lersek / edk2

Clone
Source Code
GIT

b8649cf NetworkPkg/IScsiDxe: check IScsiHexToBin() return values

1 file Authored by lersek 3 years ago, Committed by mergify[bot] 3 years ago,
raw patch tree parent
1 file changed. 14 lines added. 6 lines removed.
NetworkPkg/IScsiDxe/IScsiCHAP.c
file modified
+14 -6 
    NetworkPkg/IScsiDxe: check IScsiHexToBin() return values
    
    IScsiDxe (that is, the initiator) receives two hex-encoded strings from
    the iSCSI target:
    
    - CHAP_C, where the target challenges the initiator,
    
    - CHAP_R, where the target answers the challenge from the initiator (in
      case the initiator wants mutual authentication).
    
    Accordingly, we have two IScsiHexToBin() call sites:
    
    - At the CHAP_C decoding site, check whether the decoding succeeds. The
      decoded buffer ("AuthData->InChallenge") can accommodate 1024 bytes,
      which is a permissible restriction on the target, per
      <https://tools.ietf.org/html/rfc7143#section-12.1.3>. Shorter challenges
      from the target are acceptable.
    
    - At the CHAP_R decoding site, enforce that the decoding both succeed, and
      provide exactly ISCSI_CHAP_RSP_LEN bytes. CHAP_R contains the digest
      calculated by the target, therefore it must be of fixed size. We may
      only call IScsiCHAPAuthTarget() if "TargetRsp" has been fully populated.
    
    Cc: Jiaxin Wu <jiaxin.wu@intel.com>
    Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
    Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
    Cc: Siyuan Fu <siyuan.fu@intel.com>
    Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
    Signed-off-by: Laszlo Ersek <lersek@redhat.com>
    Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
    Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
    Message-Id: <20210608121259.32451-11-lersek@redhat.com>
file modified
+14 -6
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.