From 6c12fe63f989b1a3aff9f44c22b2833fa78cfcab Mon Sep 17 00:00:00 2001 From: Fu Siyuan Date: Thu, 27 Oct 2016 09:23:22 +0800 Subject: NetworkPkg: Update IP4 stack drivers for classless address unicast check. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan Reviewed-by: Ye Ting Reviewed-by: Wu Jiaxin --- NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c | 40 +++++++++++++++++++++++----------- NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c | 4 +++- 2 files changed, 30 insertions(+), 14 deletions(-) (limited to 'NetworkPkg/UefiPxeBcDxe') diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c index c7c5bd6..52095c5 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c @@ -856,8 +856,7 @@ EfiPxeBcMtftp ( (BufferSize == NULL) || (ServerIp == NULL) || ((BufferPtr == NULL) && DontUseBuffer) || - ((BlockSize != NULL) && (*BlockSize < PXE_MTFTP_DEFAULT_BLOCK_SIZE)) || - (!NetIp4IsUnicast (NTOHL (ServerIp->Addr[0]), 0) && !NetIp6IsValidUnicast (&ServerIp->v6))) { + ((BlockSize != NULL) && (*BlockSize < PXE_MTFTP_DEFAULT_BLOCK_SIZE))) { return EFI_INVALID_PARAMETER; } @@ -867,6 +866,16 @@ EfiPxeBcMtftp ( Mode = Private->PxeBc.Mode; if (Mode->UsingIpv6) { + if (!NetIp6IsValidUnicast (&ServerIp->v6)) { + return EFI_INVALID_PARAMETER; + } + } else { + if (IP4_IS_UNSPECIFIED (NTOHL (ServerIp->Addr[0])) || IP4_IS_LOCAL_BROADCAST (NTOHL (ServerIp->Addr[0]))) { + return EFI_INVALID_PARAMETER; + } + } + + if (Mode->UsingIpv6) { // // Set configuration data for Mtftp6 instance. // @@ -1076,7 +1085,7 @@ EfiPxeBcUdpWrite ( DoNotFragment = TRUE; } - if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL (GatewayIp->Addr[0]), 0)) { + if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL (GatewayIp->Addr[0]), EFI_NTOHL(Mode->SubnetMask))) { // // Gateway is provided but it's not a unicast IPv4 address, while it will be ignored for IPv6. // @@ -1587,13 +1596,16 @@ EfiPxeBcSetIpFilter ( // return EFI_INVALID_PARAMETER; } - if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0 && - (NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4), 0) || - NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6))) { - // - // If EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP is set and IPv4/IPv6 address - // is in IpList, promiscuous mode is needed. - // + if (Mode->UsingIpv6) { + if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0 && + NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6)) { + NeedPromiscuous = TRUE; + } + } else if ((EFI_NTOHL(Mode->StationIp) != 0) && + (EFI_NTOHL(Mode->SubnetMask) != 0) && + IP4_NET_EQUAL(EFI_NTOHL(Mode->StationIp), EFI_NTOHL(NewFilter->IpList[Index].v4), EFI_NTOHL(Mode->SubnetMask.v4)) && + NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4), EFI_NTOHL(Mode->SubnetMask)) && + ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0)) { NeedPromiscuous = TRUE; } } @@ -1987,9 +1999,7 @@ EfiPxeBcSetStationIP ( return EFI_INVALID_PARAMETER; } - if (NewStationIp != NULL && - (!NetIp4IsUnicast (NTOHL (NewStationIp->Addr[0]), 0) && - !NetIp6IsValidUnicast (&NewStationIp->v6))) { + if (NewStationIp != NULL && !NetIp6IsValidUnicast (&NewStationIp->v6)) { return EFI_INVALID_PARAMETER; } @@ -2003,6 +2013,10 @@ EfiPxeBcSetStationIP ( return EFI_INVALID_PARAMETER; } + if (!Mode->UsingIpv6 && NewStationIp != NULL && !NetIp4IsUnicast (NTOHL (NewStationIp->Addr[0]), NTOHL (NewSubnetMask->Addr[0]))) { + return EFI_INVALID_PARAMETER; + } + if (!Mode->Started) { return EFI_NOT_STARTED; } diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c index 3ea9518..00c652d 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c @@ -258,7 +258,9 @@ PxeBcIcmpErrorDpcHandle ( } if (EFI_IP4 (RxData->Header->SourceAddress) != 0 && - !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress), 0)) { + (NTOHL (Mode->SubnetMask.Addr[0]) != 0) && + IP4_NET_EQUAL (NTOHL(Mode->StationIp.Addr[0]), EFI_NTOHL (RxData->Header->SourceAddress), NTOHL (Mode->SubnetMask.Addr[0])) && + !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress), NTOHL (Mode->SubnetMask.Addr[0]))) { // // The source address of the received packet should be a valid unicast address. // -- cgit v1.1