From d28c0053e94b8e721307ac1698d86e5dfb328e6d Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Mon, 2 Dec 2019 12:32:04 +0100 Subject: [PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek Message-id: <20191117220052.15700-9-lersek@redhat.com> Patchwork-id: 92459 O-Subject: [RHEL-8.2.0 edk2 PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553) Bugzilla: 1536624 RH-Acked-by: Vitaly Kuznetsov RH-Acked-by: Philippe Mathieu-Daudé From: "Wu, Jiaxin" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 Set the HostName by consuming TLS protocol to enable the host name check so as to avoid the potential Man-In-The-Middle attack. Signed-off-by: Wu Jiaxin Reviewed-by: Ye Ting Reviewed-by: Long Qin Reviewed-by: Fu Siyuan Acked-by: Laszlo Ersek Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com> Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Signed-off-by: Laszlo Ersek (cherry picked from commit e2fc50812895b17e8b23f5a9c43cde29531b200f) --- NetworkPkg/HttpDxe/HttpProto.h | 1 + NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h index 6e1f517..34308e0 100644 --- a/NetworkPkg/HttpDxe/HttpProto.h +++ b/NetworkPkg/HttpDxe/HttpProto.h @@ -82,6 +82,7 @@ typedef struct { EFI_TLS_VERSION Version; EFI_TLS_CONNECTION_END ConnectionEnd; EFI_TLS_VERIFY VerifyMethod; + EFI_TLS_VERIFY_HOST VerifyHost; EFI_TLS_SESSION_STATE SessionState; } TLS_CONFIG_DATA; diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c index 988bbcb..5dfb13b 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -623,13 +623,16 @@ TlsConfigureSession ( // // TlsConfigData initialization // - HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; - HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; - HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; + HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; + HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; + HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS; + HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost; + HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; // // EfiTlsConnectionEnd, - // EfiTlsVerifyMethod + // EfiTlsVerifyMethod, + // EfiTlsVerifyHost, // EfiTlsSessionState // Status = HttpInstance->Tls->SetSessionData ( @@ -654,6 +657,16 @@ TlsConfigureSession ( Status = HttpInstance->Tls->SetSessionData ( HttpInstance->Tls, + EfiTlsVerifyHost, + &HttpInstance->TlsConfigData.VerifyHost, + sizeof (EFI_TLS_VERIFY_HOST) + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = HttpInstance->Tls->SetSessionData ( + HttpInstance->Tls, EfiTlsSessionState, &(HttpInstance->TlsConfigData.SessionState), sizeof (EFI_TLS_SESSION_STATE) -- 1.8.3.1