandler)
|
||||
goto add;
|
||||
|
||||
// If it is already installed, try to update it
|
||||
ret = efi_reinstall_protocol_interface(&netobj->header, &efi_guid_device_path,
|
||||
old_net_dp, new_net_dp);
|
||||
if (ret != EFI_SUCCESS)
|
||||
goto error;
|
||||
|
||||
net_dp = new_net_dp;
|
||||
efi_free_pool(old_net_dp);
|
||||
|
||||
return EFI_SUCCESS;
|
||||
add:
|
||||
ret = efi_add_protocol(&netobj->header, &efi_guid_device_path,
|
||||
new_net_dp);
|
||||
if (ret != EFI_SUCCESS)
|
||||
goto error;
|
||||
exit:
|
||||
net_dp = new_net_dp;
|
||||
efi_free_pool(old_net_dp);
|
||||
|
||||
return ret;
|
||||
error:
|
||||
// Failed, restore
|
||||
efi_free_pool(new_net_dp);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
18
net/wget.c
18
net/wget.c
|
|
@ -53,6 +53,9 @@ static inline int store_block(uchar *src, unsigned int offset, unsigned int len)
|
|||
ulong store_addr = image_load_addr + offset;
|
||||
uchar *ptr;
|
||||
|
||||
// Avoid overflow
|
||||
if (wget_info->buffer_size && wget_info->buffer_size < offset + len)
|
||||
return -1;
|
||||
if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) {
|
||||
if (store_addr < image_load_addr ||
|
||||
lmb_read_check(store_addr, len)) {
|
||||
|
|
@ -98,12 +101,6 @@ static void tcp_stream_on_closed(struct tcp_stream *tcp)
|
|||
net_set_state(wget_loop_state);
|
||||
if (wget_loop_state != NETLOOP_SUCCESS) {
|
||||
net_boot_file_size = 0;
|
||||
if (wget_info->status_code == HTTP_STATUS_OK) {
|
||||
wget_info->status_code = HTTP_STATUS_BAD;
|
||||
wget_info->hdr_cont_len = 0;
|
||||
if (wget_info->headers)
|
||||
wget_info->headers[0] = 0;
|
||||
}
|
||||
printf("\nwget: Transfer Fail, TCP status - %d\n", tcp->status);
|
||||
return;
|
||||
}
|
||||
|
|
@ -212,6 +209,11 @@ static void tcp_stream_on_rcv_nxt_update(struct tcp_stream *tcp, u32 rx_bytes)
|
|||
"wget: Connected Len %lu\n",
|
||||
content_length);
|
||||
wget_info->hdr_cont_len = content_length;
|
||||
if (wget_info->buffer_size && wget_info->buffer_size < wget_info->hdr_cont_len){
|
||||
tcp_stream_reset(tcp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
net_boot_file_size = rx_bytes - http_hdr_size;
|
||||
|
|
@ -227,7 +229,9 @@ static int tcp_stream_rx(struct tcp_stream *tcp, u32 rx_offs, void *buf, int len
|
|||
if ((max_rx_pos == (u32)(-1)) || (max_rx_pos < rx_offs + len - 1))
|
||||
max_rx_pos = rx_offs + len - 1;
|
||||
|
||||
store_block(buf, rx_offs - http_hdr_size, len);
|
||||
// Avoid overflow
|
||||
if (store_block(buf, rx_offs - http_hdr_size, len) < 0)
|
||||
return -1;
|
||||
|
||||
return len;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue