251 lines
10 KiB
Diff
251 lines
10 KiB
Diff
From f47859b9e9caf237d0691be7915cc026f4f015a4 Mon Sep 17 00:00:00 2001
|
|
From: Laszlo Ersek <lersek@redhat.com>
|
|
Date: Mon, 26 Apr 2021 19:05:20 +0200
|
|
Subject: [PATCH 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80
|
|
characters
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
|
RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z]
|
|
RH-Commit: [1/10] 190e229a59ca2e2e48593b00942749336e04f81e
|
|
RH-Bugzilla: 1956676
|
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
|
Working with overlong lines is difficult for me; rewrap the CHAP-related
|
|
source files in IScsiDxe to 80 characters width. No functional changes.
|
|
|
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
|
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
|
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22
|
|
---
|
|
NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++++++++++++--------
|
|
NetworkPkg/IScsiDxe/IScsiCHAP.h | 3 +-
|
|
2 files changed, 71 insertions(+), 22 deletions(-)
|
|
|
|
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
|
index 355c6f129f..cbbc56ae5b 100644
|
|
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
|
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
|
@@ -1,5 +1,6 @@
|
|
/** @file
|
|
- This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration.
|
|
+ This file is for Challenge-Handshake Authentication Protocol (CHAP)
|
|
+ Configuration.
|
|
|
|
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
@@ -18,9 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
@param[in] ChallengeLength The length of iSCSI CHAP challenge message.
|
|
@param[out] ChapResponse The calculation of the expected hash value.
|
|
|
|
- @retval EFI_SUCCESS The expected hash value was calculatedly successfully.
|
|
- @retval EFI_PROTOCOL_ERROR The length of the secret should be at least the
|
|
- length of the hash value for the hashing algorithm chosen.
|
|
+ @retval EFI_SUCCESS The expected hash value was calculatedly
|
|
+ successfully.
|
|
+ @retval EFI_PROTOCOL_ERROR The length of the secret should be at least
|
|
+ the length of the hash value for the hashing
|
|
+ algorithm chosen.
|
|
@retval EFI_PROTOCOL_ERROR MD5 hash operation fail.
|
|
@retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD5.
|
|
|
|
@@ -94,8 +97,10 @@ Exit:
|
|
@param[in] AuthData iSCSI CHAP authentication data.
|
|
@param[in] TargetResponse The response from target.
|
|
|
|
- @retval EFI_SUCCESS The response from target passed authentication.
|
|
- @retval EFI_SECURITY_VIOLATION The response from target was not expected value.
|
|
+ @retval EFI_SUCCESS The response from target passed
|
|
+ authentication.
|
|
+ @retval EFI_SECURITY_VIOLATION The response from target was not expected
|
|
+ value.
|
|
@retval Others Other errors as indicated.
|
|
|
|
**/
|
|
@@ -193,7 +198,10 @@ IScsiCHAPOnRspReceived (
|
|
//
|
|
// The first Login Response.
|
|
//
|
|
- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG);
|
|
+ Value = IScsiGetValueByKeyFromList (
|
|
+ KeyValueList,
|
|
+ ISCSI_KEY_TARGET_PORTAL_GROUP_TAG
|
|
+ );
|
|
if (Value == NULL) {
|
|
goto ON_EXIT;
|
|
}
|
|
@@ -205,13 +213,17 @@ IScsiCHAPOnRspReceived (
|
|
|
|
Session->TargetPortalGroupTag = (UINT16) Result;
|
|
|
|
- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD);
|
|
+ Value = IScsiGetValueByKeyFromList (
|
|
+ KeyValueList,
|
|
+ ISCSI_KEY_AUTH_METHOD
|
|
+ );
|
|
if (Value == NULL) {
|
|
goto ON_EXIT;
|
|
}
|
|
//
|
|
- // Initiator mandates CHAP authentication but target replies without "CHAP", or
|
|
- // initiator suggets "None" but target replies with some kind of auth method.
|
|
+ // Initiator mandates CHAP authentication but target replies without
|
|
+ // "CHAP", or initiator suggets "None" but target replies with some kind of
|
|
+ // auth method.
|
|
//
|
|
if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) {
|
|
if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) {
|
|
@@ -236,7 +248,10 @@ IScsiCHAPOnRspReceived (
|
|
//
|
|
// The Target replies with CHAP_A=<A> CHAP_I=<I> CHAP_C=<C>
|
|
//
|
|
- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM);
|
|
+ Value = IScsiGetValueByKeyFromList (
|
|
+ KeyValueList,
|
|
+ ISCSI_KEY_CHAP_ALGORITHM
|
|
+ );
|
|
if (Value == NULL) {
|
|
goto ON_EXIT;
|
|
}
|
|
@@ -249,12 +264,18 @@ IScsiCHAPOnRspReceived (
|
|
goto ON_EXIT;
|
|
}
|
|
|
|
- Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER);
|
|
+ Identifier = IScsiGetValueByKeyFromList (
|
|
+ KeyValueList,
|
|
+ ISCSI_KEY_CHAP_IDENTIFIER
|
|
+ );
|
|
if (Identifier == NULL) {
|
|
goto ON_EXIT;
|
|
}
|
|
|
|
- Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE);
|
|
+ Challenge = IScsiGetValueByKeyFromList (
|
|
+ KeyValueList,
|
|
+ ISCSI_KEY_CHAP_CHALLENGE
|
|
+ );
|
|
if (Challenge == NULL) {
|
|
goto ON_EXIT;
|
|
}
|
|
@@ -269,7 +290,11 @@ IScsiCHAPOnRspReceived (
|
|
|
|
AuthData->InIdentifier = (UINT32) Result;
|
|
AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN;
|
|
- IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge);
|
|
+ IScsiHexToBin (
|
|
+ (UINT8 *) AuthData->InChallenge,
|
|
+ &AuthData->InChallengeLength,
|
|
+ Challenge
|
|
+ );
|
|
Status = IScsiCHAPCalculateResponse (
|
|
AuthData->InIdentifier,
|
|
AuthData->AuthConfig->CHAPSecret,
|
|
@@ -303,7 +328,10 @@ IScsiCHAPOnRspReceived (
|
|
goto ON_EXIT;
|
|
}
|
|
|
|
- Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE);
|
|
+ Response = IScsiGetValueByKeyFromList (
|
|
+ KeyValueList,
|
|
+ ISCSI_KEY_CHAP_RESPONSE
|
|
+ );
|
|
if (Response == NULL) {
|
|
goto ON_EXIT;
|
|
}
|
|
@@ -341,7 +369,8 @@ ON_EXIT:
|
|
@param[in, out] Pdu The PDU to send out.
|
|
|
|
@retval EFI_SUCCESS All check passed and the phase-related CHAP
|
|
- authentication info is filled into the iSCSI PDU.
|
|
+ authentication info is filled into the iSCSI
|
|
+ PDU.
|
|
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
|
|
@retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.
|
|
|
|
@@ -392,7 +421,11 @@ IScsiCHAPToSendReq (
|
|
// It's the initial Login Request. Fill in the key=value pairs mandatory
|
|
// for the initial Login Request.
|
|
//
|
|
- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName);
|
|
+ IScsiAddKeyValuePair (
|
|
+ Pdu,
|
|
+ ISCSI_KEY_INITIATOR_NAME,
|
|
+ mPrivate->InitiatorName
|
|
+ );
|
|
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal");
|
|
IScsiAddKeyValuePair (
|
|
Pdu,
|
|
@@ -413,7 +446,8 @@ IScsiCHAPToSendReq (
|
|
|
|
case ISCSI_CHAP_STEP_ONE:
|
|
//
|
|
- // First step, send the Login Request with CHAP_A=<A1,A2...> key-value pair.
|
|
+ // First step, send the Login Request with CHAP_A=<A1,A2...> key-value
|
|
+ // pair.
|
|
//
|
|
AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5);
|
|
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr);
|
|
@@ -429,11 +463,20 @@ IScsiCHAPToSendReq (
|
|
//
|
|
// CHAP_N=<N>
|
|
//
|
|
- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName);
|
|
+ IScsiAddKeyValuePair (
|
|
+ Pdu,
|
|
+ ISCSI_KEY_CHAP_NAME,
|
|
+ (CHAR8 *) &AuthData->AuthConfig->CHAPName
|
|
+ );
|
|
//
|
|
// CHAP_R=<R>
|
|
//
|
|
- IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen);
|
|
+ IScsiBinToHex (
|
|
+ (UINT8 *) AuthData->CHAPResponse,
|
|
+ ISCSI_CHAP_RSP_LEN,
|
|
+ Response,
|
|
+ &RspLen
|
|
+ );
|
|
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response);
|
|
|
|
if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) {
|
|
@@ -448,7 +491,12 @@ IScsiCHAPToSendReq (
|
|
//
|
|
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
|
|
AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN;
|
|
- IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen);
|
|
+ IScsiBinToHex (
|
|
+ (UINT8 *) AuthData->OutChallenge,
|
|
+ ISCSI_CHAP_RSP_LEN,
|
|
+ Challenge,
|
|
+ &ChallengeLen
|
|
+ );
|
|
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge);
|
|
|
|
Conn->AuthStep = ISCSI_CHAP_STEP_FOUR;
|
|
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
|
index 140bba0dcd..5e59fb678b 100644
|
|
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
|
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
|
@@ -88,7 +88,8 @@ IScsiCHAPOnRspReceived (
|
|
@param[in, out] Pdu The PDU to send out.
|
|
|
|
@retval EFI_SUCCESS All check passed and the phase-related CHAP
|
|
- authentication info is filled into the iSCSI PDU.
|
|
+ authentication info is filled into the iSCSI
|
|
+ PDU.
|
|
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
|
|
@retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.
|
|
|
|
--
|
|
2.27.0
|
|
|