Skip to content

Commit 703e7ab

Browse files
Wu, JiaxinLaszlo Ersek
Wu, Jiaxin
authored and
Laszlo Ersek
committed
NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 The new data type named "EfiTlsVerifyHost" and the EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol. Signed-off-by: Wu Jiaxin <[email protected]> Reviewed-by: Ye Ting <[email protected]> Reviewed-by: Long Qin <[email protected]> Reviewed-by: Fu Siyuan <[email protected]> Acked-by: Laszlo Ersek <[email protected]> Message-Id: <[email protected]> Cc: David Woodhouse <[email protected]> Cc: Jian J Wang <[email protected]> Cc: Jiaxin Wu <[email protected]> Cc: Sivaraman Nainar <[email protected]> Cc: Xiaoyu Lu <[email protected]> Signed-off-by: Laszlo Ersek <[email protected]>
1 parent 1e72b1f commit 703e7ab

File tree

1 file changed

+41
-3
lines changed

1 file changed

+41
-3
lines changed

NetworkPkg/TlsDxe/TlsProtocol.c

Lines changed: 41 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/** @file
22
Implementation of EFI TLS Protocol Interfaces.
33
4-
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
4+
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
55
66
SPDX-License-Identifier: BSD-2-Clause-Patent
77
@@ -56,12 +56,16 @@ TlsSetSessionData (
5656
UINT16 *CipherId;
5757
CONST EFI_TLS_CIPHER *TlsCipherList;
5858
UINTN CipherCount;
59+
CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;
60+
EFI_TLS_VERIFY VerifyMethod;
61+
UINTN VerifyMethodSize;
5962
UINTN Index;
6063

6164
EFI_TPL OldTpl;
6265

63-
Status = EFI_SUCCESS;
64-
CipherId = NULL;
66+
Status = EFI_SUCCESS;
67+
CipherId = NULL;
68+
VerifyMethodSize = sizeof (EFI_TLS_VERIFY);
6569

6670
if (This == NULL || Data == NULL || DataSize == 0) {
6771
return EFI_INVALID_PARAMETER;
@@ -148,6 +152,40 @@ TlsSetSessionData (
148152
}
149153

150154
TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
155+
break;
156+
case EfiTlsVerifyHost:
157+
if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {
158+
Status = EFI_INVALID_PARAMETER;
159+
goto ON_EXIT;
160+
}
161+
162+
TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;
163+
164+
if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&
165+
(TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {
166+
Status = EFI_INVALID_PARAMETER;
167+
goto ON_EXIT;
168+
}
169+
170+
if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&
171+
((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||
172+
(TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {
173+
Status = EFI_INVALID_PARAMETER;
174+
goto ON_EXIT;
175+
}
176+
177+
Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);
178+
if (EFI_ERROR (Status)) {
179+
goto ON_EXIT;
180+
}
181+
182+
if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {
183+
Status = EFI_INVALID_PARAMETER;
184+
goto ON_EXIT;
185+
}
186+
187+
Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);
188+
151189
break;
152190
case EfiTlsSessionID:
153191
if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {

0 commit comments

Comments
 (0)