[edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow.

Siyuan, Fu siyuan.fu at intel.com
Tue Mar 31 11:53:39 UTC 2020 

Reviewed-by: Siyuan Fu <siyuan.fu at intel.com>

> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Laszlo
> Ersek
> Sent: 2020年3月25日 19:34
> To: Ni, Ray <ray.ni at intel.com>; Gao, Zhichao <zhichao.gao at intel.com>
> Cc: devel at edk2.groups.io; maciej.rabeda at linux.intel.com
> Subject: Re: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive
> flow.
> 
> Ray, Zhichao,
> 
> On 02/27/20 12:02, Maciej Rabeda wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2032
> >
> > 'ping' command's receive flow utilizes a single Rx token which it
> > attempts to reuse before recycling the previously received packet.
> > This causes a situation where under ICMP traffic,
> > Ping6OnEchoReplyReceived() function will receive an already
> > recycled packet with EFI_SUCCESS token status and finally
> > dereference invalid pointers from RxData structure.
> >
> > Cc: Ray Ni <ray.ni at intel.com>
> > Cc: Zhichao Gao <zhichao.gao at intel.com>
> > Signed-off-by: Maciej Rabeda <maciej.rabeda at linux.intel.com>
> > ---
> >  ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c | 9 +++++----
> >  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> can you please review this ShellPkg patch? It's been on the list for
> almost a month now.
> 
> Thanks
> Laszlo
> 
> > diff --git a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> > index 23567fa2c1bb..a3fa32515192 100644
> > --- a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> > +++ b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c
> > @@ -614,6 +614,11 @@ Ping6OnEchoReplyReceived (
> >
> >  ON_EXIT:
> >
> > +  //
> > +  // Recycle the packet before reusing RxToken
> > +  //
> > +  gBS->SignalEvent (Private->IpChoice ==
> PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private-
> >RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private-
> >RxToken.Packet.RxData)->RecycleSignal);
> > +
> >    if (Private->RxCount < Private->SendNum) {
> >      //
> >      // Continue to receive icmp echo reply packets.
> > @@ -632,10 +637,6 @@ ON_EXIT:
> >      //
> >      Private->Status = EFI_SUCCESS;
> >    }
> > -  //
> > -  // Singal to recycle the each rxdata here, not at the end of process.
> > -  //
> > -  gBS->SignalEvent (Private->IpChoice ==
> PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private-
> >RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private-
> >RxToken.Packet.RxData)->RecycleSignal);
> >  }
> >
> >  /**
> >
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56765): https://edk2.groups.io/g/devel/message/56765
Mute This Topic: https://groups.io/mt/71584586/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list